Lord McNally: protecting our data in the 21st century
Lord McNally explains why protecting people's data without sacrificing their freedom should be at the heart of policy.
We all value our privacy. We all have legitimate concerns about how much both the state and the private sector should know about us and what purpose they should put such knowledge. Yet it is also true, in this information age, that we all benefit from our ability to access and use data. One of the great challenges to Government in the Twenty-First Century is how to frame laws, both national and international, which will retain the benefits which access to data brings whilst retaining the rights to privacy which underpin free societies.
With these thoughts in mind we arrive at a key time in the development of data protection legislation across Europe and in the wider international context, with the Council of Europe modernisation programme on Convention 108, the publication of Data Protection proposals by the European Commission and the marking of Data Protection Day on the 28th January.
As we mark the occasion of Data Protection Day it is worth recognising the considerable achievement made by the Council of Europe in setting the benchmark for universal data protection standards. The inception of Convention 108 marked the formulation and agreement to a number of core principles which have governed the protection of up to 800 million individuals across 43 signatory countries with regard to automatic processing of personal data, and in doing so reconciling the free flow of information with privacy and data protection concerns.
This Convention is the first binding international instrument protecting the individual against abuses that may accompany the collection and processing of personal data and which seeks to regulate at the same time the trans-frontier flow of personal data. In addition to providing guarantees in relation to the collection and processing of personal data, it outlaws the processing of ‘sensitive’ data on a person’s race, politics, health, religion, sexual life, criminal record, etc., in the absence of proper legal safeguards. The Convention also enshrines the individual’s right to know that information is stored on him or her and, if necessary, to have it corrected.
The extraordinary pace of technological innovation, increasing global interdependence and the growing transfer of people and information within and across borders presents a significant and unprecedented challenge. No one can be sure what further changes may be around the corner, but in a digital age of cloud computing, social networking and other forms of new technology we must be proactive in taking the right steps now to create an environment in which: business and enterprise can prosper; the police and judicial authorities are able to protect and serve the public effectively; and where individuals can be confident that their privacy, safety and freedom will be safeguarded.
I believe that the starting point for an effective system of data protection is that the use of personal data should to be fair; lawful; accurate; secure; and that data itself should be kept for no longer than is necessary. These are the principles that formed the basis of the first data protection laws in the UK some thirty years ago. I believe they are still relevant today. These principles transcend technological and political developments and their strength lies in their generality, in that they can be applied in different contexts irrespective of political and technological change. Where those principles are inadequate or no longer effective, we should rightly look to revisit them.
I would like to underline my support for the continuing work of the Council of Europe and representatives from member states in modernising Convention 108 which has set a world wide standard in the field of data protection. I believe that by working together we can secure protections for the public without sacrificing the vital freedoms on which we all depend.
Lord Tom McNally is the Justice Minister with responsibility for data protection policy.