Data protection is alive and well in Europe, and it is developing nicely elsewhere around the world. That was the main message from the 23rd International Conference of the Data Protection Commissioners. The meeting took place in late September at the Sorbonne in Paris.
Michel Gentot, president of the Commission Nationale de l'Information et des Libertes, opened the conference and set an important subtheme by discussing the events of Sept. 11. He said he considered canceling the conference but decided that it had to proceed. Gentot presented an incredibly well-selected and moving section of Walt Whitman's “Leaves of Grass” that addressed, almost eerily, the tragic events in New York City.
Gentot concluded his opening speech by saying that the present circumstances required everyone to be more vigilant and to never abandon the search for an equilibrium. With that, the conference began.
Current events and their consequences were neither ignored nor forgotten, but the conference proceeded as normally as possible and with few distractions. Nearly every panel included comments about the attacks on the United States. The outpouring of concern and sympathy was universal, but data protection remained in the foreground.
Despite the absence of many Americans who stayed away because of concerns about terrorism or travel problems, the conference was well-attended. The French hosts made a special effort to include representatives of Third World countries, including Burkina Faso, Senegal and Mali.
The conference was also well-attended by important French politicians. President Jacques Chirac was scheduled to make an address by teleconference, but last-minute international events prevented his appearance. French Prime Minister Lionel Jospin made the conference's closing address in person. Jospin's speech and Chirac's prepared remarks offered positive comments about data protection and balanced them carefully against security and other considerations. They were good political speeches that came down on all sides of the issues.
Other high-ranking French officials were also involved. Receptions were held at the National Assembly, with the Assembly chairman present, and at Paris City Hall, with the mayor present. The powers in France either think data protection is important or the French data protection agency has good political connections, or both.
The only U.S. government official to speak was Federal Trade Commission member Mozelle Thompson. He is a Democrat, so he was not even able to represent his own agency with credibility. His speech offered nothing new and sounded as if it had been written by the U.S. Chamber of Commerce. That is either a good thing or a bad thing, depending on your perspective.
The conference was, in the end, just a conference. It had the usual mix of plenary sessions and panels covering new and familiar ground. Technology was a major theme at many sessions. Subjects included the Icelandic genetic database, face-recognition technology in Britain, other biometric technologies, wireless technology and location techniques, cybersurveillance, electronic democracy- and privacy-enhancing technologies.
There were only occasional mentions of marketing. Gentot discussed the growth of the market for personal data and the need for data protection to enlarge its perimeter to keep pace with the worldwide market for data. A speaker from a Canadian company, My Virtual Model, offering a marketing technology, described how Internet clothing retailers were using the service to let customers provide detailed measurements so they could see how clothes would look on them.
Another session dealt with personalization of services, but I missed it as my own presentation was at a parallel session on electronic democracy. I spoke about how public records are used in the United States, and parts of my paper described marketing uses of public record data.
Nothing that happened at the conference qualifies as hot news. John Mogg, the director general of the Interior Market Directorate of the European Commission – that's the one responsible for data protection – said there was a study of “safe harbor” compliance under way, with results due soon. He also said, more predictably, that data protection was not an obstacle to the fight against terrorism because of broad exceptions for law enforcement and national security.
It is hard to identify a particular highlight. One of the better speeches came from Alejandra Gils Carbo, from the attorney general's office in Argentina. Four Latin American states passed data protection legislation in the past four years. She said the Argentinean law followed the guidelines set out by the European Union data protection directive.
Carbo said the privacy movement in Latin America goes under the name habeas data, a concept similar to the more familiar habeas corpus, except that it pertains to the right to have access to data. The habeas data movement began in Brazil, where the 1988 constitution allows individuals to petition the courts for the right to see and correct government records about themselves. Other Latin American countries have adopted and expanded the concept. In Argentina, habeas data extends to private records as well.
The developments in Latin America underscore the continuing European world leadership on the data protection movement. Other countries are following the European Union lead, and the habeas data movement suggests that some are extending it in interesting and compatible ways.
The United States appears to have abandoned the data protection field and is becoming increasingly isolated internationally. That cannot be good in the long run.