law

Data protection refers to the protection of the privacy and personal Information of individuals. Personal data is any information that relates to or identifies individuals, directly or indirectly. This includes data such as location, genetic, cultural, social etc. The aim for data protection is to govern how this data is collected and processed. Following the development of social media and other platforms of communication, it is important that data is used correctly.

The Data Protection Act 2018 replaces the 1998 Act and is the UK’s implementation of the EU General Data Protection Regulation (GDPR) which came into force may 2018. This is the new framework on the protecting and free movement of such data. The recent reformation of the Acts demonstrates the way in which the growth in technology has required such statutes to keep up to date and relevant.

This can be show through development of the statutes and the changes to the main principles of the 1998 Data Protection Act to the 2018 Data Protection Act.

• Lawfulness -The data had to be fairly processed and lawfully and subject to conditions whilst new legislation adds that the data subject must also be transparent
• Purpose -Personal data had to be obtained for one or more specified and lawful purpose and not be further processed in any other way. Whilst it is now required to also be a specified, explicit and for a legitimate purpose.

• Data minimisation - The data itself was required to be adequate, relevant and not excessive, whilst now required to be limited only to what is necessary

Other changes include the right to be forgotten or the ‘Data Erasure’ allowing individuals to have more control other their data in terms of third-party use and distribution of the data. This is mentioned in art. 7 of the act in relation to withdrawing consent and the data  no longer being relevant to its original purpose. These are to mention a few.

A recent case indicates the importance for such changes to the law namely the Facebook and Cambridge Analytica data scandal. Both compnies were under investiagtion in relation to the harvesting and use of personal data.
The data had been taken from a third-party app in 2014 in Facebook whereby users were asked to take a quiz to find out their personality type, data was then obtained from the quiz users as well as from their friends, an estimated 50million users were affected.

The commission considered the personal data was unfairly processed, and in breach of the first data protection principle set out in the DPA.  The Information Commissioner’s Office fined Facebook £500,000 for the breaches.

This demonstrates how data protection is an ethical issue as it involves individuals right to privacy and use of their personal information. Data is sensitive, and can cause vulnerability to individuals who become identifiable when data is unlawfully processed or obtained. Increases in social platforms make data harvesting easier due to the increase of methods to extract data from individuals thus it is important that  law reforms are tougher in order to tackle the way data can be used by companies as well as protecting individuals from harm.