The massive change in the ways that data is collected, stored and processed in the digital age poses great risks to our right to privacy and control our data. Our data is at the centre of many online businesses.
Privacy is a fundamental right for a very strong reason. It is essential for individuals to have control of their personal lives and to be free from invasion and surveillance in order to feel free from threat, particularly from the state. Our freedom of expression relies on privacy. When privacy is removed, so is the ability to speak and associate freely.
In the digital age, the right to control our data is also fundamental to balance our power as individuals against the power of the many companies we contract with. Sometimes this means being able to correct mistakes that might threaten our ability to get a loan; sometimes it mean the right not be surveilled in the workplace. At other times, it means stopping companies from sharing or exposing information about us for their own benefit.
Yet the UK’s privacy laws particularly are broken. The Data Protection Act is not even compliant with EU law. And private sector interception is virtually unregulated.
ORG is working to make sure that our privacy and data protection laws work in favour of the UK’s citizens.
ORG’s work: intercept modernisation
The new government seems to be on the same course as Labour, to extend ‘data retention’ towards a new model requiring Internet Service Providers to intercept our daily email and web traffic to record who we appear to be communicating with. This would mean BT or Virgin recording who you chat with on Facebook. This extraordinary and highly expensive scheme would breach our fundamental right to privacy for no quantifiable reason. You can sign our petition.
ORG’s work: Data Protection Act
Our privacy laws will be reshaped, perhaps fundamentally, over the next couple of years. Last year, the EU began a review of the Data Protection Directive, and the UK has held an evidence-gathering consultation. ORG responded to this, and contributed to EDRi’s submission to the EU. We will be working to ensure the EU proposes a high level of protection to citizens, with new safeguards and means to ensure enforcement of our rights when they are breached.
ORG’s work: Phorm and RIPA
ORG and other privacy campaigners are still working to see proper regulation of intentional interception on private sector networks. The Phorm case – which involved interception of people’s web traffic to create advertising profiles – was not legal, as it did not seek the consent of both receiver and sender of the communications. Add to this that trials of 10,000 customers took place without anyone’s consent or knowledge, and that no prosecution ever took place. The European Union is still threatening legal action over the regulatory gaps. ORG wrote to UK Minister Baroness Neville Jones and forced the opening of a government consultation over the legal changes that are needed. We do not expect the proposals to answer the problems.