Zimpapers Logo

While a lot of people tend to look at what can and cannot be transmitted on social media under the new Data Protection Act, in the end the main benefit from this Act may well be the controls it places on what data can be protected, stored and made public.

In the “old days” of paper and steel filing cabinets a lot of data was, of course, collected and stored. But there were physical limits and the necessary access to steal data was limited, the possibility of aggregating data in a number of collections was so difficult that no one bothered, and publishing this data was difficult, since that required printing, usually of a book, and that process means that a lot could be done before anything was in the public domain to block or alter published material. The courts could be relied on to prevent defamation and protect privacy.

Even when video and the like first became available, a lot of data was not collected and when collected was not stored. Those who like to dig into older television programmes and like find that copies simply do not exist of a lot of shows, studios and production houses having to recycle the incredibly expensive early tape and so never keeping examples of their work.

Now, in the digital age, we are moving towards a world where everyone lives in a goldfish bowl, with everything we do, everything we say, recorded for all time. Data on each one of us accumulates rapidly: the forms we have filled in, the CCTV footage of where we have been, queries we have made, bank accounts we opened, views of other people on us. The list is almost endless.

A lot of this information is trivial, a lot breaches our rights to privacy, and quite a bit is likely to be incorrect. Yet it is all stored somewhere and technically there is little to stop it all being accumulated in one large heap and sorted by fancy software.

At the same time there are cases where criminals have broken into the databases of banks and raided customer accounts. There are cases where some business acquiring data for what looks like legitimate ends is quite happy to sell the names and particulars of its customers to other businesses, without bothering to ask first.

In the end someone has to be able to state clearly what can be acquired, what can be stored, how the storage has to be secured, who can authorise publication of the data and by whom, who can authorise use of the data and by whom, under what conditions can data from different sources be thrown together.

This is what the new Data Protection Act tries to address and it makes a good job of it. The starting and default position is that generally data can only be collected on someone if that person agrees. Of course there have to be a a lot of exceptions, and the list is not short, but different standards apply to involuntary data; for a start it has to be secured and it cannot be divulged, at least in a form that identifies where it came from, in most circumstances and even where it can be published, there are a lot of safeguards.

The protection is both managerial and technical. The managerial aspects mean who makes the decisions and on what grounds to acquire the data in the first place, and who can divulge that information. The technical aspects are the requirements to have the data secured, the digital equivalent of the locked filing cabinet in a locked room.

The Act gives general guidelines but the detailed regulator is Portraz who acquire this second duty. The choice is not a bad one. Portraz already has some digital regulatory functions so it is aware of what goes on and what can go on. But it is not an operating agency. It does not collect data and it does not transmit data. It has no vested interest in setting up rules and regulations and can just go to what are considered the global best practices.

The second part of the Act affects a lot of people as individuals, on just how far their privacy can be invaded and just what can be transmitted across all the platforms. Parliament has set limits. Just because it is technically feasible to do certain things, or to transmit certain data, there is no reason why anyone should be allowed to do this. Freedom of speech is a major human right, but everyone puts in caveats, basically that using this freedom to deliberately hurt someone is not an absolute right. In fact the law on this matter is quite firm, and even where harmful material is published there must be public benefit and that benefit should outweigh the damage to an individual.

This sort of test immediately criminalises a fair block of internet content, people who transmit peeping tom pictures, the people who transmit revenge porn, that is the images that may have been acquired in a now terminated relationship, people who transmit objectionable material to hurt someone. Along with this there are the total bans on material that affects a child negatively, with child pornography especially hit hard.

Some might feel that Parliament was also trying to stifle political debate. There is no sign of this. No rights that people already enjoy have been removed. Anyone wanting the criticise the Government from the President down can do so, although the internet is now a bit more like a piece of paper, that the criticism can be very robust but needs some connection to true facts. The ban on inciting violence is already there, since it does not really matter whether who incite violence in writing, speech or on a digital platform.

The Act waxes at length on digital crime, criminalising hacking for example, although in many cases this is simply extending our existing law to include new realms, Hacking, to take that example, is basically theft or malicious injury. Now it is also a specific crime.

The new Act was in many respects long overdue, since the affairs that need regulation and the technical changes that allow new types of crime, have been around for a while.

But at least it has come through a process run by the Second Republic, with its emphasis on both individual rights and open information, and has come after it was possible to see what others have been doing, so we can avoid errors. But even so, and even with the emphasis on concepts rather than precise rules, the pace of change will probably see fairly regular amendments as circumstances and technologies change.