The Data Protection Bill is going to be an important step forward for your rights in this area – it brings the European General Data Protection Regulation into UK law, but the government have stripped it of a vital protection (Article 80(2)) and added an exemption for political parties – which make it a far smaller step forward than it should be.
Article 80 deals with redress, that is to say how you can get your revenge on companies that misuse your data – it has two clauses, one that lets you instruct an organisation, like ORG or Which?, to take on your case, and hold that company to account. That’s a mandatory part of the GDPR, but part two is optional.
This is the section that would allow an organisation that noticed bad data protection practices to hold the company in question to account without first having to find someone who had been affected.
Do you know if you were one of the people affected by Facebook’s relationship with Cambridge Analytica? Because if the answer is no, then organisations will find it that much harder to hold companies to account.
It doesn’t need to be this way, this style of protection already exists for other consumer issues, such as in Finance or Competition. As recent events have made clear a similar protection in data protection is vital. The Government have insisted that, it will be fine Article 80 (1) will be enough but that is categorically untrue.
By refusing to strengthen your data protection rights the government are making a conscious decision to make holding companies like Facebook to account harder.
Political Party Exemption
It gets worse – the government is also seeking to make political parties exempt from the rules. The Bill contains an exemption which allows political parties to process data revealing people’s political opinions if they are necessary for the purpose of organisation’s political activities.
This isn’t a new provision (it existed in the Data Protection Act 1998), but it hasn’t been updated since 1998. The world has changed, but this provision doesn’t acknowledge the massive shifts in technology.
This allows parties to take part in Cambridge Analytica style profiling and targeting of your political beliefs using all kinds of third party data without your explicit consent or knowledge.
As elections become increasingly data-driven we need more and better protections, not increasingly outdated ones, that fail to recognise the changing risks our democracy faces.
The Data Protection Bill is a huge opportunity to reign in companies like Facebook, and to ensure stronger data protections that are more able to deal with the world as it is now. But, as it stands, it is being wasted.