Meet PICCASO Privacy Awards Winner, Rosemary Jay

The accolade goes to an individual who is highly experienced in their sector, contributing greatly to the privacy industry for over 25 years.

This year’s award winner, Rosemary Jay, is Consultant Attorney at Hunton & Williams. She has been a specialist lawyer in information law advising national and international organisations since joining the Office of the Data Protection Registrar in 1987.

Rosemary is author of Data Protection Law and Practice (4th edition published December 2012 Sweet & Maxwell, updated 2014), editor of the Encyclopaedia of Data Protection, and contributing editor of White Book.

We spoke with Rosemary for reaction to her win and for her insight as an industry authority.

Could you briefly outline your career pathway to date?

My interest in law was sparked when I was helping to set up one of the first women’s refuges in the late 1970s. I’m from a background where becoming a lawyer would not be seen as an option, so dealing with the legal questions about planning permission, employing staff and so on was a real eye opener. It was really inspiring for me so I went back to college and did the exams, then trained in local government, qualifying in 1981.

I moved to the forerunner of the ICO as their first in-house lawyer in 1987. I was there for 12 years. In that time, I built the legal department, took the first enforcement and prosecutions, and developed early guidance on the 1984 Act.  

I also worked with European partners to assess and help develop data protection laws in the emerging democracies of Eastern Europe after the Berlin wall came down in 1989. That was fantastic work and I was very lucky to have been involved in it. It was incredible to see how enthusiastically rights based law was greeted.    

I moved the private practice with Pinsent Masons in 1999. At the same time, Sweet & Maxwell published the first edition of Data Protection Law and Practice, which is now in its fifth edition. 

In the 12 years spent with Pinsent’s I worked with a great team, many of whom are now senior practitioners in privacy (although they will always be youthful NQs to me of course).  We had a wide-ranging practice and client group, covering access rights, surveillance and linked areas. 

When I retired as a partner in 2011, I decided to spend some time with a US firm for a few years and moved to Huntons. That “some time” has ended up being another 12 years, although over that time I have gradually slowed down, so now I only work with a few clients and with the Think Tank, the Centre for Information Policy Leadership. It’s been a real delight being able to work with CIPL and contribute to thinking on developing policy issues with their team. 

What does winning the PICCASO Privacy Award for Achievement mean to you?

I missed the award ceremony as I was in Australia visiting my daughter and new grandson, so I didn’t really get the full flavour of the event, but it looked great on the videos. 

It was very kind of people to put me forward for the award and then for others to vote for me. I’d like to think it wasn’t just given to me on account of my long service but I did notice I was far and away the oldest candidate.

What are the primary challenges coming up on the data protection & privacy horizon in your sector?

There is no doubt that AI is already proving a challenge for the whole privacy community. I think one of the problems is the rush to market on AI products; everyone wanting to get in there early, means that quality may be being sacrificed for early market entry. 

This in turn is already leading to stringent regulatory responses which may be followed by loss of consumer trust, with the result that the industry may be set back and it will take longer to reap the potential benefits AI can bring.

The other huge challenge for organisations is the growth of regulation in the areas intrinsically linked to DP, so we have the Digital Markets Act, Digital Services Act and the Data Act from the EU (to name but a few). In the UK, we have Online Safety as well as proposed changes to the existing DPA.  

The nexus between data regulation and competition regulation is becoming increasingly complex. There comes a point where organisations, even huge corporations with legal teams, simply cannot absorb and apply all these new rules coherently. In fact, they are not always coherent and organisations will start having to assess which set of rules they decide to follow in cases where there is a clash.

What do organisations need to prioritise within their data protection and privacy strategies in order to meet these challenges?

I think it starts a lot earlier than with DP and privacy strategies. Organisations need to start with their fundamental statements of values and ethics. They need to cascade those through the compliance environment, including of course DP, but not just DP.  

When there are difficult challenges and decisions it can help to be able to go right back to fundamental values to help balance the right choices. Within DP and privacy – get the basics right – can you properly deal with individual rights? Is your data as accurate as it should be? And increase your cyber security and awareness.  

Never mind how good you think it is – keep working on it. It is an increasingly dangerous world. Every bit of tech is under threat and everyone has an obligation to maintain security. We are all connected, so don’t be the weakest link.

About Piccaso

The PICCASO Privacy Awards Europe recognise the people making an outstanding contribution to this

dynamic and fast-growing sector—from the professionals ensuring their companies meet increasingly complex legal demands to the academics and engineers pushing privacy thought leadership and innovative protections forward.

FIND OUT MORE.