His quote is absolutely true in every sense. Yet in a world today where our lives more increasingly revolve around technology, connectivity and information, his words could not be more fitting.
The world is a different place to where it was when I started in the field of data protection in 2004. We have come a long way in a relatively short period of time. We are more ‘connected’ than ever, which means the ability to share and access information is far greater than it has ever been. We can easily access vast amounts of information from our mobile devices and use the same device to pay for goods and services.
Cameras recording our movements can be found everywhere, on your phone, in your car, or in the air. We have a plethora of social media platforms to choose from and the ability to share images and video instantly in real time. Technology is also connecting our household appliances for example, to make us more efficient and save energy. The Internet of Things (IoT) is becoming well established and technology has quickly crept up on us.
Fourteen years ago, the former UK Information Commissioner famously warned that we were “sleepwalking into a surveillance society”. How right he was. Everything we do is monitored somehow, whether that is through our internet search history or browsing habits, CCTV coverage – the UK has the highest concentration of CCTV cameras anywhere on the planet with one camera for every 14 people – or through social media use. The truth is we are all responsible for leaving our own digital footprint.
There is little doubt that in many ways how we conduct our day-to-day lives has been improved. However, there are important questions to ask: Are we perhaps going too far? Do we really understand the implications upon our privacy and the risks posed if those technologies are not used properly? Perhaps we should be asking much deeper questions around the ethics of the digital world?
Powerful technology giants have the world in their hands, with the ability to influence the state and socioeconomic structures, impacting global economies, cultures, societies and environments. We are also now in a world where a week does not go by without hearing about another data breach, with the recent cases of Age UK and MailChimp amongst others, affecting millions of users already this year. These examples and the many that precede them only go to demonstrate that technology advances also bring with them inevitable risks that cannot and must not be ignored.
Whilst we must embrace technological innovation and creativity, the innovators must also take more responsibility for the ethical issues surrounding the use of digital technologies. The concepts of Privacy by Design and Default in the fast approaching General Data Protection Regulation (GDPR) will go some way to help these digital actors think about privacy at an early stage. Yet they must also be led in such a way that it reflects human ethical values and cultural differences if they are to become responsible innovators.
On 25th May 2018 – as the new GDPR comes into force across Europe – Jersey’s new Data Protection laws also come into effect, bringing with them the biggest global reform in data protection regulation ever seen.
Jersey has a unique opportunity and arguably a responsibility, to raise awareness the quality of its regulatory environment and people.
We are all working hard to prepare for GDPR and everything that comes with it. However, just as technology has evolved and changed the world in which we live, the way we think about data protection must also change. It is no longer enough to look at data protection as a low-priority, administrative function. It is now a boardroom matter and central to the operations of every business. This is equally applicable to Jersey’s finance industry, who arguably are well used to working in a regulated environment. With information such a valuable asset to every business, the temptation is to collect as much information as possible in order to build a valuable profile of your customer. Whilst the rules for the type of information financial services businesses collect to ‘Know Your Customer’ have been around for some considerable time, the term ‘knowing your customer’ appears to have taken on an extended meaning beyond the scope of what the legislation actually requires.
As the authority charged with regulating these laws, it is our aim to be an effective, engaging and outcome-based regulator and to promote a values-driven approach to business. For individuals, this means providing the tools and guidance to get individuals asking more questions about their personal data and challenging businesses who fail to focus on the human side of protecting their information. For businesses, it means providing guidance and support through a ‘value-added’ regulatory model and a risk-based approach to encourage voluntary compliance. A moral panic has ensued in the build up to GDPR implementation, particularly in respect of the scale of the fines should organisations fall foul of the law. Yet the truth is that if businesses are taking their data protection responsibilities seriously and thinking of privacy at a human and ethical level, compliance should come naturally and the penalties associated with non-compliance should never become an issue.
What we do as individuals, businesses and as an Island community over the next few years, will dictate our future and the future of the next generation. The importance of getting this right now cannot be over-emphasised. This is a real opportunity to re-engage with your customers and kick-start your thinking about data protection compliance in terms of the citizen.
At the start of my career, one piece of advice given to me that has stood the test of time was to ‘Keep it simple’. Sometimes we just need to go back to the basics to understand where we need to go.
Paul Vane, Acting Information Commissioner for Jersey, Office of the Information Commissioner.
Paul is charged with regulating the Data Protection (Jersey) Law 2005 and the Freedom of Information (Jersey) Law 2011. He has an extensive regulatory background, having worked in the field of data protection and privacy as Deputy Information Commissioner since 2004 and prior to that the Jersey Financial Services Commission and the States of Jersey Police.
Paul leads a small team at the Office of the Information Commissioner, which is growing significantly to accommodate the impending changes in the data protection legislative framework. He is passionate about his role and is looking forward to supporting the business community through the changes and into the new landscape and continuing to promote the privacy rights of individuals. In his spare time, he plays drums and runs popular local events band ‘Inside Job’ and enjoys spending time and travelling with his fiancée, Julie.