ofthewedge

rooting around for grubs in diverse soils

Tag: privacy

Un omaggio

This reflection on the life of my boss, Giovanni Buttarelli, was originally posted on https://iapp.org/resources/article/memoriam-giovanni-buttarelli/ and has been repatriated here, a year to the day since he passed away.

I don’t have many photos of me and Giovanni. Just as well, because his svelte poise only threw into ever-starker relief the balding squatness of my advancing years. I found one, though, captured when with the assistance of my (surly) two year old, I had rushed a document for his signature before he went through the security gates at Brussels airport.

He was entitled to be confident, and not only because of his debonair demeanour. He had a global fan base, the extent of which we are only beginning to fathom, as the tributes come flooding in. But a more important endowment was his self-doubt. He concealed it expertly, but I believe it was what made him intensely sensitive to what other people thought and said, and what gave him his insatiable hunger always to do more and do better.

Thanks to him, our floor was suffused with the smell of proper coffee. “No coffee, no meeting,” he warned his personal assistant, arriving in the office one morning. On another occasion, she was scandalised when I said he had asked me for another tazzina. That would be his fifth of the morning, she said. No way. I will make him a decaffeinato.  

“We need to be more communicative,” was one of his refrains. But not too communicative: “We have to speak in an institutional language,” he would say if my drafts got too fruity. Overall, he wanted data protection to descend from its ivory tower, and demonstrate its relevance and value in the real world. He likened arid legal opinions to recitals of the Mysteries of the Rosary, which he would recall in monotone solemnity:

Nel primo mistero gaudioso ricordiamo l’annunciazione dell’Angelo a Maria Vergine…

Nel secondo mistero gaudioso ricordiamo la visita di Maria Santissima a Santa Elisabetta...

He worried about parochial jargon being a barrier for reaching out to non-specialists. Data protection was about showing respect for people. It was not an absolute right. It does not block technological progress or public safety or other things that society cares about; it’s essential for ensuring these things are done responsibly and sustainably. Take risks, don’t hide behind consent, but own those risks. Data protection lawyers, Giovanni would say, should not be like the Trappist monk from Non ci resta che piangere who appears from nowhere to harangue the unsuspecting Massimo Troisi with a reminder of his mortality: Ricordati che devi morire! Engage with the policy and be persuasive.

Giovanni’s priority as Supervisor was to be more ‘conversant with technology’. So in the first year of his mandate he went to Silicon Valley. He left convinced that the biggest challenge was not compliance with arcane data protection rules. Rather it was the assumption, across boardrooms, venture capitalists and garage start-ups, that the only way for digital services to be profitable was to track people, profile and target them. Giovanni began to pepper his talks and articles with the mantra of ‘the dominant business model’, before it became cool to do so. Only latterly did he have the chance to connect with fellow traveller Shoshana Zuboff when at the beginning of this year she came to Brussels to unveil her monumental exposé of “Surveillance Capitalism”. At his last public event, a high-powered powwow on privacy and competition that he co-hosted with the German Federal data protection commissioner, each of his fellow panellists echoed the phrase. Giovanni’s diagnosis was no longer eccentric and ‘out there’, it had become the new orthodoxy.

Giovanni was a policy entrepreneur. He spotted opportunities and threats on the horizon before others did. In 2015, with the data protection world absorbed with the GDPR negotiations and the judgments in Schrems and Google Spain, he pitched the concept of ‘digital ethics’. He argued that artificial intelligence and smart-this-that-and-everything challenged not so much privacy as the basic, universal and inviolable right to human dignity. He got the world talking about ethics and technology at the 2018 international conference of privacy commissioners. Now chatter about “ethics and AI” has become so commonplace it risks descending into banality.

Giovanni, following his predecessor Peter Hustinx, saw – again long before it became cool – that privacy in the age of digitisation was inseparable from market power and therefore competition enforcement. It was in his garage, setting off to deliver a speech to antitrust lawyers, that the idea of a ‘Digital Clearinghouse’ was hatched. It would bring together all willing enforcement agencies with responsibilities for digital markets. By July this year, he would share a platform with an outgoing Secretary General of the European Commission who called on multiple regulators to act as if they were single regulators, and predicted that the convergence between privacy and competition would be ‘a running theme’ for the next five years.

Giovanni was alone in 2017 in telling us that the novel obsession with ‘fake news’ pointed to an underlying, systemic data protection problem. Data protection was not just about the individual – it was a core safeguard for societal cohesion and democracy itself. It is now cool to say this. There is no greater compliment to the man than that he has others now reading from his playbook.

It was on such broad canvasses that Giovanni painted. But what most engaged him were the finer details of legal texts; he was a magistrate probing arguments, teasing out potential ramifications. Watching him in action from close quarters was a great privilege. He would not impose his views but lead you through legal quandaries to a satisfactory conclusion. For several brain-sapping weeks in early summer 2015, he convened marathon sessions with the EDPS’s best lawyers to pick over three competing versions of GDPR, by then into its fourth year of negotiations (the Commission’s original proposal, the European Parliament and Council amendments), along with the EDPS’s own extensive opinion from 2012. The result was a GDPR mobile app juxtaposing the different texts with the EDPS’s advice on how to resolve the discrepancies.

