Sign up to Newsletter

data protection graphic

Data Protection

Data Protection laws seek to protect people's data by providing individuals with rights over their data, imposing rules on the way in which companies and governments use data, and establishing regulators to enforce the laws.

Data protection law is going through another revolution. Established in the 1960s and 1970s in response to the increased use of computing and databases, re-enlivened in the 1990s as a response to the trade of personal information and new market opportunities, it is now becoming much more complex.

New challenges are also emerging in the form of new technologies and business models, services, and systems increasingly rely on analytics, 'Big Data', data sharing,tracking, profiling, and artificial intelligence. The spaces and environments we inhabit and pass through generate and collect data from human behaviour. The devices we wear and carry with us, install in our homes, our channels of communications, sensors in our transport and our streets all generate more and more data. 

Data protection frameworks may have their boundaries and new regulatory regimes may need to be developed to address emerging new data-intensive systems, new frameworks nevertheless provides an important and fundamental starting point to ensure that the fundamental strong regulatory and legal safeguards are implemented to provide the needed governance frameworks nationally, and globally, before we see ourselves the subject of data exploitation.

What is the problem

Protecting privacy in the modern era is essential to effective and good democratic governance. However, despite increasing recognition for and awareness of the right to privacy and data protection across the world, there is still a lack of legal and institutional processes and infrastructure to support the protection of rights. Some parts of the world in particular suffer from a void: a lack of regulatory and legal frameworks in many countries, and the poor implementation and enforcement in others.

As a result, innovations in policy and technology, private and public sector data practices, are largely left unregulated and unchecked, and this will have significant implications for rights of individuals, as well as for the development of the economies and societies.

There is also a systemic and structural challenge which is aggravating this situation. Decision-making and legislative processes are all too often not subject to any or only very limited public scrutiny. 

What is the solution

Institutions, public or private, that collect and use your personal data must:

  • be subject to rigorous regulations providing them with standards on how to handle any data they process;
  • be compelled to be transparent and accountable;
  • be subject to checks and balances;
  • fulfill the rights of individuals
  • respect the rule of law.

There are a number of a basic principles upheld by widely recognised codes, practices, decisions, recommendations, and policy instruments which provide the framework for effectively regulating the processing of personal data.  However, it is essentail for the protection of individuals rights that a data protection framework is given the force of law. 

Data Protection legislation must be carefully scrutinised to seek to ensure that the resulting framework is as strong as possible and not undermined by legal loopholes and exemptions. Once in force, data protection legislation must be accompanied by effective implementation and enforcement. This requires an independent regulator or authority must be appointed to ensure the law protection law is enforced, and it must have the mandate and resources to conduct investigations, act on complaints and impose fines when they discover an organisation has broken the law. An important safeguard is a strong and critical civil society, with the ability to raise complaints, research abuses and be constantly vigilant of implementation. 

Furthermore, recognising the need for multi-disciplinary nature of such mechanisms, technological measures from the conception phase to the processing of data can support a regulatory framework to minimise data collection, to mathematically restrict further data processing, to assuredly limit unnecessary access, amongst other privacy measures. Such measures can be adopted by both companies and governments.The onus must be squarely on those processing our data to protect it both by design and by default. 

Learn

Explainer

Infrared temperature screening

Explainer

7+1 tips on how to make the most out of your DSAR

Explainer

101: Data Protection

Corporate Spies running wild

Links

The Enablers by the Bureau of Investigative Journalism

PI's report

Submit your podcast questions

Sign up to our mailing list

Places to listen

You can listen and subscribe to the podcast where ever you normally find your podcasts:

Spotify | Apple podcasts | Castbox | Go

More

Featured Campaign

Neighbourhood turning into Policing, Inc.
Campaigns

Unmasking Policing, Inc.

Governments are secretly collaborating with private companies. Here is why PI is concerned about surveillance outsourcing, and why together we urgently must expose them.
Read more

Report and Analysis

Key Resources
A black female content creator at her desk in front of a camera with an ominous black box with data points and an eye on one face looking at her behind her shoulder

Content Creators Working for the Algorithm

Creators who produce content for big online platforms, from video game livestreamers on Twitch to adult content producers on platforms like OnlyFans, often find themselves forced to share a lot of data, putting their privacy and security at risk while being given limited information as to how this data is being used.

Continue reading
Report
Photo by Craig Whitehead on Unsplash

Briefing: Controlling the UK's Private Intelligence Industry

New briefing details the growth of the private intelligence industry in the UK and what needs to be done about it.

Continue reading
Long Read
Couple sitting in front of shops in the UK

Welfare policy in the UK today: the government's flawed approach to fraud

After a consultation held in 2021 to which Privacy International responded, the government has now decided not to expand the powers of its "National Fraud Initiative". However, recent changes in the UK welfare landscape point to troubling plans for the future.

Continue reading

News

17th December 2021

All we want for Christmas is... Clearview AI to be banned (and looks like it's happening)!

25th May 2021

Privacy International and others file legal complaints across Europe against controversial facial recognition company Clearview AI

17th May 2021

The UN Report on Disinformation: a role for privacy

26th March 2021

Unwanted Witness publish a briefing for election observers on the importance of privacy and data protection in the election cycle.

11th March 2021

A win for Unwanted Witness: Uganda’s data protection authority finds ride sharing app unlawfully disclosed personal data to third parties

27th October 2020

UK data regulator takes enforcement action to rein in data brokers' use of people's personal data

Examples of Abuse

Want to know how this translate in the real world? Here is the latest example in the news.

Study finds gaps in GAEN contact tracing apps privacy protection

A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish
Read more
See more examples of abuse

Our Advocacy

Privacy International’s submission on Argentina’s draft law on the protection of personal data

Summary

PI welcomes the opportunity to respond to this consultation on the proposed data protection bill in Argentina.

Read more
View more advocacy