Dr David Flaherty, Privacy Advocate, Professor and Data Protection Commissioner
David Flaherty, who personified 50 years of data protection law and practice, died last week.
His research with his mentor, Dr Alan Westin(1) at Columbia University, New York, put him at the centre of academic research on privacy in the 1960s and subsequent decades. When I met him at the Data Protection Commissioners’ Annual Conference in Quebec on 22 September 1987, the event was literally around a table. Flaherty, as Canada’s foremost privacy scholar(2), gave the keynote address, The Protection of Privacy Life at the dawn of the 21st century. He made his mark by making some critical research-based comments about the CNIL’s functioning as a defender of people’s privacy to which the President at the time, Jacques Fauvet, gave a dramatic outraged response. He was the former Editor of Le Monde and was more accustomed to making criticisms of government bodies than receiving them. Flaherty took the response in his stride not at all bothered that he had caused a stir which led to a discussion of the proper role of DPAs and in time leading to value-added empirical research by Professors Colin J. Bennett and Charles D. Raab(3). Subsequently, privacy commissioners around the world benefited from, and appreciated, this ground breaking work, helping guide them for a role for which there was no standard model.
He could have continued his academic and consultancy career but in 1993 took on the role of the first Information and Privacy Commissioner for British Columbia (BC), Canada(4). He relished this role, showing us on the wall of his office his certificate of appointment from Queen Elizabeth II. He wrote hundreds of decisions putting into practice the principles and policies for which he had been such an eloquent advocate. He invited my wife and I to participate in BC’s first international conference to which he invited as speakers his mentor Alan Westin and several fellow privacy commissioners. Subsequent BC Commissioners, Elizabeth Denham and Michael McEvoy have continued this international role leading Canada’s outreach to Asian privacy commissioners.
In 2012, I invited Flaherty to give an introductory statement to Privacy Laws & Business’s 25th Anniversary International Conference in Cambridge. In his concise address, he selected some main themes as his Reflections on 50 years of data protection(5). He noted that there had been a history of privacy for the previous 50 years and it goes back further than that as a human right. There have always been limited resources for doing data protection and there has always been a conservative anti-regulatory ideology claiming that we don’t need all these rules and regulations. All these issues, he explained, had to be overcome with effort deployed for advocacy through the media, for privacy in the public sector, and eventually in the private sector. A fundamental problem of data protection globally is that there is no systematic US data protection regime with the kind of regulatory authorities that exist in every European country. In addition, he said, there was a continuing concern regarding health privacy breaches. These should be investigated and notified as efficiently as credit card data breaches.
When I sent him the link in mid-2022, he dryly responded “It is always a worry to listen to something that I said previously. In this case, I feel quite satisfied with what I said. Thanks for sharing.”
David Flaherty had wide-ranging interests which stretched to opera, financially supporting student scholarships, and Japanese art and garden design. David was always generous with his time and expertise, providing me with encouragement across the decades and in many countries for our work at Privacy Laws & Business. His sharp observations on the world of privacy and his wry sense of humour were always a joy.
Chief Executive, Privacy Laws & Business