Let's use Data Protection Day to highlight just how bad the Snooper's Charter is

Internet privacy
Opinion
28 Jan, 2016

The Investigatory Powers Bill remains the UK's biggest threat to privacy, says Davey Winder

Data Protection Day is ten years old today, yet you've probably never heard of it. Let's face it, data protection is pretty boring, until someone threatens to remove it, of course.

Known as Data Privacy Day outside of Europe, the whole point of the 28 January event is to raise awareness of privacy issues: it coincides with the anniversary of the Council of Europe's Convention 108, a piece of legislation that has helped protect your privacy (with regards to processing of personal data) for the last 30 years.

Chances are you've not heard of that, either.

What you will have heard of is the Data Protection Act and, unless you've been living in a cave, the new General Data Protection Regulation (GDPR), which is rumoured to come into force by 2018.

The law will require you to hire a privacy officer, force you to classify your data, and notify regulators of any data breaches quickly after they occur.

If you accidentally misplace a million customer records, it will leave you with a huge fine hanging over your head, too.

You've probably heard of it, but do you understand it? Probably not, at least as far as whether or not it applies to your business. But don’t worry, you’re not alone in that.

Maybe the EU should take this opportunity, today of all days, to issue some guidance to clear that up once and for all? Or, at the very least, announce an education plan to rollout and fill the gaps in our enterprise understanding of GDPR before it actually comes into force.

The GDPR promises to bring a greater level of consent to individuals when it comes to where their data will, or will not, be shared.

But at the same time, Prime Minister David Cameron and Home Secretary Theresa May want to pass new powers that would give spy agencies more access to your personal data, via the Snooper's Charter, formally known as the Investigatory Powers Bill.

The government wants to compel companies to build backdoors into their products, so it can bypass security measures to access data it wants to look at. Additionally, it promises to send you to prison for up to a year should you reveal that such a backdoor exists.

This is the kind of thing that should be getting the attention today, rather than the red tape of the GDPR. The impact of the Investigatory Powers Bill will be widespread and devastating to the protection of data privacy. That the government could issue a 'technical capability notice' demanding you open the backdoor and let them in is bad enough, worse is that you could end up in prison just for revealing you've been given one.

Maybe today should be renamed as UK Catch 22 Day. You know, Catch 22, which states that you aren't allowed to know what Catch 22 says...