As the Office of the Data Protection Authority bids a fond farewell to Emma Martins and extends a warm welcome to our new Commissioner Brent Homan, we interviewed the outgoing and incoming Commissioners about the transition process and their hopes for the future.
Q. What attracted you to data protection in the first place?
Emma: The honest answer is that it was simply a small part of my job description and at the time (this was many years ago) was just a bit of an ‘additional duties’ kind of thing! But I threw myself into the job and quickly realised how significant that element was for my organisation as well as the community at large. I have a very strong memory of standing in front of a filing cabinet (pre-internet days, so a long time ago) and it dawning on me how much of a person’s life was reflected in the pages and how important it was to look after that information. I have been in love with the subject, and have been trying to convert others, ever since (with varying degrees of success!).
Brent: My introduction to privacy could best be described as an episode of serendipity. In 2012 I had been working in Anti-Trust as an Assistant Deputy Commissioner of the Competition Bureau of Canada, and while focusing on misleading advertising in e-commerce I noted the growing misuse of personal information in mass marketing fraud schemes. Out of the blue an opportunity was presented to me as Director General at the Office of the Privacy Commissioner of Canada. And the more I learned about data protection the more I realised that this was destined to be the key regulatory sphere for supporting a vibrant, data-driven global economy where privacy and other fundamental human rights are respected. Witnessing the evolution of info-driven tech innovation and its accompanying societal & economic promise and risks, this certainly appears to be a critical era for data protection regulation.
Q. Emma, you have been at the helm of the ODPA since its inception. What challenges did you face setting up an independent regulator from scratch?
The thing with looking back at any journey is that the difficult moments tend to fade (which is probably a very good thing). But setting up anything from scratch always comes with challenges. The things that vexed me most were ensuring the people we had doing the very serious work of the new regulatory regime had not only the right skills, but the right values. The old saying that ‘with great power comes great responsibility’ could not be truer when you are giving a regulator significant enforcement powers. And, of course, the finances are always a challenge. I did not want to be a financial burden to the regulated community, nor did I want us to have to commit resources to administering a complex fees model. No one wants to pay additional fees, but I think we have done the best we could do – keeping costs down and administration simple.
Q. Emma, how do you think data protection has evolved since those early days? And public perception of data protection? (Have technological advances helped raise awareness about data protection issues and the harms that can arise when people’s information is not looked after?)
This is a complex question and not one that is straightforward to answer. Since I started working in data protection, the world of data and technology and our world as human beings has changed beyond recognition. So in that respect, everything is different. However, as a principles-based law, the data protection regime has stayed remarkably consistent over the past few decades. Of course, there are many who criticise it for not being future-proof, or for being overly burdensome. Laws are rarely perfect, especially ones trying to keep pace with advances of this speed and scale. But at its heart, what data protection seeks to do is ensure that we, as individuals, are treated with respect, fairness and dignity, and are given the rights and protections that have become so important in this digital era. The beating heart of the law has, in my opinion, remained unchanged. That message has been central to our approach at the ODPA and has formed a key pillar of our communications and outreach work and I think it is a message that has been recognised by our community. We have had such wonderful engagement with key members of industry and the media in supporting more inclusive and wider conversations, that is something we have all been very heartened by. There is, I think, increasing recognition of the power that data wields and a better understanding of the very real impact when it is not handled properly.
Q. Emma, what legacy would you like to leave behind?
I have always believed that in small jurisdictions like ours there are unique opportunities to get these things right and that, if we do so, everybody benefits. Protecting data is essentially protecting ourselves and with such a strong sense of community in the Bailiwick, the foundations are already here. I have always felt a strong sense of community and service in this role and tried to bring ethics and human values into every aspect of the work this office does. Data can transform lives both for the better and for the worse, it’s up to us to ensure it is a force for good. I think the Bailiwick is strongly positioned to respond to the social and economic challenges and opportunities that the data-hungry fourth industrial revolution presents to position ourselves as a jurisdiction that understands the value of looking after people, as well as how trust and confidence around data handling can support economic health. I am excited to see the office continue to build on the good work that the very talented team have already done.
Q. Brent, you previously held one of the top data protection jobs in Canada and are changing continents and jurisdictions to become Bailiwick of Guernsey Data Protection Commissioner. We are terribly lucky to have you and all your experience, but what attracted you to Guernsey and is it quite a daunting move?
