‘‘Can we keep your data Can we keep your data please?’please?’….and other necessary questions….and other necessary questions

Paul Bernal – University of East AngliaPaul Bernal – University of East Anglia

Personal data on the Personal data on the internetinternet

Massive amounts are heldMassive amounts are held

Current commercial models rely on itCurrent commercial models rely on it

The data that is held is vulnerable – The data that is held is vulnerable – and may be increasingly soand may be increasingly so

The existence and use of that data is The existence and use of that data is something that concerns people – and something that concerns people – and rightly sorightly so

It’s our data, isn’t it??It’s our data, isn’t it??

Personal data in the new Personal data in the new internetinternet

The Google/Facebook modelThe Google/Facebook model

Behavioural trackingBehavioural tracking

Commercial data gatheringCommercial data gathering

The market in personal dataThe market in personal data

Government/private sector Government/private sector cooperationcooperation

Data vulnerabilityData vulnerabilityPhysical loss – e.g. HMRC/MOD data lossesPhysical loss – e.g. HMRC/MOD data losses

HackingHacking

Vulnerability to government action:Vulnerability to government action:Subpoenas, USA PATRIOT act, Data retentionSubpoenas, USA PATRIOT act, Data retention

Swiss banking data/Chinese Google hackersSwiss banking data/Chinese Google hackers

Commercial vulnerabilityCommercial vulnerabilityT-Mobile data-selling scandalT-Mobile data-selling scandal

Changes of ownership etcChanges of ownership etc

LeakingLeakingFor good reasons.. (Wikileaks??)For good reasons.. (Wikileaks??)

……and bad (ACS: Law??)and bad (ACS: Law??)

What can be done?What can be done?

Systematic culture change – emphasis Systematic culture change – emphasis on data securityon data security

More powerful, better resourced and More powerful, better resourced and better supported data protection better supported data protection systemssystems

Better use of technological protection – Better use of technological protection – encryption etcencryption etc

More community awareness of the issueMore community awareness of the issue

But there will always be But there will always be problems:problems:

Human errorsHuman errors

Human maliceHuman malice

Technological errorsTechnological errors

Community pressuresCommunity pressures

New technological and business New technological and business ideasideas

The only way for The only way for data to be truly data to be truly

safe….safe….

….is for it not to exist

Data minimisationData minimisation

Already a principle within data protection, Already a principle within data protection, but one that is effectively paid only lip-but one that is effectively paid only lip-serviceservice

It needs to be better enforced – both better It needs to be better enforced – both better detected and more harshly punished. detected and more harshly punished.

Punishment for data protection breaches Punishment for data protection breaches are generally for losses or inappropriate are generally for losses or inappropriate processing, not for failures of data processing, not for failures of data minimisationminimisation

Needs to be put more in the hands of the Needs to be put more in the hands of the data subjectsdata subjects

New business modelsNew business models

The drive behind the current web model has The drive behind the current web model has been the business concepts of Google and been the business concepts of Google and FacebookFacebook

New business models could bring about new New business models could bring about new changes – but how to get them to happen?changes – but how to get them to happen?

We need a change in assumptions – that unless We need a change in assumptions – that unless you have a strong NEED to hold data, you you have a strong NEED to hold data, you should not hold that datashould not hold that data

Data holders need to ask ‘Can we keep your Data holders need to ask ‘Can we keep your data please?data please?

……..and respect the answer!..and respect the answer!

A right to delete?A right to delete?

Currently it is the business that decides Currently it is the business that decides whether data should be held, whether data should be held, anonymised or deletedanonymised or deleted

If that decision is put in the hands of If that decision is put in the hands of the data subject, businesses would the data subject, businesses would think twice before using business think twice before using business models that rely on the data being heldmodels that rely on the data being held

Instead, they might look for ways to use Instead, they might look for ways to use the data immediately, then discard itthe data immediately, then discard it

A right to delete?A right to delete?

Not the same as a ‘right to be forgotten’ – Not the same as a ‘right to be forgotten’ – qualitatively differentqualitatively different

‘‘Forgotten’ is an emotive word, the right Forgotten’ is an emotive word, the right can be misunderstood, and opposed can be misunderstood, and opposed unnecessarilyunnecessarily

This is not re-writing history, or This is not re-writing history, or restricting journalistsrestricting journalists

Not a tool for the rich and powerful to Not a tool for the rich and powerful to retain their power – though that risk is retain their power – though that risk is always presentalways present

A right to deleteA right to delete

A change in paradigm. The assumption is A change in paradigm. The assumption is that data can and should be deleted if the that data can and should be deleted if the data subject wants it, unless there are data subject wants it, unless there are pressing reasons the other waypressing reasons the other way

The right needs to be made easily applied The right needs to be made easily applied – access to data and then the ability to – access to data and then the ability to delete it directly on the webdelete it directly on the web

Part of a shift in the nature of data Part of a shift in the nature of data protection – putting the focus on the protection – putting the focus on the rights of the individual, not on the rights of the individual, not on the obligations of the data controllersobligations of the data controllers

When can data be held?When can data be held?

Paternalistic reasons – for the benefit of the Paternalistic reasons – for the benefit of the individual (e.g. medical data)individual (e.g. medical data)

Communitarian reasons – for the benefit of the Communitarian reasons – for the benefit of the community (e.g. criminal records)community (e.g. criminal records)

Administrative or economic reasons – for the Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)benefit of society (e.g. tax records, electoral rolls)

Archival reasons – for a good, accurate and useful Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British historical record (e.g. newspaper records, British Library ‘right to archive’)Library ‘right to archive’)

Security reasons – for national security or criminal Security reasons – for national security or criminal investigations (e.g. data retention laws)investigations (e.g. data retention laws)

Business Business reasons….reasons….

….are not enough

Deletion and anonymisationDeletion and anonymisation

Closely related – and complexClosely related – and complex

Data can relate to more than one Data can relate to more than one individualindividual

Data controllers might offer the option Data controllers might offer the option to anonymise rather than delete – but to anonymise rather than delete – but it should be the data subject’s optionit should be the data subject’s option

Anonymisation in itself is contentious Anonymisation in itself is contentious and more often reversible than people and more often reversible than people suspectsuspect

Data protection principlesData protection principles

The right to delete extends and improves The right to delete extends and improves implementation of data protection implementation of data protection principlesprinciples

First point is better data access rightsFirst point is better data access rights

Second is putting data minimisation in the Second is putting data minimisation in the hand of the data subjecthand of the data subject

Important to ensure that this right does not Important to ensure that this right does not replace the data controller’s responsibility replace the data controller’s responsibility for data minimisation, but adds to itfor data minimisation, but adds to it

ImplicationsImplications

Gives individuals more control and autonomyGives individuals more control and autonomy

Forces those holding data to justify why Forces those holding data to justify why they’re holding it – in such a way that users they’re holding it – in such a way that users understandunderstand

Encourages the development of better Encourages the development of better business modelsbusiness models

Could end up supporting individuals even in Could end up supporting individuals even in places where data protection doesn’t apply – places where data protection doesn’t apply – because the big businesses develop global because the big businesses develop global business modelsbusiness models

……and other necessary and other necessary questionsquestions

‘‘Can we gather your data please?’Can we gather your data please?’……a right to roam the internet with privacya right to roam the internet with privacy

‘‘Can we do Can we do THISTHIS with your data?’ with your data?’……collaborative consentcollaborative consent

‘‘Do you mind if we watch you?’Do you mind if we watch you?’……a right to monitor the monitorsa right to monitor the monitors

paul.bernal@uea.ac.ukpaul.bernal@uea.ac.uk