2019 is still just a few weeks old.
The ink has dried on new data protection laws locally and further afield.
And every week seems to reveal a new story of organisations being held to account for not taking care of the most valuable asset they have – our personal information.
It feels like a good time to reflect on how we got here – to this world where data protection seeks to protect our human right to privacy.
Looking back we know that the thread of privacy can be traced through human history, from the ancient Greeks, all the way to the Universal Declaration of Human Rights following World War II, and on to the introduction of the EU’s GDPR.
But, privacy as a concept is a difficult thing to define. It changes over time, across cultures and religions, social groups and generations. It is unlikely that if, today, you asked a handful of people what they consider privacy to be, that you would get the same answer from any of them.
A standard dictionary definition of privacy is ‘a state in which one is not observed or disturbed by other people’.
This notion of privacy can be traced back over 2,300 years, to the Greek philosopher Aristotle’s (384-322 BC) discussions of the distinction between the public sphere of political activity and the private sphere of life relating to family.
The earliest treatises on privacy were seen in America in the late 1800s, but 1948 was a defining moment closer to home when the Universal Declaration of Human Rights was adopted which included the Right to Privacy.
As technological advances accelerated, so the legal frameworks of protection evolved. In 1980, the OECD issued guidelines on data protection in direct response to the increasing use and power of computers to process data. A year later, the Council of Europe adopted the Data Protection Convention – Treaty 108 – which was the first time the right to privacy was enshrined into law for European countries.
1995 was another important year which saw implementation of the European Data Protection Directive 95/46 which contained language and principles which will be very familiar to those with a knowledge of today’s data protection legal landscape.
Bringing us up to date, the General Data Protection Regulation (GDPR) was approved by the EU Parliament in 2016 after years of discussions, negotiations and heavy lobbying.
The GDPR came into force in May 2018 and has undoubtedly been one of the highest profile data protection legal developments in history. Its model of empowering independent regulators to oversee compliance of the legal rights and obligations enshrined within the legislation is in contrast to other models of data protection across the world. It is a model which has been reflected in the Bailiwick of Guernsey’s approach.
Implementation of the first data protection law for the Bailiwick was in 1986, a law which was replaced in 2001 in response to developments in Europe. More recently we have been one of the first to update our local legislation in line with the new GDPR standards. The Data Protection (Bailiwick of Guernsey) Law 2017 brought the protection of personal data up to some of the highest global standards and marks the start of a new chapter in the history of data protection and informational privacy, security and governance for us.
Whilst data protection laws are not exclusively seeking to address privacy in its broadest sense, they are linked to the concept of privacy for individuals in very fundamental ways.
Recent years have seen an explosion in both computer processing power and the scale of data being created. More of our lives are ‘datafied’ than ever before. If we think about an average person’s day and the data trail (or ‘digital exhaust’) left in that person’s wake it has the potential to provide an extraordinary level of detail about every aspect of their life. It is therefore impossible to disentangle serious questions of privacy from questions about what happens to our data. Questions such as: who has access to our data? What are their motivations and intentions? Can we trust them to look after our data and not use it to manipulate us or others?
In the data economy, robust data protection is essential to build the trust and confidence of consumers. In a democracy, robust data protection overlaps other fundamental rights that seek to ensure the citizen is afforded important rights and freedoms.
Much has changed since Aristotle’s time but as human beings, there are some things which, despite the dramatic changes in context, have changed very little. Considering questions of privacy as relevant to the human condition and to human happiness, associating it with dignity, autonomy and well-being – all of these things matter as much to us today as they did to the ancient Greeks.