What's the point of a regulator?

An article in Third Sector magazine - http://bit.ly/2wAqnoj - suggested that the Information Commissioner bears some responsibility for the fundraising sector's focus on consent - and lack of focus on legitimate interest - as a lawful basis for processing.

Many readers agreed, with the exception of some data protection professionals, who suggested that the fault lies with the fundraising community’s failure to listen to advice that didn’t suit their purposes.

So does the regulator have any responsibility for advising practitioners? Absolutely. Here’s why:

1.      Data protection regulations are complex. They need to be interpreted, so that practitioners understand the practical implications. That's why data protection consultants have a business. Not all charities can afford to hire professionals to help them make sense of the rules, so a regulator who promotes compliance rather than just enforcing it is welcome.

2.      Charities have in the past been led by authorities to understand that a more lenient interpretation of the regulations would be applied to their activities. There’s no doubt that this no longer is the case. Nonetheless, it’s in everyone’s interests for the regulator to help organisations to interpret, understand and apply the regulations in the current environment.

3.      The ICO’s blog provides guidance to “bust some of the myths that have developed around the General Data Protection Regulation” - http://bit.ly/2i7Bwat. If the regulator has no responsibility to explain, why has she done so? And given that she has done so, the question of why it has taken so long is still valid. Had guidance been published earlier, there would be no need to bust myths now.

4.      The Third Sector article did not suggest that the regulator was solely responsible, just that she is partly at fault. Ultimately, organisations themselves are responsible for complying with the law. This responsibility, and the responsibility of regulators to inform, advise and support them, are not mutually exclusive.

It would be uncharitable to suggest that the only people who don't think the regulator has a responsibility to explain are those who make their living from explaining. I don't question the motivation for their point of view, but the sector is confused and beleaguered. To suggest that the responsibility for that rests solely with fundraisers and not at all with the regulator is even more uncharitable.