can we keep your data please?
DESCRIPTION
Presentation from BILETA 2011TRANSCRIPT
‘‘Can we keep your data Can we keep your data please?’please?’….and other necessary questions….and other necessary questions
Paul Bernal – University of East AngliaPaul Bernal – University of East Anglia
Personal data on the Personal data on the internetinternet
Massive amounts are heldMassive amounts are held
Current commercial models rely on itCurrent commercial models rely on it
The data that is held is vulnerable – The data that is held is vulnerable – and may be increasingly soand may be increasingly so
The existence and use of that data is The existence and use of that data is something that concerns people – and something that concerns people – and rightly sorightly so
It’s our data, isn’t it??It’s our data, isn’t it??
Personal data in the new Personal data in the new internetinternet
The Google/Facebook modelThe Google/Facebook model
Behavioural trackingBehavioural tracking
Commercial data gatheringCommercial data gathering
The market in personal dataThe market in personal data
Government/private sector Government/private sector cooperationcooperation
Data vulnerabilityData vulnerabilityPhysical loss – e.g. HMRC/MOD data lossesPhysical loss – e.g. HMRC/MOD data losses
HackingHacking
Vulnerability to government action:Vulnerability to government action:Subpoenas, USA PATRIOT act, Data retentionSubpoenas, USA PATRIOT act, Data retention
Swiss banking data/Chinese Google hackersSwiss banking data/Chinese Google hackers
Commercial vulnerabilityCommercial vulnerabilityT-Mobile data-selling scandalT-Mobile data-selling scandal
Changes of ownership etcChanges of ownership etc
LeakingLeakingFor good reasons.. (Wikileaks??)For good reasons.. (Wikileaks??)
……and bad (ACS: Law??)and bad (ACS: Law??)
What can be done?What can be done?
Systematic culture change – emphasis Systematic culture change – emphasis on data securityon data security
More powerful, better resourced and More powerful, better resourced and better supported data protection better supported data protection systemssystems
Better use of technological protection – Better use of technological protection – encryption etcencryption etc
More community awareness of the issueMore community awareness of the issue
But there will always be But there will always be problems:problems:
Human errorsHuman errors
Human maliceHuman malice
Technological errorsTechnological errors
Community pressuresCommunity pressures
New technological and business New technological and business ideasideas
The only way for The only way for data to be truly data to be truly
safe….safe….
….is for it not to exist
Data minimisationData minimisation
Already a principle within data protection, Already a principle within data protection, but one that is effectively paid only lip-but one that is effectively paid only lip-serviceservice
It needs to be better enforced – both better It needs to be better enforced – both better detected and more harshly punished. detected and more harshly punished.
Punishment for data protection breaches Punishment for data protection breaches are generally for losses or inappropriate are generally for losses or inappropriate processing, not for failures of data processing, not for failures of data minimisationminimisation
Needs to be put more in the hands of the Needs to be put more in the hands of the data subjectsdata subjects
New business modelsNew business models
The drive behind the current web model has The drive behind the current web model has been the business concepts of Google and been the business concepts of Google and FacebookFacebook
New business models could bring about new New business models could bring about new changes – but how to get them to happen?changes – but how to get them to happen?
We need a change in assumptions – that unless We need a change in assumptions – that unless you have a strong NEED to hold data, you you have a strong NEED to hold data, you should not hold that datashould not hold that data
Data holders need to ask ‘Can we keep your Data holders need to ask ‘Can we keep your data please?data please?
……..and respect the answer!..and respect the answer!
A right to delete?A right to delete?
Currently it is the business that decides Currently it is the business that decides whether data should be held, whether data should be held, anonymised or deletedanonymised or deleted
If that decision is put in the hands of If that decision is put in the hands of the data subject, businesses would the data subject, businesses would think twice before using business think twice before using business models that rely on the data being heldmodels that rely on the data being held
Instead, they might look for ways to use Instead, they might look for ways to use the data immediately, then discard itthe data immediately, then discard it
A right to delete?A right to delete?
