Data Protection laws seek to protect people's data by providing individuals with rights over their data, imposing rules on the way in which companies and governments use data, and establishing regulators to enforce the laws.
Data protection law is going through another revolution. Established in the 1960s and 1970s in response to the increased use of computing and databases, re-enlivened in the 1990s as a response to the trade of personal information and new market opportunities, it is now becoming much more complex.
New challenges are also emerging in the form of new technologies and business models, services, and systems increasingly rely on analytics, 'Big Data', data sharing,tracking, profiling, and artificial intelligence. The spaces and environments we inhabit and pass through generate and collect data from human behaviour. The devices we wear and carry with us, install in our homes, our channels of communications, sensors in our transport and our streets all generate more and more data.
Data protection frameworks may have their boundaries and new regulatory regimes may need to be developed to address emerging new data-intensive systems, new frameworks nevertheless provides an important and fundamental starting point to ensure that the fundamental strong regulatory and legal safeguards are implemented to provide the needed governance frameworks nationally, and globally, before we see ourselves the subject of data exploitation.
Protecting privacy in the modern era is essential to effective and good democratic governance. However, despite increasing recognition for and awareness of the right to privacy and data protection across the world, there is still a lack of legal and institutional processes and infrastructure to support the protection of rights. Some parts of the world in particular suffer from a void: a lack of regulatory and legal frameworks in many countries, and the poor implementation and enforcement in others.
As a result, innovations in policy and technology, private and public sector data practices, are largely left unregulated and unchecked, and this will have significant implications for rights of individuals, as well as for the development of the economies and societies.
There is also a systemic and structural challenge which is aggravating this situation. Decision-making and legislative processes are all too often not subject to any or only very limited public scrutiny.
Institutions, public or private, that collect and use your personal data must:
There are a number of a basic principles upheld by widely recognised codes, practices, decisions, recommendations, and policy instruments which provide the framework for effectively regulating the processing of personal data. However, it is essentail for the protection of individuals rights that a data protection framework is given the force of law.
Data Protection legislation must be carefully scrutinised to seek to ensure that the resulting framework is as strong as possible and not undermined by legal loopholes and exemptions. Once in force, data protection legislation must be accompanied by effective implementation and enforcement. This requires an independent regulator or authority must be appointed to ensure the law protection law is enforced, and it must have the mandate and resources to conduct investigations, act on complaints and impose fines when they discover an organisation has broken the law. An important safeguard is a strong and critical civil society, with the ability to raise complaints, research abuses and be constantly vigilant of implementation.
Furthermore, recognising the need for multi-disciplinary nature of such mechanisms, technological measures from the conception phase to the processing of data can support a regulatory framework to minimise data collection, to mathematically restrict further data processing, to assuredly limit unnecessary access, amongst other privacy measures. Such measures can be adopted by both companies and governments.The onus must be squarely on those processing our data to protect it both by design and by default.
Immediately following the UK general election in December 2019, we worked with Open Rights Group to commission a YouGov poll about public understanding and public opinion about the use of data-driven campaigning in elections.
The poll used a representative sample of 1,664 adults across the UK
Privacy International submitted its input to the forthcoming report by the UN High Commissioner for Human Rights (HCHR) on the right to privacy and artificial intelligence (AI.)
In our submission we identify key concerns about AI applications and the right to privacy. In particular we highlight concerns about facial recognition technologies and the use of AI for social media monitoring (SOCMINT). We document sectors where the use of AI applications have negatively affected the most vulnerable groups in society, such as the use of AI in welfare and in immigration and border control.
The briefing also argues for the adoption of adequate and effective laws accompanied by safeguards to ensure AI applications comply with human rights.
