While the law and technology tussle for the upper hand, there is much people can do to protect themselves.
Privacy is now part of the national consciousness. We talk about our ‘privacy settings’ on Facebook and are suspicious of how cold callers got our mobile number or email address. We wonder what companies do with our information and what happens if they lose it. We read about cyber-attacks, and the gathering and sharing of personal information by intelligence services. Privacy is no longer the concern of celebrities – it is an essential human right.
The phone hacking scandal and the Leveson Inquiry have inevitably by-passed a major issue: the internet and the technological reality of the modern world. From cloud computing to social media, the online world is now installed in our lives such that the online and offline worlds are hardly differentiable.
The processing and security of our data, the practical embodiment of ‘our privacy’, is the new frontier, but is it out of control? We all post, like, link-in, tweet and text. We are more willing to share videos, photos and thoughts. In internet transactions we click through terms and conditions giving our information away without a second thought while others mine, collate or intercept our data without consent. Others steal or hack information regardless of protections.
Control is key, yet regulation of our privacy in this new era is behind the times.
While the law of privacy in the UK has matured and is firmly established across traditional formats, more is needed to cope with globalisation and technological change.
Litigation is one way to develop new precedents for new problems, as are new laws. The proposed EU Data Protection Regulation seeks to harmonise law across Europe and increase the responsibility and accountability of companies in the way they process and protect data, creating obligations on corporates and potentially rights for individuals, such as the much talked about ‘right to be forgotten’ (or, the right to leave Facebook). Similarly, the proposed Network and Information Security Directive creates notification schemes for data security breaches. Individuals should be able to control their data and what others do with it.
Technology can offer quick, practical solutions that are effective in protecting both personal and corporate privacy. Ethical hacking can test for vulnerabilities and enhance security. Similarly, advising and educating ourselves is imperative to create awareness of the issues and the measures we can take to protect our privacy. For their part, companies can take steps to control access to and unlawful use of their information.
Ultimately, who sits at the controls is yet to be determined and is in constant flux as law and technology continue to develop. No one knows, but controlling our privacy is possible.
Companies and individuals need to take more notice of what personal information is available on the internet, if it should not be there, take steps to remove it. But what we do know is that as the law changes and innovations in technology seek to make gains, lawyers must be creative and open-minded when solving their client’s new age problems when it comes to the age old concept of privacy.
Originally published in The Lawyer 16 September 2013