show image

Jim Killock

Executive director, Open Rights Group

Why the data protection bill must be amended before it becomes UK law

Facts about us are shared, collected and sold without our permission. The essence of who we are, what we believe and the relationships we sustain are viewed as commercial property, from which money is to be made.

That’s a statement of the obvious. Perhaps it is now just a trite, throwaway fact for many politicians that somehow the public have agreed to this, by signing up to the surveillance economy, with its Facebook profiles and Google ads. Didn’t we realise? Well, whose fault is that.

The data protection bill is meant to give people more control over their data, so they can access it, download it and delete it. If a company abuses its relationship with you, then you have a better way of severing it. As Matt Hancock, government minister says:

“With the increasing volumes of personal data there is an increasing need to protect it.”

There are fines of up to 4 per cent of global turnover when companies break the rules. Privacy and consumer organisations can represent you when you make a complaint, if you let them. But this leaves a big problem: how many people will be prepared to complain, and will they always know that their rights have been abused?

For instance, many elderly people were a few years ago effectively under harassment from charity marketers. It’s very probably that those people will not have wished to complain about these charities, through a combination of frailty, guilt and fear of engaging with complicated legal processes.

Children, too, are incredibly open to abuse of their data by marketers, profilers and the rest: but are also almost certain to never complain.

For adults, there are some obvious situations where you might not want to complain, for fear of drawing attention to yourself. Perhaps an employer pushes intrusive workplace surveillance, that draws information from your activities at home. Or perhaps a pornographer leaks your credit card details to the world.

That’s the problem with privacy complaints: they can represent a further breach of your privacy, which you’d rather do without.

Sometimes complaints will be hard because your data has been pseudonymised and passed to a third party. Perhaps a third party has a leak, and you had no idea they held your data.

That’s the other problem with data privacy: it is incredibly hard to know what is going on, so how will you know you need to complain?

Fortunately there is an easy solution, which is to allow consumer and privacy groups, such as Open Rights Group, to complain to the Information Commissioner’s Office directly. The model already exists, in competition law. Which? for instance can complain about attempts to rig the market without having to find lots of consumers to make a legal challenge.

In the week of December 12, the Lords will get the chance to vote for greater enforcement of data privacy, through allowing consumer representative to take complaints directly. The government should take this opportunity to improve their legislation and meet their own goals.

Jim Killock is the executive director of Open Rights Group