Let's use Data Protection Day to highlight just how bad the Snooper's Charter is

Internet privacy

Data Protection Day is ten years old today, yet you've probably never heard of it. Let's face it, data protection is pretty boring, until someone threatens to remove it, of course.

Known as Data Privacy Day outside of Europe, the whole point of the 28 January event is to raise awareness of privacy issues: it coincides with the anniversary of the Council of Europe's Convention 108, a piece of legislation that has helped protect your privacy (with regards to processing of personal data) for the last 30 years.

Chances are you've not heard of that, either.

What you will have heard of is the Data Protection Act and, unless you've been living in a cave, the new General Data Protection Regulation (GDPR), which is rumoured to come into force by 2018.

The law will require you to hire a privacy officer, force you to classify your data, and notify regulators of any data breaches quickly after they occur.

If you accidentally misplace a million customer records, it will leave you with a huge fine hanging over your head, too.

You've probably heard of it, but do you understand it? Probably not, at least as far as whether or not it applies to your business. But don't worry, you're not alone in that.

Maybe the EU should take this opportunity, today of all days, to issue some guidance to clear that up once and for all? Or, at the very least, announce an education plan to rollout and fill the gaps in our enterprise understanding of GDPR before it actually comes into force.

The GDPR promises to bring a greater level of consent to individuals when it comes to where their data will, or will not, be shared.

But at the same time, Prime Minister David Cameron and Home Secretary Theresa May want to pass new powers that would give spy agencies more access to your personal data, via the Snooper's Charter, formally known as the Investigatory Powers Bill.

The government wants to compel companies to build backdoors into their products, so it can bypass security measures to access data it wants to look at. Additionally, it promises to send you to prison for up to a year should you reveal that such a backdoor exists.

This is the kind of thing that should be getting the attention today, rather than the red tape of the GDPR. The impact of the Investigatory Powers Bill will be widespread and devastating to the protection of data privacy. That the government could issue a 'technical capability notice' demanding you open the backdoor and let them in is bad enough, worse is that you could end up in prison just for revealing you've been given one.

Maybe today should be renamed as UK Catch 22 Day. You know, Catch 22, which states that you aren't allowed to know what Catch 22 says...

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.