When I saw the post being advertised I was definitely intrigued, and the more I learned about Guernsey and the ODPA, the more I came to appreciate what a unique opportunity this was in an exciting and warmly inviting place! Guernsey has established progressive privacy legislation carefully aligned with European and UK laws, and Emma Martins and her team have done an outstanding job in building a highly effective data protection authority. And given the prominence of Guernsey as a global financial services hub, it will be an honour to contribute to advancing its leadership position through strong and supportive regulatory oversight.
On the personal side I have had the pleasure of visiting Guernsey and the beauty of the island and its welcoming residents has shone through brightly. Along with my wife, 8-year-old daughter and pug - we very much look forward to becoming a part of the community and experiencing all the treasures that the Bailiwick has to offer.
Has the move been daunting? You betcha- but tell me, what adventure isn’t!? My family and I were very fortunate to have much support in navigating the obstacle course of visas, permits, property sales and searches, and we finally find ourselves settled in our Guernsey home just in time to enjoy the holiday season!
And although I will miss my family's favourite sport of curling, I can't wait to try lawn-bowling and take a dip in the Bailiwick’s famous bays!
Q. Brent, what are you most looking forward to in your new role?
I have already had the pleasure of meeting the staff at the ODPA, and have been super impressed by their commitment and creativity as is showcased through the innovative Bijou series. I am really looking forward to working alongside this talented team in serving the Bailiwick.
Additionally, authentic collaboration is of paramount importance to me and I can't wait to meet Guernsey’s public and private sector stakeholders, understanding the data protection challenges they face and promoting superior data protection practices throughout the Bailiwick.
Q. Brent, what has the transition process been like?
I find the process has been highly supportive and invigorating. With the appointment announced last summer it has provided ample time to not only shift out of my current role in Canada and position them for continued success- but to prepare for my role as Commissioner in Guernsey. To that end, I am extremely grateful to DPA Chair Richard Thomas, Emma Martins and the whole ODPA Board and Staff for the generosity with which they have offered their time, advice and assistance during the transition.
Q. Brent, what are your priorities as Commissioner?
I believe the best way to answer that is to first share my vision for the ODPA, which is a “a model for the global data protection community with a public and private sector that embraces compliance and elevates the level of trust and consumer confidence.”
And how we get there involves a strategy that is inspired by, and anchored to, the values and objectives of the ODPA’s 3-year Strategic Plan.
The pillars supporting the strategy are:
1. Balance – in ensuring we select the right compliance tool (guidance, outreach or enforcement) for the right situation.
2. Trust – which is to be earned by demonstrating integrity, accountability and transparency in all that we do.
3. Partnership – both with the stakeholders that we serve, as well as our regulatory counterparts.
Now, as to strategic priorities, they include promoting:
1. Proactive compliance, where public and private sector stakeholders embrace a privacy-protective posture before incidents occur.
2. Awareness of breach risks which disproportionately harm Guernsey’s residents, given the intimacy of the jurisdiction.
3. Technological innovation which on one hand creates exciting opportunities to improve government and commercial services, but on the other, involves un-precedented risks to individual’s fundamental rights and freedoms.
Q. Finally, what would you both like to say to the Bailiwick community?
Emma: Thank you for trusting me with this role. If we have encouraged even a small degree of progress in embedding good data governance into organisations across our Islands, that is a success. So often at the heart of things that go wrong is a failure of accountability. Data protection legislation requires accountability. That is not always comfortable for those who find themselves in the spotlight but it has to become non-negotiable in all aspects of our lives whether that’s our bank, doctor, employer, government etc.
There is much still to be done, but please know that we have, from the beginning, been working hard to improve accountability and correct what are often significant power imbalances. Many times over the years we have been described as ‘the last port of call’ for people. In my job, the thing that has mattered most has been being part of a team that truly understands the gravity of that responsibility. Independence, impartiality, accountability and integrity are not buzzwords, they are the foundations for supporting individuals' rights and freedoms. We do not need to look too far to see how fragile those things are in today's world. Try to see beyond the dry legal text. The law matters to you, and it matters to future generations. We all have a part to play and we can all make a difference.
Brent: I just want to emphasize how appreciative I am of the privilege to serve the Bailiwick and its residents as their Data Protection Commissioner. I very much look forward to becoming an active member of the community, and alongside my team, building on the firm foundation established by Emma and promoting a vibrant and innovative Bailiwick government and economy where individuals’ rights are cherished and respected.