They soon will be
If you’re lucky enough to live somewhere in the UK with good mobile data coverage, then streaming a favourite TV show during the morning commute has probably become as natural as picking up a chai latte. The proliferation of fast, affordable and convenient online services in the last five years has transformed how we shop, how we bank and how we get our news but, beyond the delivery charges and subscription fees, there is a more intangible cost to giving private companies your personally identifiable information.
When it comes to online services and transactions, we’ve been sleepwalking into the habit of exchanging convenience for privacy, often without realising what it is we’re opting to give away. Take digital photos of ourselves for example. Many of us upload them to a cloud server attached to our email address without a second thought, but do we really want internet companies sifting through our photos just to create a selfie album? And how would you feel if someone was uploading photos of you to an offshore server, if you couldn’t have a say in how those photos were used or shared?
Millennials grew up with their baby photos printed in a family album under the coffee table. Your fun auntie in Australia would only ever see them if she shelled out the cash to fly over. Now that same auntie can receive a digital photo in real time and forward it on to all her fun friends until multiple copies of the same image rest on cloud servers attached to multiple smartphones. Suddenly, the digital record of your baby antics is only as secure as the weakest password attached to a fun friend’s email account.
This is how Generation Alpha’s baby photos will be shared: held on Google servers with Google photo app asking parents if they want to switch on image recognition to produce a “they grow up so fast” video. On the face of it, that seems like a beautiful and exciting thing any parent would want to send to their loved ones in Australia, but at which point in this scenario does the child get a say in how their data is being collected, used and distributed? How would they be compensated if their data was lost, stolen or misused?
Nowadays, even the most diligent and cyber-savvy parents are offering up their child’s personally identifiable information years, if not decades, before they can reasonably question or contest their decision-making. From the moment a baby’s name is entered into the national register, personally identifiable information about that child is being collected by an ever-increasing number of private and public sector bodies — each with varying attitudes to cybersecurity and equally variable safeguards in place — leading to the question, are data rights human rights?
It is therefore up to businesses to consider carefully, why and how they are collecting personally identifiable information and to avoid collecting unnecessary data altogether for those under 18. It’s also up to citizens to demand that their data is being held securely and used only for purposes to which they have expressly agreed. The first step is to get into the habit of asking questions. Does a beautician really need your home address? Does a supermarket really need to save your credit card details on their servers? Should a pension provider really be asking for a copy of your passport over email?
More often than not, we accept poor privacy practices to save time and avoid awkward conversations, but we should all get into the habit of exercising our data rights and be teaching our kids to do the same. Data rights may not be considered universal human rights just yet, but it is likely they will be within the next decade and, in Europe, the law already offers us increased protection for our digital selves.
So what are your rights?
Under UK data protection law, we all have certain rights regarding how any company or organisation holds personally identifying information about us. Personally identifying information can be defined as any information that could potentially identify you as an individual, such as an email address, national insurance number or credit card information. Below are just five of the rights the UK Data Protection Act 2018 gives every citizen.
Right of access
You have the right to request access to any personally identifying information a company or organisation holds on you. You also have the right to request a copy of that information.
Right of rectification
You have the right to have inaccurate or incomplete information corrected.
Right of erasure
You have the right to request that some, or all, of your personally identifying information is deleted.
Right to restrict use
You have the right to ask that the processing of some, or all, of your personally identifying information is restricted, for example, if there is a disagreement about its accuracy, or you believe a company or organisations is not lawfully allowed to use it.
Right to object
You have the right to object to your personally identifying information being processed on the basis of what the law defines as legitimate interests and an absolute right to object to direct marketing.
For a full list of your data rights and how to exercise them, we recommend consulting the impartial Information Commissioner’s Office website.
