Decades ago cynics held the view that you shouldn’t say anything over the phone that you wouldn’t want repeated over tea at the local telephone exchange. Similarly, you wouldn’t put anything on a postcard that you wouldn’t read aloud to the neighbours.
When we converted our conversations to binary code a lot of that caution fell by the wayside. While most of us don’t suffer the same level of naivety about online privacy as the four British judges who reportedly perused porn on their work IT systems, are we completely certain about the benign nature of the algorithims running behind the shiny screens of the latest new smart-tech devices these days?
It is easy to be lured by the promises of wearable tech, helping us hone an athletic physique, alert us to the latest Z-list celeb’s social media musings and even improving our sleep patterns. Yet on the back of this data deluge, are we paying enough attention to those who will now have access to an increasingly detailed profile of our health, wealth and every move? Are we confident that those organisations are in a position to securely store that information from prying eyes and will not abuse the power that comes from banking all this data? Are we sure the governmental organisations set to oversee these systems have the requisite bite?
And what about the involvement of governments in illicitly harvesting our data in the first place? Last week, a report by the British committee tasked with overseeing its intelligence agencies – an 18-month inquiry prompted by revelations of Edward Snowden – found that British agencies had amassed datasets containing personal information about a wide range of people, varying in size from hundreds to millions of records. Alarmingly, it found there is no legal constraint on storage, restraint, retention, sharing and destruction of this data.
It reiterated that information contained in the bulk personal datasets is not necessarily gathered by the agencies, implying it may have been harvested by either commercial organisations or other government agencies for other purposes, and then handed to the intelligence agencies.
This backs up claims by Snowden that the NSA and GCHQ piggyback on the work of many technology companies, such as Google’s cookies, to track individuals.
Digital surveillance
Last year’s UN Human Rights Commissioner’s report,
The Right to Privacy in the Digital Age
, noted “strong evidence of a growing reliance by governments on the private sector to conduct and facilitate digital surveillance”.
On every continent, governments have used both formal legal mechanisms and covert methods to gain access to content, as well as to metadata. The UNHRC also expressed concern over laws requiring companies to make their networks “wiretap-ready”.
The House of Commons report was published in the same week that European Union ministers moved to update our ageing data protection rules, last overhauled in 1995, when mobile phones and internet technology were in their infancy.
Needless to say, such amendments are contentious, caught between the interests of US multinational tech giants such as Google and Facebook with headquarters on this island, and advocates – both at organisation and State level – who recognise that data privacy is a high-profile public concern, particularly on the back of the NSA revelations.
It is an issue that should also be front and centre in Ireland, given that we are home to headquarters for 29 out of 30 of the world’s largest data firms. That makes the Irish Data Protection Commissioner (IDPC) a heavyweight player in regulating data issues for those companies’ operations throughout the EU.
Failure to regulate
It is also perhaps understandable that data privacy advocates seem to harbour qualms about the rigours of our regulatory approach. Mention of Ireland and regulation also invariably invokes references to the way we oversaw our financial institutions. The failure to properly regulate that sector contributed to what central bank governor Patrick Honohan estimates to be a bill in the region of €100 billion to Irish society.
Next Monday the European Court of Justice is due to hear a referral from Dublin on foot of a privacy case taken against the DPC by Austrian privacy campaigner Max Schrems.
The focus of this case is the transfer of personal data from Europe to the US and at stake is the current deal between the EU and the US under the so-called Safe Harbour principles. The outcome of the Schrems case may have enormous implications for how and where our data is managed across jurisdictions.
So far anecdotal evidence suggests the Irish public is more concerned with whether the new Apple Watch is worth the wait or whether they should opt for a FitBit. Yet given the backlash over Irish Water’s collection of PPS numbers, the public is slowly realising the price we pay when we hand over our data in return for services. This awareness is likely to grow when the introduction of postcodes helps private and public bodies build ever-more detailed profiles of individual Irish households.
It is in everyone’s interest – and the national interest as well – that we pay far greater attention to those who have access to our burgeoning feed of data, what they hold and who they share it with.
Privacy is a recognised fundamental human right and not worth sacrificing for the sake of being able to constantly monitor your pulse. A little old-fashioned Irish cynicism is what is needed right now. The Big Read on Big Data – Irish Times Innovation e-mag (http://innovation.mag.irishtimes.com/)