Privacy and security clash on Data Protection Day

A map of Europe with nodes to represent data hotspots
(Image credit: Shutterstock)

As the world marks Data Protection Day, privacy experts say the UK is stuck in a state of conflict over personal data.

Data Privacy Day, as it is known outside Europe, is meant to raise awareness among businesses and individuals of the importance of protecting personal information online.

Butprivacy and security professionals have criticised the UK government's wish to introduce the Snooper's Charter, saying it stands at cross-purposes with incoming EU legislation, the General Data Protection Regulation (GDPR), that is designed to strengthen people's rights over their personal data.

Nigel Hawthorn, chief European spokesman at cloud security company Skyhigh Networks, accused the UK of "failing to put privacy rhetoric into practice" with regard to the draft Investigatory Powers Bill, which wants to force ISPs to collect people's online browsing data for up to 12 months.

He said: "28 January is an iconic date because it marks the anniversary of the opening for signature of the Council of Europe's Convention 108 for the protection of individuals with regard to automatic processing of personal data.

"For 35 years the treaty has been considered the cornerstone of data protection. Yet, with a draft surveillance bill that doesn't specifically state that companies won't have to weaken their encryption for the authorities, consumers arguably have even less say today about how their data is being used."

For Raj Samani, EMEA CTO of Intel Security, the question is not just about data control, but also how well informed consumers are.

"As a society, we continue to be in a state of conflict when it comes to data. On the one hand, we're often outraged over regular news around data breaches, while on the other hand we think nothing about trading our identities for a chocolate bar or less," said Samani.

He also warned that people should be wary of giving up their data to companies.

"We need to be even more cautious and hard-nosed about entering into data transactions by driving harder bargains and asking ourselves smart questions such as 'who our data will be shared with and how it's going to be protected'," he said.

Lawrence Munro, director of EMEA and APAC at Trustwave, meanwhile, said Data Protection Day serves of a reminder this year of the incoming European General Data Protection Regulation(GDPR).

"Following on from a year of high profile security breaches ... there could hardly be a more pressing time for organisations to pay attention to Data Protection Day," said Munro.

"The mounting number of breaches involving consumer financial and private data means the public is increasingly aware of their information being at risk, and much less willing to forgive businesses who betray their trust. The upcoming regulations from the EU will also see harsh punishments for companies failing to protect customer data, with fines of up to four per cent of global revenue in some cases. With so much at stake, no organisation can afford to take any chances," he added.

The GDPR is expected to some into force within the coming weeks and months, while the Draft Investigatory Powers Bill, which can be read in full here, is currently under consideration by the Joint Committee on the Draft Investigatory Powers Bill, which is preparing its report on the matter.

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.