GDPR and data rights

"Younger people just don’t seem to value their personal data that much compared to older people, but perhaps because they don’t really understand what it’s worth"

Moments after he was elected to the position, Sam Pallis Chair of the Young Fabians Tech Network turned to me and asked me excitedly if I wanted to do a joint event with the Law Network on data law and privacy. Of course, I did, data law is where the most exciting developments in law are happening right now.

For those who don’t know, General Data Protection Regulation or GDPR as it is more commonly known is a EU regulation that is going to come into force in May 2018. We’re adopting it, EU or no EU. The idea is to update current law, which is which woefully out of date compared to our ever- changing data-driven internet existences. The idea is to protect citizens from increasingly significant privacy and data breaches and to improve transparency. Remember that when you download that app for free, it isn’t really free. The price is handing over your personal data. Google and Facebook don’t need to produce goods as they can make money from collecting personal data.

GPDR means we are going to have more ‘Data Rights’. For example, if there is a data breach companies will have to notify you with 72 hours. You’ll have the Right to Access, meaning you can ask an organisation that holds your data (a ‘Controller’), say Facebook, if your personal data is being processed, where and for what purpose. They’ll also have to give you a copy of whatever they hold on you. The Right to be Forgotten will be enshrined into law, even if your data has been passed to third parties you’ll be able to have it erased and Data Portability will mean you can transfer all your personal data from one Controller to another.

So, we held our joint panel event at Portcullis House and we had so much to talk about it overran by an hour. Our panel discussed how the philosophy of privacy had to reflect modern technology and how this would change the future of privacy as we understand it. Ivana Bartoletti, Chair of the Fabians Women’s Network and data consultant spoke passionately about how the state had a responsible to ensure companies did not abuse the data they had.

We touched on how data is used to target adverts, which it was felt was patronising and evasive. Scott Allardyce, a lawyer with the makers of the game Candy Crush impressed just how vast the amounts of data there is available to third parties and we debated why younger people readily hand over access to their data when asked to sign up to apps using Google or Facebook. Younger people just don’t seem to value their personal data that much compared to older people, but perhaps because they don’t really understand what it’s worth, as it’s fast becoming the driving force of the world economy. Dr Reuben Binns, an Oxford University academic on the matter shared his thoughts about the concept of ‘consent’ and how it is obtained from individuals when choosing to hand over our data and the latest research on when it is effective.

GDPR as legislation is untested and we shall have to wait to see how it holds up. Elizabeth Denham, the UK Information Commissioner has written an easy to digest GDPR blog series on the ICO’s website if you want to read more.

Do you like this post?