A text transcription follows.
This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew Magee.
Hello and welcome back to OUT LAW Radio, where we hope to keep you up to date with the latest news and the most fascinating features from the world of technology law.
My name is Matthew Magee, and in the week when the successor to Information Commissioner Richard Thomas is announced we assess Thomas's track record after seven years as the UK's privacy watchdog.
But first, the news:
Advertisers collaborate on privacy principles
and
NASA hacker makes new plea for UK trial.
Advertisers and agencies in the US have promised to create a code of practice to allay fears about increasingly intrusive forms of online advertising. Four major advertising trade associations said that they will work together on self regulation.
Behavioural advertising is that which responds to someone's online activities, as measured by monitoring systems. Privacy activists have raised concerns about increasingly sophisticated monitoring of users' activities, some of which monitor all activity at the ISP level, rather than at an individual web page level.
US consumer regulator the Federal Trade Commission published the results of an investigation into behavioural advertising a year ago. It said that it did not think that government regulation was necessary yet, but that the industry should self regulate.
The group of advertising industry associations has said it will base its principles on those identified by the FTC.
NASA hacker Gary McKinnon has renewed his appeal to be tried in the UK and not extradited to the US. McKinnon's lawyer has sent a letter to the Director of Public Prosecutions (DPP) in which McKinnon admits to carrying out the hacks.
McKinnon's legal team hopes that if he can be charged and tried in the UK he might be spared extradition to the US, where he was threatened with up to 70 years in jail.
McKinnon's lawyer Karen Todner of Kaim Todner told OUT LAW that the documents sent to the DPP included a medical report diagnosing McKinnon as having Asperger's Syndrome. It was hoped that this diagnosis would result in the authorities taking a different view of the case.
'"What has changed is that he has made a signed confession, a statement of exactly what he did, and this has been sent to the DPP," she said. "There is also the diagnosis of Asperger's Syndrome, so it might be looked on more favourably in terms of the way they treat him."
That was this week's OUT-LAW News.
Back in 2002 'data protection act' was a dirty phrase, a byword for bureaucratic box tickery, and freedom of information legislation was still three years away from being fully implemented.
2002 was also the year that Richard Thomas became Information Commissioner, responsible for the data protection and freedom of information acts.
He will stand down later this year, and this week his successor was chosen by the Ministry of Justice. Though he must be approved by a parliamentary committee, Advertising Standards Authority Director General Christopher Graham is almost certain to be the next commissioner.
Thomas has produced a report reviewing his seven years in charge of two increasingly controversial laws, so we thought we would have a look back, too, at seven years in which the laws surrounding information, and our attitudes to them, have been utterly transformed.
Something else happened in 2002. The Chief Constable of Humberside publicly blamed data protection laws for the failure to arrest Ian Huntley, the man who killed two girls in Soham.
Rosemary Jay is a privacy and information law expert at Pinsent Masons, the law firm behind OUT LAW. She says that this was part of a bumpy start for Thomas, but that he learned a lesson when dealing with it.
Rosemary Jay: Richard Thomas really has risen to the challenge. If you look back to the incident in, was it 2002 - the Soham press coverage – at that point, in fact Richard decided that he was not going to comment and for a period over that time nobody from his office was available to comment. Now I think he – if you contrast that to the public profile of the office now the way that they get out into the press, the way that they really sort of ride the tsunami of interest in privacy breaches and data issues and the positive messages that they get across, there is just a massive, a massive change.
Back in 2002 the Data Protection Act was seen as an excuse for bureaucracies to keep secrets, when they claimed that the release of information would breach that law.
Then in November 2007 something happened that would change that perception completely. HM Revenue and Customs lost the personal details, including banking information, of everyone who had signed up to collect child benefit. Suddenly, identity theft was a very real threat to 25 million people.
All of a sudden the Information Commissioner's office had a very real example of the consequences of poor data protection. It called for stronger powers, the right to enter businesses for unannounced data protection checks, and the ability to take more direct action.
Jay said that Thomas's skill was in using that and other breaches to keep the issue near the top of the news and political agenda.
