Albert Einstein once observed that “things should be as simple as possible, but not simpler”. There is no reason why legal practitioners should be exempt from this sound dictum and I am pleased to report that the authors of E-Privacy and Online Data Protection have resisted the temptation to over-complicate this area of the law.
A recent study of online business placed the
E-Privacy and Online Data Protection provides a good overview of the legal framework which regulates the handling of personal information in thee-business world. It contains a logically organised structure informing the reader about significant privacy case law before setting out the statutory framework in the
As data protection practitioners know, however, data protection issues are often so closely entwined with business processes unique to individual industry sectors and sometimes individual businesses that the first challenge to providing practical, commercial advice is to acquire a thorough understanding of the specific technical and commercial environment in which their advice will be implemented. This creates a conceptual problem for specialist texts such as this, which attempt to survey the field as it applies to e-business in general. How does one translate the general principles of the statutory framework into compelling practical illustrations relevant to electronic communications media in different industries.
There is not much case law to go on at present and that makes it all the more important to provide worked examples and to apply the law to hypothetical cases, in order to draw out the likely impact of the law, and here E-Privacy and Online Data Protection misses an opportunity. There was an opportunity to look at technical issues such as whether standards like P3P offer a full solution to privacy problems online (No, they don’t). Or to breathe life into commercial considerations, such as how to implement a privacy-compliant viral marketing campaign.
Yet E-Privacy and Online Data Protection is rather short on case studies and there are no flow diagrams to help us better to analyse relationships between real world players in these sectors. The text provides a useful overview of specialist e-business privacy issues but then stops short of exploring how to apply them to specific scenarios. By way of example, the glossary merely defines P3P (the industry standard which provides an automated method for users to gain greater control over the use of their personal data online) without a discussion of its merits in the text itself.
It is a small omission, but omissions such as this are slightly disappointing. The conclusion must be that E-Privacy and Online Data Protection sets out to satisfy a more basic need: the need to provide the reader with a starting point for what s/he needs to know about the legal background to the data protection issues of conducting business online, leaving room for a more sophisticated specialist text in this field. In this at least the book remains true to Einstein’s dictum and does not over-complicate the key issues nor oversimplify the legal position about which the CEO of Sun Microsystems, Scott McNealy, once quipped “We have no privacy [online] – get over it”.
Marc Dautlich is a Solicitor in the Media, Communications and Technology Department at Olswang.