Hardly a week goes by without there being some headline about security breaches on the Internet relating to personal data. Whilst the figures suggest that it is not putting people off shopping or banking online there is no doubt that people are concerned about the safety of their personal data and what it is being used for.
One of the biggest Internet names - Google - has come in for a lot of comment on the question of privacy because of the amount of data it collects about its users. This is done through the logs of a user’s searches and user responses to various adverts on the search pages which build up a profile of that user’s interests. This is obviously valuable to Google but concerns are raised because it is felt that Google does not make it clear to users how their information is being collected and used.
Google has recently gone on the offensive on the issue of privacy. Speaking at an UNESCO conference on this issue the Chief Privacy Officer of Google, Peter Fleischer, called on governments to agree a basic set of international privacy rules. Whilst in Europe we have strict data protection laws many countries have none. One of the most notable examples is the US where there is no federal privacy legislation – where there is any such legislation it is done on a state by state basis.
Whilst the idea of a global privacy law may seem sensible to give Internet users peace of mind it is hard to see how it will come about – at least in the near future. The current data protection law in the UK – the Data Protection Act 1998 – came about as a result of a European directive. The European experience of trying to get agreement on this topic shows how difficult a global agreement would be. The directive had to reconcile the position of pro-privacy countries (broadly speaking those that had experienced life under the Nazis) and those, like the UK, who saw such legislation as an additional burden on business. Implementing the directive has caused difficulties with transferring personal data to the US which led to the creation of the “safe harbour” regime that was supposed to satisfy European concerns about the lack of privacy laws in the US. This – and the recent discussions with the US government about their requirement to obtain access to airline passenger data - show how difficult it is to get agreement between Europe and the US on issues relating to protection of personal data let alone adding in other major international players.
Perhaps unsurprisingly the issue of data protection laws being a burden on trade has recently been raised by the Conservative Party. One of the recommendations coming out of their red tape review entitled “Freeing Britain to Compete: Equipping the UK for Globalisation” is reform of the Data Protection Act. The review does recognise the need for privacy laws but concludes "we are increasingly concerned about how governments and large organisations use their personal data. Nonetheless, we strongly suspect that it would be possible to reform the Act in order to reduce its burden.”
There is no doubt that businesses and politicians understand that the use (and mis-use) of personal data is an issue that is not going to disappear. Whilst government surveys acknowledge that data protection does cause a significant regulatory burden the reality is that it is an important law. Based on past experience any changes to this legislation will take a long time to implement and therefore businesses must simply continue to ensure that they comply with the current legislation. As the public become more aware of the value of their personal data taking privacy issues seriously is a must for businesses who value their customers.