Data Protection Day 2017 on 28th January last had as its theme Respecting Privacy, Safeguarding Data and Enabling Trust. We should have reached a point in time where the need to respect personal information, keep data secure and enable trust becomes not only a focus for regulators and an expectation for citizens but also a compliance and ethical duty for governments and businesses.
Governments and other authorities have for thousands of years collected information on citizens in a variety of ways and statistical information about peoples has been a valuable tool for managing economies and humanitarian needs. More recently however, technological advances have meant that personal data can be collected, obtained, analysed, used, transferred and shared in a myriad of ways – some good and some bad.
We have certainly reached a point in time where personal information has a tradable value but the trading in such data comes with moral and ethical obligations as well as legal and regulatory requirements.
As consumers become more educated about the ways in which their personal information is collected and shared and how the appropriate use of such data can provide valuable outcomes, so consumers also expect legal and ethical standards to be adhered to. Where rights in personal data are abused and where such personal data is used for purposes for which consumers have no reasonable expectation, then consumers will exercise their rights both legal and moral to gain satisfaction and compensation for failure by governments and businesses to respect privacy, secure data and enable trust.
The notion of the protection of personal data and rights in personal information has been around for hundreds of years as demonstrated by the right to “private life” in the French Constitution of 1791, the notion that “the individual shall have full protection in person and in property” as developed by Samuel Warren and Walter Brandies in “The Right to Privacy published in 1890, and the specific laws around the protection of personal data have been established in Europe for example since the Land of Hesse Act 1970 and more recently in the EU Data Protection Directive 95/46/EC.
The EU General Data Protection Regulation which will come into force on 25th May 2018 will establish a framework designed to support the expansion of processing of personal data whilst imposing on data controllers and data processors, both within government and industry, duties of transparency, fairness and accountability.
So many global data privacy laws are based on principles laid down by the OECD Privacy Guidelines and Convention 108 as well as the historic influence of Europe in its former colonial influences in the Americas, Africa, Middle East and Asia.
The electronic collection of personal data is an area where Europe recognises the need for more accountability and the recent proposal for a Privacy and Electronic Communications Regulation highlights the demand by consumers to only have their data collected and used with their permission.
Recent well publicised data breaches have demonstrated that the failure to respect privacy and to keep data secure has a direct impact on trust, and consumers are exercising their rights and demonstrating their expectations by choosing to engage only with businesses that demonstrate trust and integrity when processing personal data and avoiding businesses that plainly do not. The financial markets also react to data breaches which has an impact on shareholder value and corporates are now directly responsible to their shareholders for failures to keep personal data secure, and in addition regulators are taking an increasingly tough stance on those that fail to manage information securely.
The use of new technologies such as smart devices, Internet of Things and Artificial Intelligence, coupled with the economic and humanitarian uses of Bid Data analytics, means that there has to be a balance between the acquisition of personal data and the rights of citizens.
A balance has to be struck between the needs of governments to access personal data, the economic drivers for businesses to process and share personal data and the rights and expectations of citizens in the control of their personal information.
Governments need to implement laws and regulations that appropriately manage the data ecosystem and be accountable for their own use and misuse of personal data and encourage, education and communication to be businesses and citizens as to the duties and standards that attach to economic and ethical use of personal data.