Jan 28, 2023
4 mins read
Today is #DataProtectionDay, a day that marks the importance of treating fellow humans with respect and consideration in the Information Age.
If you thought data protection was all about form-filling and legal jargon, you might be surprised to learn the true roots and purpose of data protection law and policy - read on for enlightenment!
What IS data protection?
It’s a set of ideas that got turned into laws
That human beings have inherent value and need to have their dignity and humanity respected if they are to thrive (human rights)
That data technologies are having a profound effect on how we relate to each other
That checks and balances on the use of incredibly powerful data technologies are necessary and desirable so that useful things can be done in non-toxic ways.
Lots of them! They’re not all the same though - each one reflects specific cultural and societal interests within the region it applies to.
The big one though, is the EU’s General Data Protection Regulation (GDPR) - you may have heard of it!
It says (basically):
Make sure you have a good reason and a solid justification for doing anything with personal data
Only take and use what you really need
Check that you have the right data
Be honest with people about why you have their data, and what you will do with it
Keep personal data safe.
Delete personal data when you don’t need it any more
Don’t use personal data in ways that might hurt people
Keep a record of what you do
Is data protection the same as privacy?
Data protection specifically focuses on data (that relates to identifiable living humans); governing how it is used and why
Privacy is how relationships between Me, You, Us and Them can be managed - governing distribution of control over interactions, and the size/shape of ‘personal space’ in physical, societal, digital and other contexts.
Data protection is wider than privacy, because it requires all rights and freedoms of living humans to be acknowledged and upheld
Privacy is wider than data protection, because it doesn’t apply only to data but to all sorts of relationships and interactions between people
‘Data Privacy’ is the concept of privacy applied to the realm of data processing - this is still narrower than data protection because it only focuses on one right (privacy), whereas data protection requires all applicable rights (civil, consumer, employment, property, human, etc) to be taken into account
Data protection is about keeping information secure, right?
Kind of, yes, a bit - but there’s much more to data protection than ‘protecting data’.
In fact, you can’t possibly hope to do a good job of keeping the data and processing secure, unless you have already thought hard about:
why you want that data (purpose),
what you’re going to do with it (processing activities)
whether it’s okay to use it that way, and how to demonstrate that (lawful basis),
what data you actually need, and for how long (quality and minimisation),
which and how data subject rights apply (info, access, objection, erasure, restriction, portability, complaint); and
who’s doing what
Doesn’t data protection law just slow down innovation and create barriers to development?
You could ask the same question about health and safety laws, employment rights law, medical research ethics, or any kind of professional standards and ethics. Making good-faith efforts to limit collateral damage is the responsible thing to do.
Sure, it can be tedious and annoying to have to account for all processing operations involving personal data. It’s a drudge to be required to think, plan, monitor and check on uses of data instead of making shit up as you go along. Telling people what you’re doing reduces your opportunities to do stuff people don’t like having done to them. Keeping track of rights, objections, requests, changes and case law can be a faff. Getting rid of data that you might one day have been able to think of a use for, can be scary.
Whom do you trust to protect and prioritise your rights, safety, welfare and dignity in the absence of legal accountability, when ‘innovation’ or ‘efficiency’ could be derived from ignoring them?
Is there more to your existence than generating industrial data-mining material?
How many ways could personal data relating to you cause problems in your life if it:-
-were kept secret from you but made available to others to purchase,
-were wrong, out-of-date, irrelevant, misleading, used out of context
-were used to unfairly discriminate against you, or impose stereotyped assumptions on you
-hung around forever, stopping your most ignoble moments from ever being forgotten or forgiven
-were someone else’s property, that they could benefit from while preventing you from doing so
This is the reason data protection exists!
Wishing all my readers a joyful, rights-affirming Data Protection Day!l
(as ever; if you like reading my stuff, please consider chucking me some coins so that I can afford to spend more time writing it)