The issue of data privacy has made something of a comeback in the last few weeks’ headlines. First, the Met Police announced they will use facial recognition software to monitor the crowds at London’s Notting Hill festival and match troublemakers against a database of suspects known by the police, and then we saw the EU’s GDPR (General Data Protection Regulation) being signed into UK law, coming into effect from 2018.
The latter will make it easier for internet users to ask companies that collect data about them to delete said data, as well as expanding the definition of personal data to include cookies and IP addresses. While this would place the burden of prioritising data security on companies which collect personal data, at the other end of the scale, a new app is charging a fee to allow suspicious partners to trawl through the public data on Tinder to discover whether their partner is still active on the app, and where they last logged in from.
Bearing in mind the UK’s exit from the EU, and other data privacy related developments happening elsewhere in the world, such as the US Department of Justice’s attempt to identify all 1.3 million IP addresses that had visited an anti-Trump website, it is perhaps worth thinking about how the ever-expanding range of services and opportunities available digitally in the UK will adjust in order to strike a balance between regulation, public awareness and individual responsibility.
A recent YouGov poll revealed that the British public were somewhat apathetic with regards to data privacy and much more concerned about data security, with cyberattacks ranking higher on their agenda of concerns than the collection of personal data.
However, it does seem that when given the option of having personal data collected by companies or by the state/government a significant number of people tend to trust the latter more than the former, and almost a third of respondents thought more should be done to help the UK government fight crime, even if it affects the privacy of ordinary citizens.
What does this mean for organisations operating across borders? While there are still a lot of unresolved questions about how the GDPR would apply in the UK post-Brexit, the Information Commissioner’s office advises that businesses and services operating transnationally will most likely have to comply with the strict rules of the EU when it comes to consumer and personal data. A lack of international consistency around data protection laws could mean disruptions to vital exchanges of information and given that Britain’s digital economy was worth around £118 billion in 2015, these disruptions could prove extremely costly.
The increase in usage of cloud-based services which may have servers in different jurisdictions also complicates things, as does the extent to which the EU’s ‘Right to be Forgotten’ (a data protection bill that applies to search engines and stipulates that EU citizens can request the removal of stories or items that are “inadequate, irrelevant, or no longer relevant” from Google search results) to can be applied beyond the EU.
With the likes of Amazon developing devices such as the Amazon Echo which in addition to making life more convenient, have the ability to collect data about what we do offline as well as online, it will be interesting to see the extent of consumer resistance to new forms of data collection as well as how businesses and even the state/government will adapt to this challenge and work together with them to attempt to make data collection more meaningful for both parties.