Laws to protect people's data by requiring companies and governments to follow the rules, and regulators to enforce them.
Data protection law is going through another revolution. Established in the 1960s and 1970s as response to the increased use of computing and databases, re-enlivened in the 1990s as a response to the trade of personal information and new market opportunities, it is now becoming much more complex.
New challenges are arising with regards to conflicting rights such as the right to be forgotten, the right to access information, and the right to freedom of expression. New challenges are also emerging in the form of new technologies and business models are emerging around analytics, Big Data, data sharing, and the growing interest in open data.
Data protection frameworks may have their boundaries and new regulatory regimes may need to be developed to address emerging new data-intensive systems, new frameworks nevertheless provides an important and fundamental starting point to ensure that the fundamental strong regulatory and legal safeguards are implemented to provide the needed governance frameworks nationally, and globally, before we see ourselves the subject of data mining for exploitation.
What Is The Problem
Protecting privacy in the modern era is essential to effective and good democratic governance. However, despite increasing recognition for and awareness of the right to privacy and data protection across the world, there is still a lack of legal and institutional processes and infrastructure to support the protection of rights. Some parts of the world in particular suffer from a void: a lack of regulatory and legal frameworks in many countries, and the poor enforcement in others.
As a result, innovations in policy and technology are largely left unregulated and unchecked, and this will have significant implications for rights of citizens and organisations, as well as for the development of the economies and societies.
There is also a systemic and structural challenge which is aggravating this situation. Decision-making and legislative processes are not subject to any or only very limited public scrutiny.
What Is The Solution
Institutions, public or private, that collect and use your personal data must:
- be subject to rigorous regulations providing them with standards on how to handle any data they process;
- be compelled to be transparent;
- be subject to checks and balances;
- respect the rule of law.
There are a number of a basic principles upheld by widely recognised codes, practices, decisions, recommendations, and policy instruments which provide the framework for effectively regulating the processing of personal data. In addition, an independent regulator or authority must be appointed to ensure the law protection law is enforced, and it must have the mandate and resources to conduct investigations, act on complaints and impose fines when they discover an organisation has broken the law.
Furthermore, recognising the need for multi-disciplinary nature of such mechanisms, technological measures from the conception phase to the processing of data can support a regulatory framework to minimise data collection, to mathematically restrict further data processing, to assuredly limit unnecessary access, amongst other privacy measures. Such measures can be adopted by both companies and governments.