It has been a busy and exciting week of conferences for me. One covered streamlining consent issues to make more data available to researchers working with machine learning and for broader artificial intelligence concepts, and another revolved around the inconsistent application of the law of confidence in the healthcare sector. These were only my 2nd and 3rd live events since the start of the Covid-19 pandemic (the first being a panel I hosted at the IAPP conference in London) but it was evident that there were a few cobwebs in my public speaking game – who would have thought that talking to a screen is not the same as confronting a live audience?
I firmly believe that safe, controlled and secure access to data can solve the challenges we are facing today and even new ones that we encounter, so please do not interpret what I am about to say as me being opposed to regulated use of data. However, in the throes of engaging in conversation with colleagues about the challenges they are facing, one of my core beliefs have been reaffirmed – that as practitioners in this Data Privacy/Protection landscape, we need to not only convince our clients about the merits of staying compliant but we also have to enlighten the public about its importance as well.
A few colleagues commented on the new proposed data protection legislation in the Queen’s (Prince of Wales) Speech, and their worries that a significant watering down of people’s data protection rights will put us in direct conflict with our closest (and biggest) trading partner, the European Union. Obviously, I concur with their worries and assessment. What strikes me as odd is this strange deviation that the UK government is willing to go on. At a time when the rest of the world is strengthening their privacy legislation, including dictatorships and quite a few US states, the UK, long a champion of upholding people’s rights and freedoms, is planning to go quite the opposite direction. Let us be absolutely clear – in a world where each person creates roughly 2.5 quintillion bytes of data each day, the right to privacy is arguably the most applicable right of our age. Of course, seeing the atrocities around the world, I am not suggesting that the right to privacy supersedes the right to life, the right not to be tortured, the right to security and so on. Of course I am not. However, the right to privacy (and I do include the right to protection of our data in the same category) is the most applicable.
So why is this retrograde step by the government bad for every single person in the land, I hear you ask. Well, first of all, the arguments around cutting red tape and removing barriers to innovation are not only untrue but they are, to quote Lord Hague, “intellectually shallow”. Speak to any respectable information governance or data protection professional and they will tell you that the current data protection legislation does not stifle innovation but ensures privacy and protection at the heart of it. Equally troubling is that a large enough divergence from the regulatory requirements of EU will not only put our adequacy decision at stake but may duplicate the level of compliance an organisation has to carry out in order to comply with both UK and EU requirements. I am sure this is not the type of opportunity, and in fact efficiency, that the ‘Minister for Brexit Opportunities and Government efficiency’ has in mind, that is of course after he stops camping out outside civil servants’ empty desks.
Given that data already affects every single one of us on a daily basis, this trend will become more prevalent and you will not have to look too far ahead before being embroiled in it. Our cousins across the big pond are already using artificial intelligence to aid in the criminal justice system, and of course those algorithms have their biases because they are trained on fundamentally biased data (what else do you expect if you don’t have a good data protection framework, USA?). I don’t mean to be a sensationalist but if an algorithm can be used to help a judge decide what sentence to hand down, and you will all agree this will have major consequences, then what makes us think that without adequate safeguards, such as the right to challenge automated decision making (again something proposed to be watered down in the new legislation), our own society is not going the same way, and perhaps further adrift.
“Get to the point!” I hear you ask. My point is simply this, that the current government may cry foul and claim that the current data protection framework is stifling innovation, which is clearly untrue (if a data protection professional tells you this, then you need to find a more capable one), but deregulation is a double-edged sword. The trade-off is simple, you may make an innovator’s life negligibly easier, though true innovators find solutions under the current status quo, however, what you’re being asked to trade is your ability to maintain your privacy and control of your personal data. We must also not lose sight of the fact that a watering down of our data protection legislation also makes it that much easier for the state to interfere in our daily lives. Therefore, let us not be “intellectually shallow” but we as privacy professionals should shoulder the responsibility of educating the wider public, in the hope that they see what we see, that a watering down of their privacy rights is something which will affect all of them on a daily basis, and that this is a fight worth fighting. So, make sure your local politicians know your views and do not condone them standing up and doing away your fundamental rights.
