The current uproar around various facets of data collection and use – be it "the right to be forgotten" or the emergency data legislation being considered by David Cameron – is divisive to say the least.
If your only source of information is the mainstream press, you’d be forgiven for thinking it comes down to two immiscible sides of an argument. On one side there’s the posited right for governments and people to access whatever information they need, whenever they need it. On the other side are those who believe that they have an absolute right to privacy, whatever the threats governments say we’re facing.
In truth, as is so often the case, it’s a little more nuanced than that.
Data has established itself as an empirical record of everyday human activity. It can be a record of our interactions with people, our movements and to some extent our behaviour. Data can be immensely useful in understanding our collective needs and desires. Analysis of such data can enable businesses to adapt to changing consumer behaviour and offer smarter more intelligent solutions to increasingly difficult problems.
Much of this data is collected in good faith. Retailers’ loyalty card schemes work because in return for allowing retailers access to the contents of consumers’ shopping bags (which gives them incredible insight into how to offer better service) customers receive special offers on the things they like and money off their shop. There’s a transparent quid pro quo. It’s a cynical mind which finds any threat to personal privacy in such transactions. Indeed, in terms of day to day use, most consumers are all too happy to share their purchases and favourite products in return for a more tailored individual service and tangible benefits.
If David Cameron has his way, many firms would have to retain data on their customers for up to 24 months, a length of time which for many consumers feels less like policing and more like blatant Big Brother snooping. The goodwill of the status quo between companies and consumers could be irreparably damaged. To me, the most striking thing about this knee-jerk reaction is how this potential damage has been so overlooked. Telecoms firms might have to hand over the content of calls, texts and emails if they’re handed a warrant signed by a senior government minister. The move overlooks the potential collateral damage to the mindset of law-abiding citizens. It’s all well and good claiming to protect consumers on the basis of national security, but if you erode their faith in commercial organisations’ duty of care to protect their data, you’ll end up with consumers armed with digital pitchforks screaming ‘whatever next?!’
To be frank, the Government is once again showing itself to be utterly disconnected from the real world and how the data world works in practice. It is impossible not to support their desire to protect citizens from the threat of terrorism but let's at least try to do so in a way that isn’t going to be subject to a raft of law suits from politically motivated and funded legal challenges.
The fact is that the European court threw out the original legislation, which the emergency data legislation replaces, because it was judged to be 'unlawful'. One of the core principles of our own Data Protection Act is that data kept on individuals must remain 'relevant'. I doubt that even the most loquacious of barristers would be able to prove that retaining this information for a period of 24 months could ever be classed as relevant without good reason.
This is where the sides of the argument really collide. The EU court has classed the storage of data for that length of time as being unlawful, yet the prospective new EU data protection regulations being foisted upon us in the next few years holds at its core a wonderfully EU-esque term of "the right to be forgotten". Simply put, a consumer’s ability to say to company ‘you must delete everything you have on me’.
The battle between the idea of a Government granting itself access to detailed information on consumers through an opaque process with even less clear Judicial oversight alongside the EU’s cuddly idea of ‘the right to be forgotten’ is surely only the beginning of a long, protracted regulatory war between privacy and security.
Consumers – through no fault of their own – are often worryingly misinformed about the incredible things data is doing to improve the quality of the products and services companies can offer them.
On the whole, commercial organisations do a great job of protecting their customers’ data. It’s in their best interests that consumers trust the company enough to share personal data. The Government has to show a little more responsibility to not undermine that trust.
Mark Roy is Chairman of the DMA Data Council & Founder of The Data Agency