28 January 2017 was internationally recognised as Data Protection Day, which aims to highlight to citizens the importance of protecting their privacy, and their personal data in particular.
The subject of personal data and how it should most effectively be protected is rarely out of the news. Barely a week goes by without a story hitting the headlines about data being collected, held, abused, lost or stolen, and there is often one common factor linking all those fearful column inches: a lack of understanding or control when it comes to people’s personal data.
The general public’s awareness of the importance of protecting their personal data has grown hugely over the last 20 years. News of government memory sticks going missing or the latest threatening phishing scam have drilled into us the importance of protecting our data vigilantly. We are now all very accustomed to being advised and required to create the strongest passwords possible. But whilst crucial, ensuring our data is adequately protected should only be the first step. The real key is in allowing people to feel in control.
An individual’s personal data is a valuable asset, just like their money. However, whilst we are acutely aware of the need to not just protect but also understand and control any movements of our money, people generally don’t have any concept of what’s happening to their data on a routine basis. This inevitably breeds a mistrust between data controllers (the institutions using the individual’s data) and the data subjects (the individuals). Everyone, from social media-savvy pre-teens to technology-suspicious older people, have unwittingly signed up to terms and conditions which allow their personal data to be shared widely, with each contract offering its own specific set of bewildering permission details. One piece of research suggests it would take an average person 76 days each year to read all the data contracts they were signed up to. This means the usual calls for T&Cs to be made easier to understand (and less ‘impenetrable’ as the Children’s Commissioner recently argued) isn’t enough by itself.
It seems to me that we’ve reached a point where the public, organisations and government need to engage in a renewed dialogue on the use of personal data. And that’s exactly what it needs to be; a dialogue between institutions and the public, instead of the ultimatum we are currently presented with of ‘either sign this T&Cs form or get lost’.
BCS’ network of experts tells us there are better ways to manage our data that can deliver more of both the large scale benefits and the individual control than is currently on offer. However, these require vision and collaboration, and are not yet widely understood or listened to because the matter is deemed too difficult to address.
There is so much potential public good to be unlocked by utilising the sharing and integration of data. The potential benefits in health and social policy alone are enormous, before we even touch on economic opportunities. But this potential will remain tragically unrealised until the inherent mistrust of data use can be reduced, and this fear is an inevitable consequence of people not feeling they are controlling where and how their data is being used.
Education on data protection is just the first step.
James Davies, BCS Policy Programmes Manager