Friday, August 29, 2008

Relax: the Faroe Islands have adequate data protection

Lots of people in Europe are trying to figure out how to reduce bureaucracy and red tape.  Let's face it:  we Europeans face some of the highest tax burdens in the world, with some of the highest numbers of public servants as a percentage of the general population anywhere on the planet.  So, let me pick a little example, to make a point. 
 
In this Internet age, when data flows around the planet at the click of a mouse, everyone agrees we need to be talking about global privacy standards.  Data doesn't start and stop at national borders when it travels on the Information Super-highway.  So, all the time and effort that has been spent in recent years, trying to segregate the world's countries into "adequate" and "not adequate" regimes in terms of data protection, has become largely obsolete and pointless.  Data doesn't stop, take a look around, and wait to find out if the European Commission has categorized a country as having "adequate" data protection.   The whole process is becoming a bit tired and irrelevant.  Last year, the European privacy regulators adopted an opinion, concluding that Jersey and the Faroe Islands have "adequate" data protection. 
 
Indeed, Jersey and the Faroe Islands.  I haven't been to either.  I'm sure they're lovely places.  I think they do fishing in the Faroe Islands.  As for Jersey, I have some sense of the kind of data that goes to places that are known as international tax havens.  International tax havens as a rule have "privacy" laws, and it's pretty obvious why.  I'm perfectly prepared to accept that these islands have solid data protection laws.  But why aren't we talking about more important topics, like Japan, for example, to name a country that is widely viewed as having very strong data protection practices, even if they're different than Europe's?  
 
Let's face it.  This process, reviewing a country's data protection regime, to ensure that it exactly mirrors Europe's, before awarding it a bureaucratic seal of approval, is a process that is out-of-date.  It doesn't reflect the realities in the world:  under current opinions, Argentina, Romania and Bulgaria are "adequate", but Japan is not!  Does anyone in the real world believe that personal data is better protected in Argentina, Romania or Bulgaria than in Japan?  And if our taxpayer-paid government leaders are spending their time writing opinions about the adequacy of data protection in the Faroe Islands, it's fair to ask whether our taxes are being wisely spent.