OPINION: Why consumers’ data is more compromised than they think

by Jamal Ahmed | Kazient Privacy Experts
Tuesday, 18 August 2020 11:03 GMT

ARCHIVE PHOTO: Workers look at their phones while walking at the Canary Wharf business district in London February 26, 2014. REUTERS/Eddie Keogh

Image Caption and Rights Information

* Any views expressed in this opinion piece are those of the author and not of Thomson Reuters Foundation.

Infringements on the right to privacy should be treated the same way as infringements on other rights

Jamal Ahmed is a Fellow of Information Privacy and CEO of Kazient Privacy Experts

Privacy is a human right. Just as there are various protections against a stranger jumping through your window and watching you in your home, there are the same barriers against companies accessing, without your permission, data that will tell them just as much about your private life, if not more. In Europe this is protected by the GDPR regulations which, although cumbersome in their implementations, serve a purpose that I believe the majority of people around the world support.

However, the protection of privacy is far from a given. Like many other human rights, it seems to be subservient to the whims of various governmental and commercial interests.

A prime example of this is the recent Schrems II ruling, where an EU court took the unprecedented step of instructing European companies to no longer share data with US businesses, because of what is, in the court’s view at least, the lack of adequate data protection in the United States.

It’s important to be clear about what data sharing between a European and US company can mean for the average consumer. Often this takes the form of different divisions of the same company simply transferring data between each other. However, the variation in how different jurisdictions treat your data can be very significant.

In the European Union, private data can usually only be accessed by a government through a thorough official process, with due cause and judicial oversight. In the United States, however, a little known law known as FISA means that the government has on demand access to any data held by a US company on non-US residents.

Although there are clearly lots of situations where a government will need access to an individual’s private data, that should be done in an accountable way, should be proportionate to the danger posed, and in the public interest. It should not be effectively unregulated.

In short, infringements on the right to privacy should be treated the same way as infringements on other rights, such as someone being deprived of the right to family life by being forced to serve a prison sentence.

The entire world needs to learn to balance an individual’s right to privacy with societies’ needs for security. This is essential for both economic and political reasons.

Economically, the free but safe flow of private data is essential for most modern businesses, since so many of them are data fuelled, either in their entirety or in some of their functions (for example a supermarket chain’s marketing may be based on data held on each customer through use of loyalty cards - those discounts are not given away for nothing).

Politically, awareness of privacy is increasing. Even when it comes to the most significant emergency of our generation, the Covid pandemic, privacy concerns were part of the public conversation around track and trace systems and their implications for personal liberty. I, like many others, am of the opinion that crises like these justify some compromises on the level of privacy citizens of free societies would normally expect. But that does not mean those concerns should not be addressed.

Increasingly, savvy consumers will see privacy as a competitive advantage, and companies will have to respond. For example, the messaging app Threema charges 1.23 Euros per device per month - an amount happily paid by over 5 million users, who see this as sufficient competitive advantage over free alternatives like Whatsapp which are perceived (rightly or wrongly) as less secure. The fact that Threema is based in privacy-conscious Switzerland and not other jurisdictions is certainly part of its appeal.

We are living in a completely interconnected global data ecosystem. Ideally, regulation around this most personal of issues should be agreed at the global level. The alternative is a fragmentation of the global economy along data faultlines - something that will come at huge cost both to the speed of economic growth and the convenience of consumers’ personal lives.