Rosemary Jay: I think what he has done is push them into regulating themselves. The publicity has also done that. So I think he has recognised that the forces that move organisations to adopt change, to tighten their processes are not simply the sticks from the regulator. They are public profile, they are trust and he has used all of those tools and done it very effectively.
If winning respect for data protection laws was a challenge for Thomas, getting public bodies to spill their secrets as ordered in the Freedom of Information Act must have seemed an impossible task.
In the report delivered to Parliament this week, Thomas himself recognised the scale of the job that had lain before him.
He said: "Some had forecast that, despite a presumption of disclosure, a law with numerous exemptions was bound to be a complete damp squib. Others were confident that the government would shred all significant records."
Now FOI requests are a mainstay of journalism, activism and even political life. Jay said that Thomas and his office can claim some of the credit for the way that public officials have embraced the law.
Rosemary Jay: Credit for dealing with freedom of information and to introducing it I think is owed right across the board of the public sector a great deal obviously to Richard's office and to the work that his team has done. There are some pockets where people have been unhappy and interestingly it reflects the experience in other countries that have introduced FOI that the reluctance tends to be sort of higher up the hierarchy. Politicians are very sensitive but of course politicians tend to be subject to a lot of media scrutiny and one can understand that, but overall I think, Richard is right to say that FOI has been successfully introduced and it is a real achievement both of this government and of the ICO and the public sector generally.
If there was a blot on the Commissioner's landscape, it was to do with bureaucracy of his own. As FOI requests flooded in a large backlog soon built up. Even now, says Thomas, his office can close only slightly more cases than it receives in a given year.
Jay said that running such an office is difficult, and that appeals can be draining of its resources.
Rosemary Jay: They have found it challenging. I think that one of the issues was that FOI complaints and assessments ended up being a lot more complicated than was first thought and it is difficult to know when you have got a new piece of legislation. Do you make fairly swift decisions on a relatively high level and then accept that quite a lot of them will go to appeal or people will disagree or do you do a very detailed assessment and analysis on the grounds that when you do that you are less likely to get appeals or people disagreeing? They still have got backlogs but their handling seems to have settled down.
Thomas has consistently called for more resources for his office, and told Parliament last week that he may even face a budget cut in its FOI related funding.
The other thing Thomas has called for is an increase in his powers to enforce the Data Protection Act. He wants to be able to inspect businesses and take direct action against those which don't protect data well enough.
Jay said that all regulators are now looking for more powers, and that it is not necessarily as good an idea as it first sounds.
Rosemary Jay: I think this is part of a bigger regulatory context. I mean one of the things that has happened over the last decade also has been a massive escalation both in the number of regulators and in the power of regulators. If one regulator gets the power to impose stringent fines other regulators look round and say, well that regulator has got it, I want it as well. So you do get this kind of arms race between regulators. I am not personally convinced that it is the best way to go. They are very strong powers. If you think about powers of Magistrates' Courts when you commit a criminal offence, they can usually just fine you. They certainly cannot take your livelihood away and your fines are fairly limited. There is the growth of regulation on business and that is a burden on business and as each of the regulators get more powers you know the threat to businesses and the pressures on them do increase.
It wasn't Richard Thomas who made data protection such a hot topic in an era of ever expanding government and private databases, and it wasn't he who personally convinced public sector officials to take a reasonable and open approach to many FOI requests.
But he played his part through pragmatism and an understanding of the power of public opinion to sway decision makers, said Jay.
For his successor, other problems await.
Rosemary Jay: The long term challenges must be how, as a society, we deal with the move towards larger and larger data collections, databases and data sets. I don't think that really we yet have got a satisfactory way forward on this and that is not just confined to the UK. It is a European wide dilemma. There must be better ways forward and Richard has started work in this area looking at privacy by design, looking at privacy enhancing technologies and forging that as a partnership I think is going to be the way, the real challenge for the new Regulator.
That's all we have time for this week, thanks for listening.
Why not get in touch with OUT-LAW Radio? Have you heard of technology law story? We would love to hear from you on radio@out-law.com. Make sure you tune in next week; but for now, goodbye.