Lex Ferenda

Karen McCullagh, former solicitor in Belfast (she escaped) and PhD student at the University of Manchester, spoke about private and sensitive data within the UK and the European Union. It’s a political (as opposed to thesis) interest of mine (1 | 2), and a core concern for Digital Rights Ireland.

Karen started off with showing the great ACLU private data animation, Pizza Palace (haven’t seen it in a while, but I want to use it in a class some day. Well done Karen - who even integrated it perfectly into the content of the presentation without even blinking at a strange computer setup). She gave a quick history and introduction to private and sensitive data in Europe, and told us about her project.

The project is a very ambitious one, including interviews, a large-scale telephone survey (conducted by the information commissioner, but with a lot of analysis by Karen), surveys of bloggers…and a lot of legal and statistical analysis and reflection added to the pot. It was interesting to hear Karen’s depiction of the tensions between her background (having studied law) and her current location (in a social statistics department).

Issues raised in the presentation and questions included:

• the difference between ‘protected’ sensitive data and ‘new’ categories (and the level of public concern of disclosure of the new categories, including biometric, clickstream, etc)
• the fact that 15% of the surveyed bloggers also kept a diary (and wondering how this compares to the full population’s diary-keeping habits
• how Karen dealt with the expert interviews and their concern for anonymity (with helpful suggestions from Helen of the OII
• the interesting way in which her snowball sample literally snowballed, with YouTubers making videos to encourage bloggers to do the survey

The final part of the presentation was a discussion of a proposed working definition of private data (moving away from categories of sensitive data). The definition, which I will reproduce when I get the full text, incorporates various elements and looks quite similar to an ECHR decision or indeed a convention provision (albeit more detailed) and is (at first glance) a better approach than the current EU directive. Some of the responses have indicated that there needs to be a presumption of privacy (i.e. not having private data as a subset of general data), and Karen has received a lot of voices expressing concern over national security exemptions. This is a complex legal issue but also a timely intervention in a politically crucial debate.