In order for our site to work, small files called ‘cookies’ have been placed on your device. These mandatory cookies do not process any personal data.
We would also like to use analytics cookies to understand how our site is used by visitors and then use this information to improve our site and the experience of using our site. The service we use is Google Analytics.
Please indicate whether or not you are happy to allow the use of these analytics cookies by selecting one of the options below. You can read more about our cookies before you choose and read our Privacy Notice to find out more information on how we use your personal data
Published: 7 January 2020
‘Data protection legislation has been around for many decades. Despite the fanfare that greeted the General Data Protection Regulation (GDPR) in May 2018 (and it was beyond doubt a hugely significant step), at its heart, the new Regulation is similar in shape and form to its predecessor. But we continue to be faced with a problem. This problem is not one of new principles but of a new environment. Data has taken on a new life in recent years and we are struggling to keep up. The speed of technological change in this digital age means that the culture and norms that inform our attitudes and behaviours have insufficient time to evolve. So it is therefore unsurprising that, despite its relatively long history, there remains much that is misunderstood and misinterpreted about the legislation; its origins, its aims, and the legal and ethical principles which underpin it.
There does, however, seem to be change in the air as we are being increasingly exposed to the often shocking reality of the scale and impact of data use and misuse. The crucial role of public discussion; feeding better awareness and understanding of what good data protection means, cannot be overstated. All parts of society have a part to play, but as with so many other areas of our lives, journalists do perhaps shoulder a greater responsibility.
I was reading this article about the GDPR in the Financial Times recently (which in itself must be welcomed, data is as much a financial issue as it is legal and social). The article itself was well-written, as you would expect, and it highlighted a number of important areas such as wider privacy harms of certain processing, and some of the innovative developments in areas such as data trusts. But I was struck by how persistent the notion is that the law is a clinical tick box exercise, an administrative burden and something you can almost wash your hands of as long as you can evidence some sort of consent from the individual or individuals concerned. It is easy for data protection professionals to be judgemental and critical in the face of misunderstandings or misinterpretations. But if data protection is to be better understood and embraced, we need to be part of a cultural shift towards enlightened compliance rather than tick box approaches. Part of that requires us to try and rebalance the conversation, not to criticise but to inform. With this fresh in my mind, I wrote the letter below to the FT, which they published on 3 January.’ (reproduced here with their permission).