I'm delighted to see a new Chairman, Jacob Kohnstamm, assume the helm at the Working Party, which is the group of all of Europe's national Data Protection Authorities, created to try to achieve common approaches to privacy across Europe. Mr. Kohnstamm is a privacy leader whom I've known for years, and whom I greatly admire, even when we find ourselves on the opposite sides of the debate. I'm confident he'll provide new leadership and relevance at the Working Party. I also think it's healthy for European institutions to break away from alternating franco-german leadership, which has so dominated the Working Party over many years.
As a privacy professional, people sometimes ask me why I take the Working Party seriously, and why I would want to see it play a greater role in privacy matters in Europe? The answer is simple: with all its institutional flaws, any body that contributes to a more harmonized data protection across Europe is better than the alternative, with 27 different approaches and inconsistent cacophony. Since the Working Party is the best instrument we've got in Europe to try to do things in a coherent way, I think it's worth taking a moment to make suggestions about how it could work better. My comments are strictly focused on only one aspect of its role, namely, the extent to which it interacts with the private sector in a semi-regulatory context. My critiques are offered in a spirit of constructive feedback.
So, what are the key issues that deserve attention to make the Working Party work better in the future?
Public Transparency: the Working Party operates behind closed doors. It rarely involves outsiders in its deliberations. It almost never publishes draft opinions for external review, and rarely (if ever) opens its meetings to the public. As far as I know, it never publishes the range of consenting/dissenting views with its opinions, and it publishes little more than a summary agenda and adopted Opinions. I strongly believe that transparent government is good government, and the Working Party is simply not transparent today.
Accountability and Review: the Working Party's opinions are not "binding" and therefore have never, to my knowledge, been subject to judicial review. Sometimes Working Party opinions make sense, sometimes not. Sometimes they're insightful, sometimes they're gibberish. External, objective, academic, technical, maybe even judicial review, is much needed.
Technical expertise: The Working Party has many times embarked on issues which turn on Internet technical architecture. There is not enough technical expertise at the Working Party level, which is unsurprising, considering that the members generally come from political or administrative backgrounds. But to have well-informed discussion about Internet regulation, a foundation of technical knowledge must be in place, or must be provided from the outside.
Confidentiality: To deal with confidential business matters in a semi-regulatory context, any regulatory body needs to be able to respect business secrets submitted to it. Maintaining confidentiality has not been a strong point of the Working Party, given that its documents are routinely distributed amongst 27 countries. But leaks damage the ability of the Working Party to be effective.
Speed: In tech circles, things move fast. This is an innovation business, after all. But a discussion with the Working Party can often take years, with rather stilted exchanges of letters, each exchange punctuated by multi-month pauses. Surely, there must be a faster, less formalistic, way to collaborate.
All in all, these critiques are meant to be constructive. I think privacy would be well-served by a more realistic and collaborative dialogue between the Working Party and industry. The old Working Party made some progress, but there's room for more. I'm hopeful about the future.