You don't want to do anything in the way of European data protection. It's so complicated. It's so rule-bound. It's inspired by the European directive. It's very legalistic. It deals primarily with law rather than practice.
My interest is in policy. What happens in practice? In the privacy game, the motto is say what you do, as an organization, and then do what you say. Whether you're running an auto dealership, a drugstore, or Health Canada, say what you do with personal information, and then follow it up with compliance. I've written about these European countries. My knowledge is not as au courant as it was when I was writing books and when I published in 1989 my big book on the five countries. That's where I learned how to do it--by watching what they were doing.
I don't think there's much to be learned from the continental European countries. In my paper I talk a lot about the fact that the ultimate goal here is robust privacy protection and robust security so that we keep ourselves from living in surveillance societies. My book in 1989 was Protecting Privacy in Surveillance Societies. People thought I was writing about the Soviet Union, mainland China, or something like that. In fact, I was writing about Germany, France, Sweden, the United States, and Canada. Most of us believe that the United Kingdom, in particular, is the worst example in the English-speaking world of a surveillance society, where you're being watched all the time. Public health surveillance, cancer cohorts, and that kind of thing--those are examples of good surveillance. Then there's bad surveillance.
There was a lovely editorial yesterday in the National Post. It was called “A bad day for Big Brother”. Some student or researcher in the United Kingdom had stood up and said, you know, we have the most massive investment in surveillance cameras in the entire world. We're being watched all the time. Most of the time the cameras aren't working. They're no good in preventing crime. They're too grainy to actually see anything, and it bores the hell out of people to watch them. That's the kind of country I don't want to be in. I don't want to be watched all the time. I couldn't imagine why you'd have a surveillance camera on me. If you were videotaping, that would be fine, with my consent.
The ultimate goal is to keep from being watched all the time for bad things. If we're all suspected terrorists, I want to be watched until I'm blue in the face. If it's a law enforcement matter, we can balance the privacy rights of individuals and law enforcement and national security. I think the Privacy Commissioner knows a lot more about national security, in particular, than I do. It's not as if, you see, we privacy advocates want to trump law enforcement or dealing with child pornography or whatever the other evils of society are. We simply want to know in advance what the rules are going to be and how the personal information is going to be used.
I got along famously with the deputy chief of the Vancouver Police Department and with the Victoria police, as well. They had their job to do, and I watched what they were doing. When they had books of known prostitutes sitting around on open desks, I'd say, you know, do you really have to keep that where people can see it, or can you come to a slightly more sophisticated data gathering system? Any time anybody calls 911, how long are you going to keep that information?
Data retention and data destruction are good things. I have clients who have kept records for fifty years. They've never destroyed anything. Why?