Give a bit, they’ll take a megabyte: Data Protection Then and Now

Data Protection Day 2026

As the Center for Democracy and Technology reports, “In what state officials have described as a “ransom note”, the Department of Justice over the weekend reissued demands for full access to Minnesota’s records on Medicaid, Food and Nutrition Service programs […], and voter rolls”.

The request came after US Immigration and Customs Enforcement (ICE) officers murdered two members of the public in broad daylight: nurse Alex Petti and mother of three, Renee Good. Earlier this month, the same agency issued a request for information “to better understand how the industry’s commercial Big Data and Ad Tech providers can directly support investigations activities”.

Information has always played an important role in social organisation and control. On World Data Protection Day, we remember why the protection of our data rights has never been as important.

People vs. Power: A History of Data

In ancient Rome, every citizen had to respond to the census and give their name, status and, most importantly, the assets and possessions they owned. This gave the censor, the most feared magistrate in the republic, the power to determine how much taxes you had to pay, to lower your social status, or to strip you of your citizenship.

Surnames were shaped according to how society needed to identify you – you might be named after your father in a rural society, and after your professional association or ‘guild’ within a town. British passports still contain the King’s request “to allow the bearer to pass freely without let or hindrance”. Passports were meant to identify you as a good fellow in the graces of your sovereign. In turn, the authorities’ power over issuing, withdrawing or seizing a passport gives them considerable power over you.

Nazi Germany used IBM punch-cards machines to sift census data and extract the names and addresses of everyone who identified as Jewish.

In 1967, Westin Alan wrote Privacy and Freedom, taking stock of how the advent of computers and databases could hand over unaccountable power to state authorities and threaten freedom.

In 2000, the Charter of Fundamental Rights of the European Union enshrined data protection as a fundamental right. Stefano Rodotà, one of the author of the charter and a leading figure in European data protection law, explained this choice with the concept of habeas data. In his view, Information Technologies meant the need to extend the reach of constitutional rights to our ‘electronic body’ just as much as the habeas corpus, first enshrined in Magna Carta, protected the inviolability of the physical body against imprisonment and torture.

This concept found its codification almost two decades later. In 2013, Edward Snowden revealed to the world that the US National Security Agency (NSA) had been weaponising the American tech stack by conducting global mass surveillance programmes.

In 2014, the Court of Justice of the European Union established in Google Spain that the right of data protection prevails over corporate interests. In 2016, EU policymakers approve the General Data Protection Regulation. Under the threat of heavy fines, the new law promised to give Europeans control over their personal data – their ‘electronic body’ and to ensure that “the processing of personal data should be designed to serve mankind”.

The Digital Citizen: New Threats Dawn

What a computer says about you can: screw up your A-level results; get you prosecuted by the Post Office, or imprisoned for a fraud you never committed; get you fired by your employer; or get your benefits withdrawn because of a flight you didn’t take. As ORG’s research has shown, if you live in the UK and your name appears in a PREVENT database you might be denied access to education and other significant life opportunities.

While the GDPR may have not delivered in full, the importance of its promises cannot be overstated. Data protection means having control over what data governments and companies have about you, the power to ask for a copy of it, to demand corrections, to have a say over how others are using it. This is why data protection plays such an important role in today’s society – and why it’s a political battleground for those who seek to bring society backwards.

The new wave of criminalisation of abortion in the US has seen attempts to buy online advertising data to expose women exercising their reproductive rights. Trans-exclusionary activism in the UK has embraced data activism, including an attempt to require public authorities and digital verification services to always record the sex at birth of individuals.

The so-called Department Of Government Efficiency (DOGE) has attempted to seize extensive access to US government databases, and the Department of Justice has tried to seize access to voter rolls to “bring back law and order” and “clean” them from ineligible voters. Meanwhile, ICE is on a spending spree of surveillance technologies: Amazon has given ICE access to Ring doorbell’s cameras, and Palantir is providing a mapping platform which include names, photos, dates of birth, and US government Alien Registration Numbers, to identify deportation targets.

UK Data Protection: Time to Course Correct

One of the most famous act of the Normans, after the conquest of England in 1066, was the establishment of the doomsday book. As the name suggests, the function of that book – leveraging information to establish rule over the newly colonised England – was well understood and feared. The same mass surveillance companies that are corroding US democratic institutions are also collecting data about us here in the UK, and the doomsday book is a useful reminder of what this means for our freedom.

On this World Data Protection Day, we have weaker data rights in the UK than we did a year ago.

The government’s reform of the GDPR means we now have less control over how algorithms and AI are used to make decisions about us; our data can always be shared to answer to a request from an authority; and the police can access records without having to record why. This law has paved the way for a future Reform government to legalise DOGE-style data grabs, by giving ministers arbitrary and unaccountable powers.

As US tech corporate interests encroach UK and European digital policies, UK institutions are also showing signs of degradation. A year ago, the government ousted the chair of the Competition and Markets Authority to appease US tech behemoths and their interests, replacing him with a former Amazon boss. Six months ago, the Information Commissioner’s Office (ICO) didn’t blink twice before supporting Meta’s ‘consent or pay’ policy, a glorified extortion scheme where UK residents are required to pay a subscription to have their right to data protection respected. But they decided not to formally investigate the most serious data breach in UK history, after the Ministry of Defence leaked a spreadsheet containing the details of over 19,000 people who were fleeing the Taliban.

In the United States they are finding out the hard way that the existence of a mass surveillance industry is incompatible with freedom and democracy. We may think that things are not so bad over here but we really cannot afford to be complacent. This data protection day is our opportunity to learn from their experience, start to fight back against this emerging dystopia, and stand on the right side of history.