Countdown to GDPR: Call for Contributions

April 11, 2017

 As the Article 29 Working Party formally adopts the guidelines on data portability, lead supervisory
authorities and Data Protection Officers
which were published in
December (with some clarifications, neatly summarised
here and
here)
and the ICO has gained my grudging respect (‘grudging’ because of them ignoring my request to interview the once-new Commissioner) with its guidance, the implementation date for the GDPR no longer looks like a distant prospect. This week the
ICO has moved forward again with its request for ‘feedback’ on its latest 
discussion
paper on profiling and automated decision-making
. Indeed, that is one of a
series of truly valuable discussion papers, introduced by
Jo Pedder,
Interim Head of Policy and Engagement
at the ICO (though I am not sure
if they are ‘owned’ by her) which are required reading. If you are interested
in DP but are not reading
Jo
Pedder’s blog posts
, you are missing out.

But not everything in the garden is rosy. The ICO, whatever
its faults, puts the Article 29 Working Party to shame when it comes to clarity
in communication – it is often hard to work out what they have done at each meeting. We are now but a year away from GDPR implementation and yet
there is no GDPR implementation legislation available in draft. The internal
contradictions which will apply post-Brexit (indeed, with or without Brexit) in
light of the UK’s intrusive policies on investigatory powers are being swept
under the carpet by the government spokespersons who claim that GDPR will be
implemented and that we will not have Safe Harbour/Privacy Shield style
problems. And, trumping all of those factors, is the unavoidable fact that
implementing GDPR is very complicated; I say ‘very’ only because the
appropriate reinforcing adverb is obscene.

And yet, the SCL website and the pages of the magazine have been
unusually quiet of late on GDPR. That is partly because I have been besieged
with articles saying, in effect, ‘businesses better get ready’, which is a
message that I assume our readers do not need to hear. But I have been offered
little new analysis since our splurge on the subject when the GDPR was finally
agreed.

My invitation to SCL readers is to add to the official
guidance with clear detailed critiques – rip the official guidance to shreds if
you feel that is necessary – and I am also seeking amplifying guidance for DP professionals and legal advisers
with a real DP interest. Use our pages and website for debate on the
outstanding issues too.

And get a move on. The clock is ticking.