We’re all leaking our personal data, all the time. We really don’t mind doing that, because it makes our lives easier, more social. We share on Facebook when and where we’re on holiday. We review places. We post photos. We let everyone know who else we know, and so we share information about our friends.
We buy stuff. We give our bank details. We book things online. We pay for them. We enter prize draws. We visit websites; we exercise our curiosity. We look at articles with enticing titles – click-bait. There’s not a lot we don’t share.
Even those of us who are most careful with our personal data are, no doubt, also giving enough information out to be pretty dangerous. And the danger is the point at which we realise that data protection isn’t just a jobsworth cliché, but it’s a point of crucial, personal importance to who we are, our safety, security and our finances.
Our protection is in the law, and in our own personal behaviour. We are our own weakest link – the data we share, who we tell where we are, the weak passwords we use. We are responsible for ourselves.
Data protection law in the UK is covered by the Data Protection Act 1998. That’s 1998. Remember then? And it’s based on the EU Data Protection Directive of 1995. The year of Windows 95. The world wide web was new – there was no Net 2.0; the was only just Net 1.0. The world has changed, and up to now, we are still trying to regulate privacy with the same weapon. We’re getting better at it - the Information Commissioner’s Office are being more active, and more ready to take action – in spite of their limited powers.
In May 2018, finally this legislation is being updated – 20 years later. This is being brought in by European legislation, but it is highly likely that this will be in force in spite of and ahead of Brexit, and will probably remain in force after – because it would be hugely damaging to UK business if it weren’t.
This will increase the duties on data controllers and data processors to safeguard personal data; it will hugely increase penalties on those who don’t – increasing maximum fined from £500,000 to the higher of €20 million or 4% of worldwide turnover.
Businesses will have to increase their protection of your personal data. They will have to appoint Data Protection Officers whose first duty is to whistleblow. This will be a burden on business – of that there is no doubt. But the weight of their obligation should put some brake on the leaking of data. It should; but technology advances a lot faster than legislative bodies.
Perhaps privacy is dead; or the forces trying to protect it are inadequate against the force of technological progress trying to use your data for commercial, perhaps not nefarious, ends. Should we be trying to keep privacy alive? Imagine what it would be like with no privacy...
Paul Berwin is a Commercial and Digital Law Specialist and a Senior Partner at Berwins Solicitors