Privacy was his last profession and he practiced what he preached. He did not burden his closest colleagues with his personal affairs. And he never meddled with mine, except after I told him my wife was expecting again and he advised us to go buy ourselves a TV. There was no need for him to pry, because I know he cared.

The world was robbed of Giovanni too soon. His mind was awash with ideas. Recently he was finalising a ‘manifesto’* for the future of privacy. In one of his last messages to me, he said, to paraphrase, “This had better be the best document of all time. I want the whole world talking about it. Balls of steel.” Then, after a pause, “You too are playing with your future with this document. Get it wrong and you will end up in la merda.” In our final conversations, we spoke about the climate crisis and how technology instead of being part of the solution had instead become part of the problem with its carbon-emitting data-madness and reckless natural resource extraction. He had plans to visit China.

I wish I could remember more. I wish I had written down all his obscure Latin phrases and his tawdry Roman dialect expressions. But he has left us with plenty to be getting on with. So many words. Parole, parole. Some receding, others lingering, like ghosts at cockcrow.

Grazie, caro Consigliere.

* Giovanni Buttarelli’s manifesto, Privacy 2030: A New Vision for Europe, was published posthumously in November 2019.

‘Privacy 2030’, Giovanni Buttarelli’s ‘manifesto’

manifMy presentation of ‘Privacy 2030: A vision for Europe’ at IAPP Data Protection Congress, Brussels, 21 November 2019

What would Giovanni have said if he was still with us?

Well, first of all he would have noted that this event has coincided precisely with the
future-fictional setting of Bladerunner.

Now here we are, Brussels, 21 November 2019, and reports of imminent tech dystopia
are greatly exaggerated; at least in Belgium.

Shortly after Giovanni asked me to work for him, I would learn that there were three
moments in the now very congested privacy calendar where he would want to shake
things up, say something new – qualcosa di fico.

Two of these moments were IAPP moments: in springtime Washington DC around time
the cherry blossom briefly adorn the National Mall; and here in grey, soggy, autumnal
Brussels, when the people take refuge in cafes and strong dark beers.

Trevor Hughes and Omer Tene would always offer Giovanni a platform for his insights,
and it spoke to a deep mutual affection between them.

A year ago, he was here and announced his intention to publish a manifesto on the
future of privacy and digital society, looking beyond the GDPR.

So he would be grateful to the IAPP for publishing this week ‘Privacy 2030: A Vision for
Europe’, and to his seven eminent ‘fellow travellers’ – Omer, Maria Farrell, Malavika
Jayaram, Jules Polentsky, Rocco Panetta, Marc Rotenberg and Shoshana Zuboff – for
contributing their own reflections on the big theme.

He would have been moved that the first lecture in his memory would be delivered by
Commissioner – soon to be Executive Vice President Margrethe Vestager.

There was a special chemistry between these two great thought leaders, though they
come from very different backgrounds, at opposite ends of Europe. It is clear that much
of what he believed in will be continued by her as she tackles the huge challenges ahead.

Giovanni’s three children Serena, Gianluca and Eleonora are with us today, and in their
charming company you sense their father’s calmness, lucidity and Sphinx-like
inscrutability, in this still traumatic period of coming to terms with such a loss.

Among the myriad Buttarelli awards, foundations and even meeting rooms being
proposed, it is Serena, Gianluca and Eleonora who will be the ultimate custodians of
their father’s legacy. And I want to thank them for their moral support in this project.

The manifesto is a meditation on the big challenges and a call to action.

It talks about the power of big companies and governments to do things with data and
technology. And it talks about the vulnerabilities of children, low paid workers,
migrants who have those things done to them.

It makes the link between digitisation and the environmental crisis. Our insatiable
enthusiasm for throwaway devices and generating more and more data is actually
increasing our carbon and biodiversity footprint precisely at the moment we are
supposed to be urgently reducing it.

It proposes ways the EU can empower people and address genuine social and
environmental problems.

It reflects what you could call ‘late style’ Buttarelli.

‘Late style’ in an artist is when she ‘constructs an alternative universe which somehow
helps us understood the world we live in now.’ If you read his blogposts, speeches and interviews over recent years, you see that
Giovanni wanted to call out things that were wrong.

But, at the same time, he retained a fervent pragmatic optimism for an alternative
future, and especially for the role of Europe in constructing it.
It may be the fate of most manifestos never to be implemented – but the good ones will
at least get people talking.

And indeed, the one instruction he gave me was to be provocative.
He warned that unless it made the cover of Time magazine, I would have failed and
could pack up my belongings and leave the building.
Well, Giovanni, if you’re listening it has not yet made Time magazine, though it has
featured in the latest MLEX data and security daily briefing. Baby steps.

So this is my last ghost-written tribute to Giovanni. And the best tribute I can offer him
is to help keep you talking about him long after he is gone.

I hope his manifesto will do just that.