By Maja Maskiewicz, Ambassador for the Women in Law Society at Cardiff University
The notion of privacy, deemed to be so important it was embedded in Article 8 of the European Convention on Human Rights (ECHR), seems to be dominating academic and policy discussions in the wake of the world of technology and information law becoming increasingly prominent.
Those in the likeness of Jeroen Van Den Hoven, who uses moral reasoning to argue for the engagement with data protection, begs the question of what the ordinary citizen stands to lose if they forfeit privacy for protection. While other academics like Daniel J. Solove debate the possibility that privacy cannot have one feasible definition but rather may take a multitude of forms due to differences among people and historical advances made in the contemporary world.
The ambiguous nature of the privacy definition prevails when trying to determine its scope and meaning. Therefore, issues interpreting and applying laws relating to privacy seem to arise.
At the present, information and privacy law is regulated by a miscellany of preserved EU law and domestic provisions covered in the Data Protection Act (2018) (DPA) and UK General Data Protection Regulations (UK GDPR). The GDPR, an update to an old regulation, broke new ground as it tackles pressing privacy matters of the progressively more digitised world. Its implementation occurred through the DPA forming a new, personalised, and specific regime for the post-Brexit UK. Accordingly, personal data and information usage by the government, businesses and organisations must be handled and managed in a way which aligns with these provisions.
The Business Approach To Privacy Protection
Data from consumers, powers the business sector to make better-suited decisions when planning and strategising service delivery. Yet yielding consumer information substantially burdens businesses with long-winded procedures that those handling sensitive client data must abide by. And with cybercriminals equipped with skills to exploit networks as well as the potential of leaks occurring, the security of data has never been more fragile. Organisations can no longer overlook cybersecurity and the GDPR can act as a guide for attaining a greater level of data protection.
Many previously valued the benefit which came with the exchange of personal data for cybernetics. However, consumers are making more conscious decisions when asked to provide confidential data, by looking for more privacy-driven services. Aside from the growing consciousness, after the enforcement of the DPA, organisations can no longer handle personal data irresponsibly by not investing in data protection policies as costly sanctions will be imposed for breach. With that being said, the high-profile cases like the Sony PlayStation network (PSN) hack in 2011 have increased user awareness of the possible danger they could be putting their personal data in when submitting it to large organisations. Consumers are more prone to avoid completing transactions with organisations who suffered from data leaks, underling the idea that business’s will be better off in the long-term if they put in place, and follow, data privacy policies.
An organisation seen to protect and value customer data will be rewarded by loyalty if they demonstrate how they engage with these privacy provisions whilst not eclipsing the central function of their product. The functionality of privacy can be showcased as a feature of the product by accentuating how the company are protecting the client’s data by not disclosing it to third parties or storing it illegally. Furthermore, companies who choose not to monetise or harvest their user’s data will save on storage capacity and hardware costs, resources which process such data and associated administration.
As previously mentioned, with the rise of cybercriminals, data vulnerability is at the highest risk of hack and leak threats. An organisation cannot be comprehensively secured to prevent data exposure, they can only be secured enough. And with a lack of guidance through direct rules and regulations set in legislation, it is hard to secure such data. Therefore, this sector needs clear reform.
The Need For Reduction
The Data Reform Bill is set to strengthen the UK’s standard of protection while also reducing the burden on businesses. Its plan is to modernise the Information Commissioner’s office (ICO) and the data regulator to help businesses comply with the current law. The proposed reforms will power the responsible management of data usage by clearing up how consent is obtained.
The lack of precision and clarity in legislation has led to dependence on ‘box-ticking’ when trying to collate consent from individuals to action their data while avoiding non-compliance. The new bill is set to eliminate the UK GDPR’s prescriptive requirement, which currently limits businesses as to how they manage risk.
In turn, the new bill will require organisations to have a privacy management programme in place to ensure accountability. Standards will be kept the same, however, there will be more flexibility and freedom obtained by business relating to how they meet the criteria.
This proposed reform has been calculated by the Department for Digital, Culture, Media and Sport (DCMS) to generate more than £1 billion in business savings over a 10-year period.
Understandably, adaptation to the privacy approach is likely to entail challenges and those willing to adapt will need to muster resilience. Especially shareholders who do not wish to benefit from privacy long-term and only view it’s need as a cost, time and business burden related to the problem with privacy law implementation. Yet this lack of thorough understanding needs to be reversed for companies to prosper in the upcoming world of increased privacy awareness. Hopefully, the newly proposed Data Reform Bill will allow businesses to manage their client’s data in such a way suited to them, while maintaining the ethics of privacy in place.
Contributor to The London Financial
We combine research produced by students and early professionals into a single website, breaking down the barriers to entry individuals face in a number of industries.
Contributor opinions are their own and do not necessarily reflect the stance of the LF.