Not the same as a ‘right to be forgotten’ – Not the same as a ‘right to be forgotten’ – qualitatively differentqualitatively different
‘‘Forgotten’ is an emotive word, the right Forgotten’ is an emotive word, the right can be misunderstood, and opposed can be misunderstood, and opposed unnecessarilyunnecessarily
This is not re-writing history, or This is not re-writing history, or restricting journalistsrestricting journalists
Not a tool for the rich and powerful to Not a tool for the rich and powerful to retain their power – though that risk is retain their power – though that risk is always presentalways present
A right to deleteA right to delete
A change in paradigm. The assumption is A change in paradigm. The assumption is that data can and should be deleted if the that data can and should be deleted if the data subject wants it, unless there are data subject wants it, unless there are pressing reasons the other waypressing reasons the other way
The right needs to be made easily applied The right needs to be made easily applied – access to data and then the ability to – access to data and then the ability to delete it directly on the webdelete it directly on the web
Part of a shift in the nature of data Part of a shift in the nature of data protection – putting the focus on the protection – putting the focus on the rights of the individual, not on the rights of the individual, not on the obligations of the data controllersobligations of the data controllers
When can data be held?When can data be held?
Paternalistic reasons – for the benefit of the Paternalistic reasons – for the benefit of the individual (e.g. medical data)individual (e.g. medical data)
Communitarian reasons – for the benefit of the Communitarian reasons – for the benefit of the community (e.g. criminal records)community (e.g. criminal records)
Administrative or economic reasons – for the Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)benefit of society (e.g. tax records, electoral rolls)
Archival reasons – for a good, accurate and useful Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British historical record (e.g. newspaper records, British Library ‘right to archive’)Library ‘right to archive’)
Security reasons – for national security or criminal Security reasons – for national security or criminal investigations (e.g. data retention laws)investigations (e.g. data retention laws)
Business Business reasons….reasons….
….are not enough
Deletion and anonymisationDeletion and anonymisation
Closely related – and complexClosely related – and complex
Data can relate to more than one Data can relate to more than one individualindividual
Data controllers might offer the option Data controllers might offer the option to anonymise rather than delete – but to anonymise rather than delete – but it should be the data subject’s optionit should be the data subject’s option
Anonymisation in itself is contentious Anonymisation in itself is contentious and more often reversible than people and more often reversible than people suspectsuspect
Data protection principlesData protection principles
The right to delete extends and improves The right to delete extends and improves implementation of data protection implementation of data protection principlesprinciples
First point is better data access rightsFirst point is better data access rights
Second is putting data minimisation in the Second is putting data minimisation in the hand of the data subjecthand of the data subject
Important to ensure that this right does not Important to ensure that this right does not replace the data controller’s responsibility replace the data controller’s responsibility for data minimisation, but adds to itfor data minimisation, but adds to it
ImplicationsImplications
Gives individuals more control and autonomyGives individuals more control and autonomy
Forces those holding data to justify why Forces those holding data to justify why they’re holding it – in such a way that users they’re holding it – in such a way that users understandunderstand
Encourages the development of better Encourages the development of better business modelsbusiness models
Could end up supporting individuals even in Could end up supporting individuals even in places where data protection doesn’t apply – places where data protection doesn’t apply – because the big businesses develop global because the big businesses develop global business modelsbusiness models
……and other necessary and other necessary questionsquestions
‘‘Can we gather your data please?’Can we gather your data please?’……a right to roam the internet with privacya right to roam the internet with privacy
‘‘Can we do Can we do THISTHIS with your data?’ with your data?’……collaborative consentcollaborative consent
‘‘Do you mind if we watch you?’Do you mind if we watch you?’……a right to monitor the monitorsa right to monitor the monitors
[email protected]@uea.ac.uk