Rarely a week goes by without some interesting developments in the interaction between data protection law and technology. This can range from a big tech company being investigated for its inappropriate uses of personal data to exciting announcements about a new technology, which in itself can raise questions about personal data.
It’s a fascinating and evolving area of law. It encompasses advances in modern cultural, which not only play a large part of the work we do at DACB, but also affects our personal lives. Below we explore a few key topics which have been a theme of recent months, crystal ball gazing to look ahead to what further developments may arise during 2019 and a highlight of interesting tech projects which the DACB team have been involved in and which data protection has been a key feature.
Big tech and privacy
The GDPR has given the regulators greater power to force companies to comply with the law and to heavily fine those who repeatedly or flagrantly breach it. Increasingly we are seeing the regulators turn their attention (some may say their wrath) towards the big tech companies, who to date had treated personal data as an asset which they could exploit for their own commercial advantage. One example of how a European regulator has taken action is the recent ruling against Google LLC (for more information see this article). More locally, the ICO is continuing its investigation against Facebook and Cambridge Analytica – whilst the outcome of this investigation is yet to be determined, one thing is clear, these companies are now under significant scrutiny from the regulators and indeed the media. It will be interesting to see how these companies adapt their technology and procedures to enable them to continue to offer cutting edge solutions whilst acting in the confines of data protection laws.
Looking forward - AI and Blockchain
Artificial intelligence, driverless cars, the internet of things, Blockchain - these are all examples of cutting edge technologies in which personal data is used.
Blockchain, for example, has potential to transform entire industries, such as banking, logistics and healthcare and the ICO has advised that it is currently compiling guidance on Blockchain. One of its key features is that it creates a permanent immutable record of every transaction, storing personal data in the ledger indefinitely. This directly conflicts with the GDPR principle that data should be stored for no longer than is necessary.
Interestingly, in the ICO’s Information Rights Strategic Plan 2017-2021, they emphasised that they will work with tech developers and innovators to ensure privacy enhancing techniques and tools are built in to evolving technology by design. They are also keen to keep abreast of evolving technologies, enabling them to anticipate the need for guidance on particular issues. It will be interesting to see the balance the ICO tries to strike between the two competing interests once it publishes its technology strategies.
Work which DACB are involved in
DACB have a dedicated team of data protection lawyers who advise technology companies across a range of sectors – including health, retail, insurance, media and banking to name a few. Over the last couple of years, we have been working closely with these companies to help them prepare for the GDPR, running training workshops, carrying out internal audits and remediating standard policies and contracts. Some interesting projects we are involved in include:
- Working with NHS Digital on the legal aspects to the new NHS app, which enables members of the public to access their health records and book GP appointments online;
- Supporting a client who uses Facebook to collect personal information to pass on to corporate organisations who pay the individuals on Facebook to promote their products; and
- Presenting at the ICO’s “citizen’s jury” on AI.