It’s 2017 and data is being generated at an extraordinary rate. There are so many new types of information being gathered, it’s difficult to keep up. Everything from our GPS trackers and DNA profiles to IP addresses is up for grabs.
What’s more, this vast amount of personal information can now be processed and used in very sophisticated ways. Ways that affect our rights.
Ok, agreed, there’s lots of data. But surely that’s a good thing?
Image Credit: RawPixel.com / Pexels
Well, yes, data is enormously valuable. It can help us to build new tools and gain new insights that are good for people and good for the economy.
But the flip side is that all this personal information can lead to intrusions and interferences with people’s private lives. That can be distressing and damaging for individuals. It can give those who are in control of data a power over people in a potentially dangerous way for society and democracy. Even more so if there aren’t proper protections in place.
That’s where human rights come in?
Image Credit: Stokpic / Pexels
Exactly. It’s vital that data protection laws are underpinned by a respect for fundamental human rights. That’s because the storage and use of personal information should be at the service of people. To ensure this happens, data protection laws should take into account people’s right to a private life, which is protected by Article 8 of the Human Rights Convention. They also need to comply with more specific rules set out in the EU Charter of Fundamental Rights, which protects personal data.
Article 8 requires public bodies to respect the private life of an individual and any information held about them. They must be able to justify storing or processing of any personal data. To be justified, any interference must both follow the law and have a valid purpose (there’s an exhaustive list). It must also meet a pressing social need in a way that’s proportionate. In addition, the Human Rights Convention provides that governments have a duty to ensure that national laws provide adequate protection for personal data more generally.
Have these rights really made a difference?
They have. Time and again, and in many contexts. This can be seen from the Human Rights Court’s extensive docket on data protection-related matters. For example:
- Human rights have protected a woman whose medical data was collected under powers in an insufficiently clear law.
- Human rights have required adequate and effective safeguards to prevent abuse of states’ spying powers while recognising the need to counter terrorism.
- State authorities have been held to account for their use of blanket mobile phone interception devices, and the phone-tapping of lawyers and the recording of prison visiting room meetings has been prohibited.
There’s much more of this difficult and vital work. For example, the Court has reviewed employers’ monitoring of their employees’ computer use. It has ruled on the storage, use, disclosure, and access to personal data in a wide range of situations, from criminal justice to healthcare and insurance. This has extended, for example, to individuals wishing to know the identity of their biological parents. In that context, human rights laws balance the right of access to information necessary for a person to understand their childhood development against third party confidentiality.
How does UK law currently reflect these rights?
Image Credit: Pexels
In the UK, the Data Protection Act 1998 is the principal piece of legislation governing this area. It implements the current EU Data Protection Directive. The UK also has an independent Information Commissioner who is responsible for promoting and enforcing the Act. These laws are underpinned by the Convention right to private life and (insofar as UK law implements EU law) by the EU Charter rights to private life and protection of personal data.
And what’s next?
There’s significant change on the horizon. The EU is bringing forward big new laws in this area, including the new General Data Protection Regulation, which will become law across the EU from from 25 May 2018. The UK is responding to this and implementing it by bringing forward the UK’s own new data protection bill. This will introduce new rules on data access, data portability, and the right to be forgotten, among many other things.
And then, of course, there’s Brexit, which will also affect how the UK’s law in this area develops, including the extent to which it’s underpinned by human rights principles. That’s because it looks likely that the EU Charter, with its right to protection of personal data, will fall away after Brexit. If that happened with no compensating adjustments, it would be a significant weakening of the protections UK citizens currently enjoy.