The MD of UK defence contractor Detica, Martin Sutherland, is quoted in this Register article as saying that the UK privacy debate is ‘immature’. (Thanks, by the way, to @privacyint for the pointer to the article).
The argument – at least, as it comes across in the article – is roughly this: the pace of technological advance means that huge amounts of data can and will be collected about you… so there’s no point bleating on about data collection: the debate needs to move on to more productive topics, such as controlling what’s done with the stored data.
With respect, I think Mr Sutherland’s got it the wrong way round. If the current state of affairs is that lots of data about lots of people is collected by default but not well managed thereafter, then fair enough, one step towards maturity would be where lots of data about lots of people is collected by default but is well managed thereafter… but a more mature approach still would be to pre-empt the indiscriminate collection of lots of data by default in the first place.
I agree with him from a technology perspective, but not from a privacy one.
From a commercial perspective, of course, I can see where he’s coming from. The article goes on to explain how Detica’s data mining and pattern detection products improve the accuracy with which data can be processed and interpreted, and fair play to them – I’ve seen some of the examples, and it’s impressive stuff. But it’s only tangentially to do with the UK privacy debate.
What about the policy perspective? Well, this is where I think the article is potentially quite damaging. I have no doubt that Detica’s “confidential accounts” use these tools diligently and with great care as to data security, access control and so on. After all, that’s what the intelligence services are supposed to be good at. But what about those other organisations who, through departmental dysfunction, crippling bureaucracy, inadequate governance, insufficient resources, poor training or even indifference, do not or cannot do as good a job of managing the data they collect?
For these organisations (and, more important, the citizens and consumers they interact with), the message that ‘data collection is going to happen anyway, so take that as read and focus your efforts on data management and access control’ is not one which moves the privacy debate any closer to maturity.
It’s unfortunate, then, that that message appears to be coming from the head of a contractor in whom policy-makers and government departments (albeit rightly) place so much faith.