The date of the annual Data Protection Day (28th January) doesn’t change but the world has changed considerably since 28th January 2020. The impact of COVID-19 on communities and families as well as businesses and the non-profit world cannot be overstated. Many would ask whether it’s possible to return to life as we knew it pre-pandemic.
What a world of social distancing and tiers has made abundantly clear is that we are relying on technology more than ever before. Technology underlies the apps many of us have begun using (whether the NHS Covid-19 app or a COVID Symptom tracker) as well as the online educational platforms lots of children now use daily as part of home schooling. Likewise, innovative new ways of connecting with audiences, customers or members online have emerged as organisations have sought to retain the relationships with their constituency in a virtual world using Zoom or Teams (other video conferencing platforms are available!).
Additionally, collecting data on people’s location and their health has become more widespread in response to managing the risk of transmission. So, individuals have completed questionnaires on their symptoms, confirmed recent travel arrangements or provided their contact details to hospitality venues in order to protect others. Employers have had to adapt to new ways of working and monitoring their employees in response to the pandemic.
With an increase in reliance on technology and data, there is inevitably an increase in data protection issues. Understandably much of the day to day focus has been on managing the risk of infection, protecting the vulnerable and shielding the public health and social care sectors so they can deal with the demands they are facing. Data protection compliance can seem more of an inhibitor or burden in the face of the global emergency we are living through.
Data Protection Day, however, is a reminder that all individuals have a right to privacy and to be treated with dignity and respect. Its purpose is to raise awareness amongst individuals and organisations of data protection law and the rights individuals have. This includes limitations on how personal data can be used. So, the additional data that an organisation may have collected about individuals in light of the current circumstances will need to be re-evaluated (and potentially deleted) once the global health threat abates.
Of course, the work of many institutions has continued regardless of the virus. Data protection authorities and the courts may now have bigger backlogs, but there have been developments in the area of data protection. During the last 12 months we’ve seen the hugely significant Schrems II ruling (affecting data transfers) from the European Court of Justice, the confirmation of the fines for the BA and Marriott data security breaches, and increasing signs that class actions for data protection will become more frequent in the future. Along with the implications of Schrems II, there will be new Standard Contractual Clauses shortly for international data transfers, there is a new Data Sharing Code from the Information Commissioner’s Office to get to grips with and, of course, organisations will need to consider the ongoing effects of Brexit on the data protection world.
So it’s important to keep track of developments concerning GDPR and privacy obligations. An awareness of data protection and privacy issues will only become more critical for organisations developing their digital presence. This makes the message of Data Protection Day more relevant in 2021 than ever before.
This information is necessarily of a general nature and doesn’t constitute legal advice. This is not a substitute for formal legal advice, given in the context of full information under an engagement with Bates Wells.
All content on this page is correct as of January 28, 2021.