All posts by Roger Hartley

Bartleby, the Scrivener, by Herman Melville, published in 1856, is a short story set in the Wall Street office of a respectable but unnamed New York lawyer, who narrates the story. He is one of those “unambitious” lawyers who, “in the cool tranquillity of a snug retreat, do a snug business among rich men’s bonds and mortgages and title deeds”. He employs in his office scriveners, copyists of legal documents, the strangest of whom is Bartleby. Bartleby shows himself to be a reliable if odd employee and copyist. But after a time there are unexpected events. Bartleby creates an enclosed place for himself in his employer’s part of the office with a screen, behind which he withdraws. It becomes clear that he is living in the office, because he is always there. Most importantly, when asked to carry out tasks by his employer he responds each time by … Continue Reading ››
The Institute for Government – situated in London in the elegant surroundings of Carlton Gardens - has recently published a report on Government Information Technology programmes. The starting point is to recognise the (total) inadequacy of these programmes so far, and to develop a new approach. The report was made by top government insiders, and so can be seen as authoritative. I went to the launch the other week, which was packed out. I thought I might find some parallels between the lines on technology I have been pursuing in previous posts and the problems and solutions outlined in the report. The difficulties which project planners and government institutions have in managing the new technologies might be similar to those faced by regulators and law makers with data protection concerns, with the bonus that the technology issue would necessarily be addressed more directly by the former. The report can be found on … Continue Reading ››
In my previous post I suggested that Technology was viewed in the Directive as pure means, a perfectly controlled instrument. It is worth noting that the document published by the Commission outlining the responses to the Review of the Directive commits itself to this view (see the link on Clare Walker’s post). Actually what it says is that the Directive is neutral as to the technology (which could mean no preferences), but actually means, I think, that the technology is passive and reflective. But we know, even on the most obvious level, that this neutrality is questionable, given the history of large scale and disastrous IT programmes. I suppose you could say, in return, that in principle the technology can be made to reflect user requirements, it’s just difficult to make it happen. The solutions are provided by the technical expert. We also know that the new technologies are creating novel situations … Continue Reading ››
The 32nd International Conference of Data Protection and Privacy Commissioners met in Jerusalem in October, where the working theme was Privacy: Generations – the New Generations of Technologies, Users and Governance.  It’s a nice idea, Generations, if question begging, because after all the problem is the nature and degree of the changes and the transitions we are currently facing.  Another difficulty with the Generational approach is that the Directive has a rather different model of the relationship between users and technology – which it conceives of as master and servant. As Recital 2 puts it “ Whereas data-processing systems are designed to serve man..”.  The idea of the technology as a servant is more or less compatible with the idea of it being neutral, because the servant follows commands and doesn’t think. The Directive pictures the technology as an obedient neutral clerk, as pure means. This leaves the data controller and data subject … Continue Reading ››
Article 2(b) of Directive 95/46/EC determines that “processing of personal data (processing) shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means...”  The definition of processing is neutral as to the technology, because it is so basic – it is meant to define the scope of the Directive, rather than identify the specifics of the technology. Once the processing is in the framework, because it is “automatic”, the technology issue falls away. The UK DPA specifies equipment operating automatically in response to instructions for that purpose, envisaging a person issuing instructions to the equipment, while at the same time pursuing the purposes listed elsewhere in the Act. This is a MS-DOS picture of interacting with a computer, if you can remember that.  In which case, how, within the data protection framework, do you deal with problems arising from the new technologies?  One answer … Continue Reading ››
For some time before the election in May there was a convergence of quite varied interests on privacy issues, and this convergence now seems to have disappeared, or altered in a way not yet clear or visible. The public debate today is dominated by the budgetary question of the structural deficit and the cuts to public services that are required to remove or reduce the deficit. The Big Ticket privacy issues (ie the ID card and ContactPoint) were dealt with by the Coalition quite rapidly, but is that it, for the moment at least? The key connected debate is on the Smaller State and/or the Big Society. The relationship between them isn’t clear, but while the State might be on the retreat, that doesn’t mean it will be any less privacy invasive for those who still come within its ambit (most of us). There will still be plenty of reasons, for instance, … Continue Reading ››
The Encore Project, with which this blog is associated, has as its objective “to make giving consent as reliable and easy as turning on a tap...and revoking that consent as reliable and easy as turning it off again”. On the 29 June I went to the demonstration at the LSE by the project managers of an online interactive prototype that will allow data subjects to audit how their data (held by a DP) are being processed – to view the categories of data, to view how often and for what purpose the data are being processed - and to withdraw consent selectively if they want to.

It is excellent prototype. Based upon investigations of the needs of ordinary people and businesses, it provides transparency and a significant degree of control over the data, while being straightforward to use. Necessarily there is a pretty big technical architecture behind the facility. … Continue Reading ››