Helping create and develop the international privacy community
1987 First PL&B Newsletter in February. The August issue included a directory of 14 national Data Protection Commissioners with their names, office addresses and telephone numbers.
1988 1st Annual Conference at the Mayfair Hotel, London. Speakers included Peter Hustinx, Legal Advisor on Public Law to the Netherlands Ministry of Justice and Chairman of the Council of Europe’s Committee of Experts on Data Protection
1989 2nd Annual Conference in Windsor
1990 3rd Annual Conference, Trinity Hall, Cambridge. 1st presentation by the European Commission on the Data Protection Draft Directive; and 1st Training Workshop held at the Royal Society of Chemistry, London
1991 4th Annual Conference, Jesus College, Cambridge. Demonstration of hyperlinks to documentary sources on privacy by Professor Graham Greenleaf.
1992 5th Annual Conference, St. Johns’ College, Cambridge. Debate at the Cambridge Union. Visit to the Office of the Data Protection Registrar and Workshop on Document Image Processing and the Data Protection Act with David Smith, then Assistant Registrar. Published table of 22 European data protection laws in cooperation with Christopher Millard now at Bristows
1993 6th Annual Conference, St. Catherine’s College, Oxford. Too modern! Demand to return to St. John’s College, Cambridge. Debate at the Oxford Union.
1994-2011 7th to 24th Annual International Conferences, St. Johns’ College, Cambridge
1997 1st PL&B website. 1st consulting project for the European Commission. Publication of chart of 26 European privacy laws in cooperation with Christopher Millard now at Bristows
1998 1st newsletter in new format. All newsletters published since July 1998 now available in pdf format. Continued series of four United Kingdom Compliance Guides on the Data Protection Bill 1998.
1999 Consulting Projects for the European Commission on the protection of individual privacy in the context of international data flows and the internet, and on assessing the adequacy of data protection law in many countries starting with Switzerland and later ranging from Canada and the USA to Latin America and New Zealand. Started work on the Data Protection Audit Guide for the United Kingdom’s Data Protection Registrar
2000 Launch of United Kingdom Newsletter (red) to cover both the Data Protection Act and the Freedom of Information Act. Until 2007, published 5 times a year together with the International Newsletter (blue) also published 5 times a year.
2001 First meeting of the European Privacy Officers Network (EPON), London
2003 First EPON meeting in continental Europe, in Madrid, Spain followed by other meetings in Cambridge and Rome at a meeting hosted by the Garante, Italy’s Data Protection Authority, at its office. Conference in London on Successful E-Marketing within the new E-Privacy Regulations. Conference in Dublin: Ireland’s New Data Protection Law: Practical Steps Towards Compliance
2004 EPON meetings in Cambridge and Prague with Data Protection Authorities from the Czech Republic, Hungary and Poland. Conferences, London: Subject Access and Employee Monitoring in Dispute Situations and Freedom of Information Act: None of Our Business?
2005 EPON meetings in France, Cambridge and Germany. Data Protection Commissioner Roundtable in Montreux, Switzerland on Argentina and Australia
2006 Workshop in Washington DC: Negotiating Successful Binding Corporate Rules Programs for International Transfers of Personal Data; Hot Privacy Issues for HR Managers in the European Union. EPON meetings in Ireland and in London on Greece, Portugal and Russia. Workshop: Canada's Unique Privacy Challenges:Employment, Outsourcing, Acquisitions, Federal-Provincial Jurisdiction
2007 EPON meetings in London, Sweden, Finland, Belgium and the Netherlands. Asia-Pacific Briefing in London.
2008 PL&B’s International and United Kingdom Newsletters from now each published six times a year. EPON meetings in London, Spain, Luxembourg, and Poland. Conference in Strasbourg, France: Scanning Data Protection Horizons in the Asia-Pacific Region: Assessing Risks and Protecting Your Reputation
2009 Publication of PL&B report by Stewart Dresner and Amy Norcup and conference in Edinburgh, Scotland: Data Breach Notification Laws in Europe: Data Protection Commissioners' Views and Recommendations from 21 European countries. EPON meetings in London, Switzerland and Italy. Conference in Spain: Employee surveillance in Europe: Balancing privacy rights and management control
2010 EPON meetings in London, Germany, Israel and Portugal
2011 Privacy Officers Network meetings in London, France, and Hungary. Asia-Pacific Conference in London. Publication of accompanying 86 page book and slides. Newsletters renamed Reports to reflect from the start, their longstanding reputation for in-depth content and analysis rather than on ephemeral news. Publication of compilation of International Report articles on collective (class) action cases in 13 countries. Launch of new website.
2012 PL&B’s 25th Anniversary. 25 year index available on PL&B website by country, subject and organisation covered. Publication of special International Report: Data Privacy Laws in 89 countries and counting. Privacy Officers Network meetings in London, Warsaw and Madrid
7 reflections on the history of data protection and privacy in the last 50 years
In his introduction to Privacy Laws & Business’s 25th Annual International Conference, Overcoming Privacy Hurdles, Dr David Flaherty, consultant and former Information and Privacy Commissioner, British Columbia, Canada, shared his reflections having worked in data protection and privacy starting in 1964. This is an edited version:
1. There is a history of privacy for the last 50 years and it goes back further than that as a human right.
2. There have been problems with the public sector. All these issues had to be overcome with effort on ongoing advocacy in the public sector, through the media and eventually in the private sector.
3. There have always been limited resources for doing data protection. There has always been a conservative anti-regulatory ideology that we don’t need all these rules and regulations. It is no big surprise that we are still having these kinds of difficulties.
4. A fundamental problem of DP globally is that there is no systematic United States data protection regime with the kind of regulatory authorities that exist in every European country. I admire the fact that the Federal Trade Commission is coming to its senses in doing a few things. But it is nothing compared with what the European Union has in place for systematically dealing with data protection problems. That means that there is always an anti-regulatory, self-regulatory regime that is being advanced by US interests, whatever else they say about wanting to comply with the European rules.
5. A current concern is health privacy breaches. I recently had a credit card problem. Visa quickly found the problem, voided my card and issued me with another one. We need that type of real time auditing with major systems of electronic health records so that privacy issues are stopped upfront before harms and class actions occur. If we can do it in banking, why can’t we do it with electronic health records? Despite good privacy training, and zero tolerance for health privacy breaches, people working in health care, knowing what the rules are, still look at patient records that they have no right to look at.
6. I published a book Protecting privacy in surveillance societies in 1989 before the Internet was firmly established. With Google and Facebook and others, the problem of surveillance societies is still with us. The plethora of surveillance cameras in the United Kingdom is symbolic of that kind of thing. Despite all of the goals of protecting privacy as a human right and the creation, enforcement and resourcing of data protection regimes in some 90 countries, we are now living post-9/11 in a national security state [see James Bamford’s article in Wired at http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/]
7. We have fought for what we have and we have to keep fighting to protect privacy as a human right.
David H. Flaherty, Ph.D. , David H. Flaherty Inc. , Privacy and Information Policy Consultants,
Victoria, British Columbia, V8P 1R1, Canada,
Tel +( 1) 250-595-8897, Fax 250-5958884, E-mail David@Flaherty.com