The companies you deal with every day need your data; without it, how would they know who you are? If you have a common name, your bank will need your address and date of birth to make sure your account is safe, and obviously, it will know how much goes in every time you get paid.
Details such as this are kept in the strictest confidence; the financial services are held to higher scrutiny than most organisations, and we’re always grateful for that reassurance.
There are times when data collection is necessary, but not so welcome. The DVLA will pass your details on to the police if you’ve committed a motoring offence. We may not like it, but companies have the right and obligation to pass on data for the purposes of law enforcement or in the service of the greater public interest.
However, necessity isn’t the only reason companies collect your data; they also collect it because it’s valuable.
Why is my data valuable?
Quite simply, data is valuable because knowledge is power, and that can always be exchanged for money. Google and Amazon are among successful enterprises that have learned to regard data as a valuable asset also known as data capital.
The rise of social media and the speed of digital data transfer has meant that information is both quick and easy to obtain, and competing companies know that who controls the data controls the markets. This has created a phenomenon known as the data imperative: the faster it’s made, the more businesses are clamouring for it.
However, it’s not just the getting; it’s what businesses do when they have it. Raw data is fairly useless on its own, so the trick is to boil it down to something that can be used to profile individuals for targeted advertising. This means drilling down to finer details about individuals: their likes; their marital status; their social standing and income and their political leanings.
When is this a problem?
Some businesses are ruthless, and the methods of getting data are ruthless too. Companies are trying to get information about you that you’d much rather keep to yourself; targeted advertising is one thing, but personal data can be used for blackmail and to damage reputations.
Terrorist organisations can use data to target individuals who can be recruited to their cause, and data can be used to unduly influence political decisions and elections.
A massive data breach by Facebook lead to the data of up to 87 million users being leaked by an online survey app to Cambridge Analytica in 2014; by the time the news broke, the data had been in circulation for three years. The upshot of this breach was that the data was used to influence the presidential campaigns of both Donald Trump and Ted Cruz, as well as controlling the UK EU referendum.
The data was used to target those with political leanings that could affect the result of democratic votes; it’s unlikely that the 87 million people affected wanted their data used to create corruption and undermine democracy. For a more detailed explanation of the scandal, there is more information here: Cambridge Analytica Explained.
Is there any protection available for my data?
Yes, and this has always been the case. In the UK, the 1998 Data Protection Act has ensured that data is kept only as needed and incorrect measure, used only for the purpose for which it was collected, kept up to date and accurate, kept secure, kept only as long as needed and that the organisation holding it was kept accountable.
Following the Facebook breach, which attracted a maximum fine of only £500,000 in the UK, the EU Information Commissioner decided that new legislation was in order. The General Data Protection Regulations (GDPR) were made law in May 2018, and this brought more onerous rules for data controllers and processors.
Amongst other changes, the regulations require companies to have the express permission of the data subject to keep or process their information, and the fines for breaches are much higher.
Facebook was fined a record-breaking $5 billion in 2017, but their turnover was around $15 billion for the three months leading up to their delicate, so it was not felt to be a deterrent.
The new fines for breaches of the GDPR are a maximum of €20 million or up to 4 per cent of any company’s worldwide annual turnover, whichever is the greatest. As a result of the fall in company stock, Facebook agreed to apply the EU GDPR rules in the US to restore confidence in the company.
What can I do to ensure my data is safe?
The introduction of the GDPR has placed a great deal of additional responsibility on companies to remain compliant, as well as having a deterrent effect on those who would wish to disseminate information illegally.
However, the best part of the legislation is the requirement that a business must have your explicit permission to hold or use your data, rather than working on the assumption that if you don’t object, they can have it.
People need to take a stand against data exploitation; many businesses are profiting from holding your data without paying for the privilege, and they are using this influence decisionmaking and where you spend your money.
When signing up to something, think before hitting ‘accept’, and remember that you can’t be forced to hand over your information. Read the small print, and decide whether you really want them to have that data or share it.
Any organisation that holds your data has to be transparent, so if you need to know what information they hold on you, it is simple enough to ask through a subject access request.
Finally, if you want them to delete any data they hold, tell them, and they will have to eradicate it within 30 days. Data is a precious commodity in these times, so take great care how you give it out.