FOIMan reports back on the University of Winchester Centre for Information Rights’ recent conference on Trust, Risk, Information & the Law.
Winchester University’s Centre for Information Rights is a relatively new player on the information rights scene. Launched just a couple of years ago, it has quickly established itself as an important host to academic debate on this aspect of the law. (And I will be lecturing on their new LLM in Intellectual Property & Information Rights from this Autumn). After a few successful evening seminars, this was the first attempt at a full-day conference organised by the Centre and its Director, Marion Oswald.
What was most impressive about the event, held last Tuesday, 29 April, was its breadth of scope. At its core it was focussed on information sharing about children and the vulnerable (a topic that I’ve noted recurring at Winchester’s events, and rarely out of the news), but it also took on philosophy, international espionage and the world of fashion. If I have a criticism, it is probably that there were so many options in the break out strands (with several speakers in each) that it was difficult to choose sessions without fear of missing out on something interesting.
The day opened with a keynote from Matthew Reed of The Children’s Society highlighting the importance of information to this charity in helping young people. Whilst rather high-level (as is often the case when Chief Executives are asked to speak on a subject) it was difficult to doubt Mr Reed’s passion and commitment. And it reminded delegates that at the heart of any discussion of information law is people, and particularly in this case, the vulnerable.
In the first break out session that followed, and spoilt for choice as indicated, I ended up plumping for “Surveillance, encryption, state secrets and fashion!”. Our first speaker, Dr Cousido Gonzalez, was sceptical of Spain’s new Law on Transparency – talk of too many restrictions sounded familiar, but in truth it did sound as though our own FOI law compared extremely favourably. Dr Gonzalez cited the introduction of amendments even before the law has taken effect in support of her fears. This was followed by Lawrence Serewicz, a familiar face in FOI and data protection circles. Lawrence explored the rival philosophies on the State of Hobbes and Spinoza, ultimately asking if far from protecting us and our privacy, encryption tools prevent the State from protecting us effectively. Not surprisingly, such a view was not popular, but it nonetheless prompted stimulating debate. But what about fashion, I hear you ask. Well, this was a presentation made jointly by students of the London College of Fashion (University of the Arts London), with Winchester’s own fashion and law students. It highlighted the fact that as we move in the direction of ‘wearable technology’ such as Google Glass and smart watches (and even a walking stick with GPS), there are major privacy implications. The students made much of the inability of data protection law to keep up with the pace of this technology, and suggested that instead fashion and consumers themselves could provide the answers. So we were shown, as an example, a hoodie that has been designed with material that shields body heat from detection by airborne drones. It was a fun session, but clearly the points raised are important ones.
The afternoon sessions – both plenary and breakouts – took me closer to the borders of my ignorance with two presentations referring to probability fallacies. The first, from Professor Norman Fenton, looked at the alarming regularity with which probabilities of certain events are incorrectly reported, or worse, given as evidence in court cases. Apparently Lord Justice Leveson has admitted that he doesn’t understand this concept, and I fear that many of us in the audience will continue to join him. What this means for our justice system is unclear. Later in the afternoon mathematical formulas made a reappearance in a study by Jack Manhire, an executive in the US Treasury (at pains to say attending in his own right), who had analysed the UK Information Commissioner’s Monetary Penalty Notices. He was attempting to see whether the ICO gave incentive to organisations to self-report data breaches. He concluded that at present this was not the case, and the ICO should consider changing its approach to provide an incentive to self-reporting. Whilst interesting, I couldn’t help wondering (with tongue slightly in cheek at this stage) if it wouldn’t have been easier to ask Iain Bourne of the ICO, who happened to be in the room, what the ICO’s policy on monetary penalties actually is. But perhaps the suggestion will be useful to the ICO – though it’s hard to think that it hasn’t already struck them. Dr Orla Lynskey, a lecturer from LSE, then outlined the evolution of the EU’s draft Data Protection Regulation and in particular she suggested, a gradual move towards a more risk-based approach (something which I heard the former Information Commissioner, Richard Thomas, advocate at 11KBW’s first Information Law Conference last year).
The day concluded with a panel session on “[De]-anonymisation & Technology”. With care.data and HMRC proposals still causing heated debate, there was plenty to talk about. One question which is central to these debates is whether it is even possible to anonymise data successfully in the ‘big data’ era. Dr Mark Elliott of Manchester University stated that “it is possible to anonymise data, but it is a complex operation”. There was agreement on the Panel that media reporting hasn’t helped – exaggerating risks, reporting data as identifiable when it really isn’t. Dr Kieron O’Hara (Southampton University) plugged Paul Bernal’s entertaining Downfall parody on care.data but spoke eloquently about the difficulties with anonymisation – asking if the decision as to whether data has been sufficiently anonymised should be made based on a bunch of students in a well-equipped computer laboratory with nothing better to do, or on the ability of the man in the street. He was sceptical though of both the HMRC proposals and of care.data, musing on the latter that it appeared we would continue to be consulted until we agree! The consensus on the panel (and there was no real disagreement on any point, perhaps disappointingly) was that compliance with the law was one thing – it was also necessary for organisations to retain public confidence.
A fascinating conference exploring a smorgasbord of topics from an unusual range of perspectives. It would be great to see it repeated next year.