Data protection law is going through another revolution. Established in the 1960s and 1970s in response to the increased use of computing and databases, re-enlivened in the 1990s as a response to the trade of personal information and new market opportunities, it is now becoming much more complex.

New challenges are also emerging in the form of new technologies and business models, services, and systems increasingly rely on analytics, 'Big Data', data sharing,tracking, profiling, and artificial intelligence. The spaces and environments we inhabit and pass through generate and collect data from human behaviour. The devices we wear and carry with us, install in our homes, our channels of communications, sensors in our transport and our streets all generate more and more data. 

Data protection frameworks may have their boundaries and new regulatory regimes may need to be developed to address emerging new data-intensive systems, new frameworks nevertheless provides an important and fundamental starting point to ensure that the fundamental strong regulatory and legal safeguards are implemented to provide the needed governance frameworks nationally, and globally, before we see ourselves the subject of data exploitation.

What is the problem

Protecting privacy in the modern era is essential to effective and good democratic governance. However, despite increasing recognition for and awareness of the right to privacy and data protection across the world, there is still a lack of legal and institutional processes and infrastructure to support the protection of rights. Some parts of the world in particular suffer from a void: a lack of regulatory and legal frameworks in many countries, and the poor implementation and enforcement in others.

As a result, innovations in policy and technology, private and public sector data practices, are largely left unregulated and unchecked, and this will have significant implications for rights of individuals, as well as for the development of the economies and societies.

There is also a systemic and structural challenge which is aggravating this situation. Decision-making and legislative processes are all too often not subject to any or only very limited public scrutiny. 

What is the solution

Institutions, public or private, that collect and use your personal data must:

  • be subject to rigorous regulations providing them with standards on how to handle any data they process;
  • be compelled to be transparent and accountable;
  • be subject to checks and balances;
  • fulfill the rights of individuals
  • respect the rule of law.

There are a number of a basic principles upheld by widely recognised codes, practices, decisions, recommendations, and policy instruments which provide the framework for effectively regulating the processing of personal data.  However, it is essentail for the protection of individuals rights that a data protection framework is given the force of law. 

Data Protection legislation must be carefully scrutinised to seek to ensure that the resulting framework is as strong as possible and not undermined by legal loopholes and exemptions. Once in force, data protection legislation must be accompanied by effective implementation and enforcement. This requires an independent regulator or authority must be appointed to ensure the law protection law is enforced, and it must have the mandate and resources to conduct investigations, act on complaints and impose fines when they discover an organisation has broken the law. An important safeguard is a strong and critical civil society, with the ability to raise complaints, research abuses and be constantly vigilant of implementation. 

Furthermore, recognising the need for multi-disciplinary nature of such mechanisms, technological measures from the conception phase to the processing of data can support a regulatory framework to minimise data collection, to mathematically restrict further data processing, to assuredly limit unnecessary access, amongst other privacy measures. Such measures can be adopted by both companies and governments.The onus must be squarely on those processing our data to protect it both by design and by default. 

Learn

Explainer

7+1 tips on how to make the most out of your DSAR

Explainer

101: Data Protection

Public opinion about data-driven election campaigning in the UK

1m34s

Immediately following the UK general election in December 2019, we worked with Open Rights Group to commission a YouGov poll about public understanding and public opinion about the use of data-driven campaigning in elections.

The poll used a representative sample of 1,664 adults across the UK population.

'Data-driven political campaigning' is about using specific data about you to target specific messages at you. So, for this might involve knowing that you are, for example, likely to have two children between the ages of 2-5, and then using this data to target political messages at you that are designed to appeal to young parents, such as messages about investment in early years education. All of this would be done without these political parties revealing to you what data they hold about you, and indeed without telling you that that they are presenting you with these particular messages because of that data.

Key findings from the poll include:

  • 58% of people polled oppose the use of targeted ads during elections.
  • 69% of people polled oppose election spending when the source of that money is unknown.
  • Evidence suggests that the more the public knows about data-driven campaigning, the more they want to see stronger controls around its use.
  • 78% of people polled want to see tougher punishments like criminal convictions and fines when political campaigning rules are breached.
  • Many of the public don’t even know that data-driven political campaigning is happening. Therefore they won’t know that they are potentially being presented with certain kinds of messages because of what political parties think they will be interested in, and that others will be targeted with very different messages.

WANT TO KNOW WHAT DATA UK POLITICAL PARTIES HOLD ABOUT YOU?
SUBMIT A DATA SUBJECT ACCESS REQUEST (DSAR) THROUGH THE OPEN RIGHT'S GROUP'S WEBSITE.

 

Featured Campaign

GoogBit ad
Campaigns

The Google/Fitbit merger - NOT ON OUR WATCH!

Google wants to know everything about you. It already holds a massive trove of data about you, but it now also wants to get its hands on your health data too. We don’t think any company should be allowed to accumulate this much intimate information about us. This is why we’re trying to stop its
Read more
See all campaigns

Reports and Analysis

Long Read
control room

The Corona Contracts: Public-Private Partnerships and the Need for Transparency

No Tech For Tyrants, a UK grassroots organisation, is explaining Palantir's involvement with the UK government, including their partnership with the NHS. They explore the concerns public-private partnerships between Palantir and governments raise , and what this means for our rights.

Continue reading
Long Read
Berlin TV tower behind a net

At the border, asylum seekers are "guilty until proven innocent"

As migration continues to be high on the social and political agenda, Western countries are increasingly adopting an approach that criminalises people at the border. Asylum seekers are often targeted with intrusive surveillance technologies and afforded only limited rights (including in relation to data protection), often having the effect of being treated as “guilty until proven innocent”.

A recent report explains how the central German migration authority uses mobile phone extraction technology in the asylum application procedure, and why it is highly problematic.

Continue reading
Long Read
cave_fighter

Rage Against Data Dominance: A New Hope

Throughout these updates, we will do our best to avoid technical terms, obscure references or abstract discussions. We want you to be aware of how data power has grown and why we need to act. This post focuses on data and competition law developments in the UK.

Continue reading
View more

News

22nd May 2020

In big tech we trust: is Apple's and Google's COVID-19 reputation laundering enough to make us forget about their past?

22nd May 2020

GDPR - 2 years on

24th April 2020

Schools and Covid-19

21st April 2020

Zoom is not the worst, just getting the attention software deserves

13th March 2020

French regulator launches investigation of Criteo following PI's complaint

6th February 2020

Why the Huduma Namba ruling matters for the future of digital ID, and not just in Kenya

See more

Examples of Abuse

Want to know how this translate in the real world? Here is the latest example in the news.

Faculty wins £400,000 UK government contract to analyse social media data

The AI firm Faculty, which worked on the Vote Leave campaign, was given a £400,000 UK government contract to analyse social media data, utility bills, and credit ratings, as well as government data, to help in the fight against the coronavirus. This is at least the ninth contract awarded to Faculty
Read more
See more examples of abuse

Our Advocacy

Submission on the Cyber Security and Data Protection Bill 2019 to the Parliament of Zimbabwe

Privacy International responded to the call for submissions on Zimbabwe’s Cyber Security and Data Protection Bill, 2019.

Read more
View more advocacy