A brief article on the future of data protection Posted by John on 16 August 2016

Personal data seems to be everywhere now; it is quite easy to forget just how far we have come over the past few years. In 1956 a 5 Mb hard drive had to be fork-lifted onto a plane for transportation, now 5 Gb USB sticks that fit conveniently in your pocket are readily available. It is worth emphasizing that the USB stick is over 1000 times bigger than the 5 Mb hard drive in the photo below.

If this image was not striking enough, consider the image below of St. Peters Square as the new pope was announced, notice anything different? In a period of just 8 years, smartphones have become ubiquitous and the transfer of personal data across devices, companies, and borders has ballooned. The General Data Protection Regulation (GDPR) is an attempt to get to grips with how companies should process personal data however as the rate of change increases, what does this mean for data protection and privacy moving forward?

Many in this sector believe that consumer trust is the key to continued use of personal data. As Theo Forbath puts it in an article in Harvard Business Review in 2015, “After all, in an information economy, access to [Personal] data is critical, and consumer trust is the key that will unlock it”. He points out that companies that are deemed untrustworthy will struggle to get access to any personal information as legislation gets to grip with how companies should process it. On the other hand companies that are deemed trustworthy may get access to a wealth of personal information simply by asking for it, providing of course that there is a legitimate specific purpose for having it in the first place.  As the value of personal data continues to materialize and as the technology continues to develop, it is going to be increasingly important for companies to get data protection right. 

Consider what is going to happen over the next few years. The pace of technology development will only increase the value of personal data. Here, I mention three examples that are going to have a profound impact. 

Firstly, Internet of Things (IoT). One estimate specifies that there are over 6.4 billion connected devices already. Each exchanging, in many cases, personal information with each other. Perhaps, your car will transmit driving behaviour to your health insurance company, or maybe your fridge is informing your health insurance company about your bad diet? A Privacy Impact Assessment (PIA) is unlikely to be required to point out the data protection concerns in these scenarios. 

Secondly, consider wearable technologies. Although wearable technology is of course part of the IoT conversation, they are worthy of a comment in their own right. A t-shirt that could detect a heart attack and call for an ambulance would clearly be a good thing. However, the question remains, what else will be done with this data, especially considering the final technological advancement discussed.

Augmented Reality, this technology has the ability to, in real time, pull up information about things and people and superimpose them in your field of view for your convenience. Pokémon Go has already made this technology mainstream.  Considering what we have already covered in this article, this could be a problem. The misuse of this data would be very damaging to individuals and of course would not be compliant. That been said, the opportunity here for smart companies has never been greater. In the development of these innovations, companies that will succeed will by necessity have a high functioning data protection team.