Data in the News
Here's our monthly round up of some of the top articles on personal data and data protection ...
A test version of the NHS's coronavirus contact-tracing app has been published to Apple and Google's app stores. Council staff and healthcare workers on the Isle of Wight will be invited to install it on Tuesday, ahead of a wider roll-out on the island on Thursday.
Project chiefs have said their so-called "centralised" approach gives them advantages over a rival scheme advocated by the US tech giants and some privacy experts.
But fresh data protection and privacy concerns have been raised. Apple, Google and hundreds of privacy advocates have raised concerns that this risks hackers or even the state itself being able to re-identify anonymised users, and thus learn details about their social circles.
Almost two years on from the birth of GDRP, is personal data really better protected?
In the run-up to GDPR’s implementation, the prospect of it seemed to scare the wits out of companies and organisations large and small. It was a gold mine for legal and data-protection consultants.
Even small community groups were terrified that their email list would get them into trouble because they hadn’t explicitly asked every individual on it for their approval.
The GDPR conferred formidable powers on the data protection authorities (DPAs) of EU states, including the power to impose fines of up to 4% of a company’s global revenues. But so far the number of fines levied has been minuscule.
According to John Naughton, writing in The Guardian, we’re faced with a paradox: on the one hand, there’s massive abuse of personal data by a global data-broking industry; on the other, we have a powerful legal instrument that is not being brought to bear on the abusers. How come? Is it because national DPAs are corrupt? Or indolent? Or just plain incompetent? The answer, it seems, is none of the above. They’re simply overwhelmed by the scale of the task – and lamentably under-resourced for it.
Heightened vigilance with regard to data protection in the time of Covid-19 is needed; it has become an unprecedented challenge.
Europol's March report states; “Criminals have used the Covid-19 crisis to carry out social engineering attacks, namely phishing emails through spam campaigns and more targeted attempts such as business email compromise (BEC). There is a long list of cyber-attacks against organisations and individuals, including phishing campaigns that distribute malware via malicious links and attachments, and execute malware and ransomware attacks that aim to profit from the global health concern.”
The UK Data Protection regulator, the Information Commissioner’s Office, has picked up on the need for heightened vigilance of such attacks too and has issued guidance to individuals but I note that staff too should be reminded of the risks posed by cybercrime to both company confidential information and personal data controlled by their employer.
The National Cyber Security Centre suggests the preparation of training guides for staff, particularly on how to report problems and the need for prompt action, if an incident occurs
In light of the current pandemic the Information Commissioners Office (ICO) has announced that it will relax enforcement of data protection laws throughout the pandemic. Information Commissioner Emily Denham explained: “Against this backdrop, it is right that we must adjust our regulatory approach.
“Our UK data protection law is not an obstacle to such flexibility. It explicitly sets out the importance of my office taking regard of the general public interest, and allows for people’s health and safety to be prioritised without the need for legislative amendment.
“A principle underpinning data protection law is that the processing of personal data should be designed to serve mankind”.