Until the EU passed its General Data Protection Regulation last year the UK’s fast-paced digital world had rested precariously on an outdated law dating back to the 1990s.
The EU’s new data protection law allows you to access your online data held by digital companies and ask for it to be deleted. Any breach of data security must be reported to the national regulator – in the UK’s case the Information Commissioner’s Office – within 72 hours of the leak being discovered.
Journalist Judith Duportail last week requested to see her Tinder data and was stunned by the extent of what she received – 800 pages of what she called her “deepest, darkest secrets“.
That sparked concern about the app’s terms and conditions, which carry the ominous warning “you should not expect that your personal information, chats or other communications will always remain secure.”
Modern Data
The new law is geared to the smartphone age, so while the previous legislation in both the EU and the UK was primarily aimed at business information the EU now tries to extend its focus to any firm that holds the data of EU residents.
That means the vast quantities of data on individuals such as messages and images gathered by apps like Facebook, Tinder and Snapchat will be closely protected by putting the whole EU under the same law.
The age of consent for that data to be collected will also be raised from 13 to 16, which is particularly relevant to apps that have young people as their main users.
The regulation will come into effect on May 25, 2018, when the UK will still be in the EU, so it will automatically be turned into UK law when it is copied over onto the British statutes as part of the Great Repeal Bill unless the Conservative Government intervenes with an amendment.
That is unlikely given that businesses have been preparing for the new law for a long time. Enforcing it for 10 months and then removing it when Britain leaves the EU at the end of March, 2019 would be extremely tedious.
In Safe Hands?
When the June 2016 referendum voted to leave the EU the ICO warned that reaching a new trade deal to maintain full access to the single market would require the same data protection standards to be maintained.
“The Data Protection Act remains the law of the land irrespective of the referendum result,” it said referring to the UK’s 1998 data law. “If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK.
But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”
The issue is not just a question for operations in the UK. Any firm wanting a presence in Europe will have to abide by the EU’s standards, so they will have to independently ensure that they meet EU standards regardless of what happnes to the UK law, according to the law firm Farrer & Co.
“The ICO has clearly taken a pragmatic approach,” said the firm. “While the UK will no longer be required to implement these regulations as an EU member, UK companies will undoubtedly want to continue to trade with EU member states on the best terms possible.
In order to do so, UK companies will need to meet the standards of data regulation required by the EU. If the UK wishes to remain within the European Economic Area (including the EU, Norway, Iceland and Liechtenstein) as many hope it will, it will need to implement the EU’s data protection requirements, as Norway has done.”
by Stewart Vickers
The post Brexit: Is Your Dating Data Safe? appeared first on Felix Magazine.
No comments:
Post a Comment