The director of the Chair reflects on the work of the Data Protection Offcer in balancing the defence of privacy and the use of data in the service of the human being.
On the eve of returning to full normality with an on-site Convention by the Spanish Professional Activity Association, some doubts arise. Years ago, on the first years of the General Regulation of Data Protection (RGDP), some well-intentioned although wrong articles described the figure of the Officer as a kind of ‘whistleblower’ in the service of the data protection authorities. Certainly, there is a duty of vigilance that the Organic Law of Personal Data Protection and the guarantee of digital rights analyses, commanding the Data Protection Officer to notify the infractions that they might know to the responsible person.
What really troubles me from a long time ago is another matter. At first sight, one can appreciate that the fundamental right to data protection has been transformed into a central element in the contemporary juridical debate. There is no other way in the midst of a process of digital transformation and in the road to societies where the essential activities will be based on, aimed at or validated, from the analysis of the available data.
In my opinion, this relevance, together with the great risks that we have proven for our liberties, has turned privacy into the main subject. Hence, data protection officers and supervisory authorities are bound by a kind of moral and legal imperative to defend our private life to the utmost, which is considered an absolute value. The question is whether this conception does not pervert the instrumental nature of the fundamental right to data protection itself and its proper insertion in an integrating vision of our system of fundamental rights.
Firstly, we cannot obviate that the right to data protection is an individual right. By approaching its analysis from a prevalence-based bias, a radically individualistic view of society is being taken. Additionally, this has two concurrent effects: the reinterpretation of the whole legal system in terms of data protection and the subordination to this right of any other legal right.
On the other hand, this prevalence-based bias also corrupts the natural function of the data protection officer and the supervisory authorities. The RGDP is quite clear when it points that their function is to guarantee the free flow of data so that its accessibility and treatment is at human disposal. Thus, the standard's methodologies incorporate a set of checks and balances that ensure that this primary objective is met while guaranteeing the rights of individuals.
If the Data Protection Officer or the authorities were put in a position of absolute prevalence, one of their main characteristics would be perverted: their independence, transferring their supervisory and control function to a decision-making space. And this option entails a huge risk.
From a social and economical point of view, a prevalence-based bias of privacy operates as a barrier to research, innovation and entrepreneurship. From the point of view of guaranteeing rights, we run the risk of falling into the aforementioned radical individualism, which would reduce socially valuable common interests. And, more importantly, being incapable of finding governance models of the personal data that are capable of reconciling interests and solving conflicts.
And this defines us as professionals. Do we serve privacy or the understood Right as an integrated system of rules, principles and values? Our job is hugely simplified when we get caught by a preference-based bias.
The fundamental right to data protection is easy to understand and apply, and, from the bias, there is nothing to discuss. On the other hand, being a privacy champion is a very attractive and rewarding professional path. The challenge in this competition is qualitative by nature.
Professionals who opt for quality face the challenge of difficult cases each day and of finding functional solutions that allow their organisations to operate. Let us not forget that we protect people an this, sometimes, as strange as it may seem, requires treating personal data properly, instead of drastically banning.
RICARD MARTÍNEZ MARTÍNEZ, director of the Microsoft-Universitat de València chair for Privacy and Digital Transformation.
