Data Protection – burden or opportunity?

Eleonor Duhs, our head of Data Privacy, takes a look at how data privacy is rapidly becoming a human rights issue as technology continues to reshape our world.

We are at the start of the fourth industrial revolution. Data is at its centre. But good use of data can do more than improve effectiveness. It’s a human rights issue. Right now, at the start of this revolution, there is a window of opportunity for organisations to demonstrate their ethics in the way they handle data. And increasingly, those who take data rights seriously will gain credibility, protect and enhance their reputation.

What has data protection got to do with human rights?

Data protection is about the fundamental right to privacy.  Data protection law is a detailed “working out” of Article 8 of the European Convention on Human Rights – the right to a private and family life.  The frequent references in data protection law to “necessity” and “proportionality” point to the essential function of the framework.  Data protection law is fundamentally about a careful balance between the rights of the individual on the one hand, and the rights of organisations, government and society on the other. 

Why has data protection become a pressing issue? 

We are entering a new era.  This epoch has been called the fourth industrial revolution. Innovations from AI to biotechnologies are changing the way we live, work and interact.  Technology will require us to rethink how our societies develop, how organisations grow and thrive and even what it means to be human.  The substance powering this revolution is data:  information about our health, interests, interactions, beliefs and habits.

The collection, sharing and use of data has the potential to allow organisations to adapt better to change, implement more effective policies, improve service delivery and disaster responses.  However, developments brought about by the fourth industrial revolution can also be detrimental.  For example, the inferences and predictions created by AI risk enabling unethical decisions and outcomes and exacerbating the divisions in our society.  A clear illustration of these dangers is the A-levels fiasco of 2020.  The algorithm used to decide grades was disproportionately more likely to award worse marks to pupils from lower socioeconomic backgrounds. Data protection law contains important safeguards for individuals where algorithms are used to make decisions.  It is imperative that the technology which powers our activities is used thoughtfully, responsibly, in compliance with our legal obligations and in a way which gains people’s trust. 

How does my organisation ensure that the use of data has positive impacts?

Data protection law contains many important mechanisms which help us to use new technologies in ways which ensure that detrimental impacts are excluded.

Principles such as “data protection by design” can encourage positive outcomes by considering privacy rights from the start.  Data protection impact assessments enable us to think through the effects of new technologies and processes on individuals, and to mitigate the risks we uncover.   Organisations should not regard data protection as a niche area. Embedding data protection as a core value can harness the real potential of this fourth industrial revolution to do good and to do no harm.

Eleonor Duhs is Bates Wells’s head of Data Privacy. She advises on the full spectrum of data protection compliance and is also a leading expert on the post-Brexit legal and regulatory landscape. Eleonor leads a growing Data Privacy team with sector-leading expertise in advising purposeful businesses, charities and public bodies.