Freedom of information underlies democracy - Populism challenges data protection norms

The EU Data Protection Regulation’s application to all of us in May next year is fast approaching. That is why we have devoted front-page stories to the increasing status of Data Protection Officers, and report from a PL&B Roundtable on the practical steps we need to take to prepare for accountability. Where relevant, we give you practical checklists and action points (pp. 3-4, 7-8, 10-11, 14-15, 18).

One of the fundamental differences between the 1995 EU Data Protection Directive and the 2016 EU Data Protection Regulation is that administrative notification to the national Data Protection Authority is being replaced by the requirement to demonstrate that you have an appropriate programme in place. You will need to show the regulator that your organisation is able to fulfil your legal duties, and enable individuals to exercise their increased rights (p.1).

I published our first international newsletter in February 1987. I decided to launch the Privacy Laws & Business United Kingdom Report in December 2000, the same year that the UK’s Freedom of Information Act (FoIA) was adopted, so we could cover both this law and the Data Protection Act 1998, and their impact on company operations. While we give most space to data protection issues, we continue to monitor and report on the most significant freedom of information developments.

Freedom of Information Act getting closer to applying to companies

On 8 December, I attended Freedom of Information at 250 to celebrate the 250th Anniversary of Sweden’s and Finland’s Freedom of the Press Act. The event provided a wake-up call to companies in the UK that the Freedom of Information Act is likely, in the future, to apply to them when performing tasks outsourced from public bodies.

Elizabeth Denham, Information Commissioner, told the audience that she will this year provide evidence to Parliament to support her case for extending the FoIA to companies when they provide services to the public sector (p.20). The Campaign for Freedom of Information’s founder, Des Wilson, and chief advocate over the last 30 years, Maurice Frankel, informed us of the rationale for the law and explained challenges to the law from several directions. Frankel drew our attention to the impact on the FoIA in the UK of a Hungarian case decided by the European Court of Human Rights in Strasbourg (pp. 20-22). He noted that the current government’s commission on the working of the law recommended leaving the FoIA largely intact.

Freedom of Information in Sweden and Finland, a foundation for our democratic societies

Why am I drawing this event to your attention? In a world where western democratic norms are under challenge in some countries, freedom of information laws, which now exist in 107 countries, provide a strong counterweight to secretive central and local government which can lead to inefficiency, and obscure the sources of power and influence.

At this event, Finland’s Ambassador, Ms Päivi Luostarinen and Sweden’s Ambassador, Mr Torbjörn Sohlström (they were one country in 1766) explained their national perspectives by declaring “the legacy of 1766 is fundamentally important for both countries. We firmly believe that this law provided the foundation that profoundly shaped our nations and contributed to the ways in which liberal values, open government and rule of law took root in the rest of the world.”

“For our countries this law has fundamental importance. Upholding the legacy of the 1766 law has been a cornerstone of Finland’s national survival in the Nordic democratic tradition. When measured against the international rankings of almost any sort, it is clear that this was the right choice…The legacy of 1766 has been freedom of the press, access to information and open government which is an important ingredient of the relative success of our countries. It is not an accident that some of our institutions are the oldest in the world, they have survived and they are strong; levels of corruption in Sweden and Finland are among the lowest in the world; and overall public trust in the institution of government is comparatively high. The road to our relative success started in 1766.”

While on the subject of democracy, on Wednesday this week I am moderating a panel titled Populist Politics and the Prospects for Privacy at the Computers, Privacy and Data Protection (CPDP) Conference in Brussels. The consensus among the leaders of most political parties supported the UK staying in the EU. But the referendum majority in favour of Brexit may be regarded as a populist reaction against this consensus. Panel members include speakers from Hungary, Poland, Greece and the USA. These countries’ experience of populism provides the context but the panel has agreed to review populism and privacy not from our national perspectives but from human rights, business, and regulatory perspectives.

The 2017 Data Protection Top 10

As PL&B approaches its 30th Anniversary in February, we continue to report on both data protection and freedom of information. Just like the Data Protection Act, the FoIA provides companies with opportunities as well as challenges. To help celebrate our 30th Anniversary, we are joining the law firm, Bristows, in London for a free event on the evening of 22 February to announce The 2017 Top 10.

We are organising several events this year, a third Help! Roundtable, hosted by Google, on 23 March; a retail conference on 4 May, hosted by law firm, DWF; and Promoting Privacy with Innovation, PL&B’s 30th Annual International Conference 3-5 July at St. John’s College, Cambridge.


Stewart Dresner, Publisher


UK Report 89

Lead story:

GDPR – a useful tool and status changer for DPOs

Beverley Flynn reports on the changing status of Data Protection Officers under the EU General Data Protection Regulation.

Contents also include:

  • Comment: Guidance emerges on GDPR but not on Brexit
  • UK government keen to apply ‘GDPR flexibilities’
  • Minister responds to PL&B on GDPR
  • Investigatory Powers Act brings wide-ranging spying powers
  • Privacy breach damages: High Court provides some insight
  • If a hard Brexit takes place what happens to overseas transfers?
  • Is your Internet of Things device The Weakest Link?
  • PL&B Events Diary
  • Lessons from the Dutch data security breach regime
  • Information Commissioner demands FOI extension
  • FOIA under constant threat
  • Online FOI tool for Scotland
  • EU proposes e-Privacy Regulation
  • Denham reduces charities’ fines
  • ICO updates its GDPR guidance
  • CJEU rules on UK data retention
  • Consultation starts on drones
  • Link data protection with cyber security, review says
  • ICO takes over TPS
  • DMA demands jail terms for nuisance callers