The world of data protection is having its very own FIFA moment: next year, the World Cup of data privacy will take place in a country with a very poor track record on, er, privacy.
Despite not being run by Sepp Blatter, the 38th International Conference of Data Protection and Privacy Commissioners will take place in Morocco – [confirmation PDF] – a country that does not even meet EU adequacy standards.
The international conference is the assembly of all accredited data protection and privacy commissioners from around the world – usually national watchdogs. In addition to the EU, 101 authorities from 63 countries are accredited members, with 16 authorities and five international organizations as official observers.
"Europe's declining global leadership on data protection has just slid another notch. An ill-judged decision by privacy officials might have critically jeopardized the region's four decades of positive influence in the international privacy realm," Privacy Surgeon and founder of Privacy International, Simon Davies, told The Register this week.
"How could this absurdity have been allowed to happen? Yes, Morocco adopted a data protection law a few years ago, but based on the track record, Morocco has many such laws that have little practical impact on citizen rights. Earlier this year a local NGO was prosecuted by Morocco's Interior ministry for publishing evidence of unlawful government spying, while many journalists and news outlets have been cowed into submission by authorities," added Davies.
The most charitable theory is that commissioners want to encourage Morocco; others might say that they just want a jolly to Casablanca. The executive committee of the conference, currently led by New Zealand, has published guidance [PDF] for would-be host cities, and said that its decision to recommend Morocco was because it met the criteria laid out, including guaranteeing a suitable location and venue.
The Moroccan data protection authority has been an accredited member of the conference since 2011, but as a future host of the conference will now sit on the executive committee as well.
The current exec is made up of Julie Brill from the US Federal Trade Commission; John Edwards, Office of the New Zealand Privacy Commissioner; Jacob Kohnstamm of the Dutch Data Protection Authority (who will host this year's event next month); Isabelle Falque-Pierrotin of France's National Commission for Information Technology and Civil Liberties; and last year's host, Drudeisha Madhub from the Mauritius Data Protection Office. ®
We note that the privacy conference's icdppc.org website does not use HTTPS.