It's time to think of your personal data

by Nimal Tennakoon

What is personal data and why is it known as the new currency of the digital world? Why has personal data became a commodity such as gold and oil? Why do governments and the multinational companies and business world pay millions to get personal data?

The UK Financial Times, one of the world’s leading financial newspapers, reported on November 7, 2012 that “Personal data values could reach 1 trillion Euros.” Moreover, “the value extracted from European Consumer’s Personal data was worth € 315 billion in 2011, according to research conducted by the Boston Consulting group”.

In addition, in January 2011 the World Economic Forum reported personal data as “The Emergence of a New Asset Class” in the 21st century commercial world.

The digital world is awash with personal data. On an average day global users send around 47 billion emails, and submit 95 million tweets on twitter. Each month users share about 30 billion pieces of content on Facebook. In addition, there are approximately six billion mobile phones worldwide, providing the possibility of tracking down the location of nearly every person on the planet. This personal data has an enormous value within the context of the global economy, creating a new “asset class” alongside other main commodities, such as gold and oil.

New currency

In March 2009, European Consumer Commissioner Meglen Kunera stated “Personal data is the new oil of the internet and the new currency of the digital world”.

What is contained within this personal data? It is data that relates to living individuals such as you and me, who can be identified, either directly or indirectly, defining them as “data subjects”. According to European law, a data subject can provide two types of data, categorised as “Normal data” and “Sensitive data”.

The normal data category is that which is common to everyone, such as a name and address. Sensitive data is more personal to each individual, for example, religion, health, political opinion, sex, ethnicity, and criminal offences.

Sensitive data is extremely personal to each individual and whomsoever holds such data cannot reveal it to anyone, without the data subject’s consent by law.

Any breach of this law is treated as a criminal offence, defined in the Human Rights Act, Article 8, as the right to respect for private life, and imposes a passive obligation on the state to ensure that it’s laws provide “adequate protection” of personal information. European law recognises this issue seriously, the UK Data Protection Act 1998 itself interpreted so as to be compatible with Article 8.

The Act has interfaced eight principles to protect personal data, in addition, it harmonised to the European Community Directive 95/46/EC (The Data Protection Directive). The European economic Area is the most protected place on earth for the personal data.

Who needs this personal data, and why it has been developed as a commodity? The people who run the political and the commercial world, such as companies and governments, use data to gain more insight into individual behaviour, and also collectively in society. Governments can use data to help solve social problems, and project solutions to face the challenges of the future. In addition, provides better understanding of political trends, security threats, terrorist activities, and other social trends.

Credit cards

From the companies (multinational, banks, credit cards, supermarkets, etc.) perspective personal data is a huge asset, providing potential paths to future success, comprehension of customers’ likes, dislikes, and trends. Companies are able to react accordingly and enjoy increased profit margins. Without the personal data multinational companies could not operate as a single unit or global groups, and divisions.

Large international internet companies such as Google, Apple, Microsoft, Facebook, Amazon, and Twitter are the main players in the data business.

If you want to find out the value of your personal data, then just type in Google “How much is your personal data worth?” It will take you to http://www.ft.com website which has a calculator to calculate the worth of your personal data.

What is the impact about the personal data protection around the globe?

The European data protection rules have had, and continue to have, a major impact on the US and European trading scene, creating uncertainties, on both sides of the Atlantic, despite the presence and need of strong mutual economic dependency.

It became obvious that a new legal framework (“umbrella”) was necessary to deal with evolving situations, in relation to the networks that processed, and utilised such data.

Long negotiations with the US Department of Commerce, and the European Commission, created a “Safe harbour” data protection scheme.

This was approved on the November 1st 2000, and facilitated the free flow of personal data between EEA data controllers and US organisations, authorised to function under the scheme. The following incident provides an insight into sensitive data transference and how critical situations can easily be created.

After 9/11 terrorist attack, air passenger data was requested during communication with the US Department of Homeland Security (DHS), which deals with anti terrorism activities.

They demanded “Passenger Name Record” details (PNR), containing sensitive data including credit card details, special meals, that could reveal religious and health information of any passengers.

This request was in direct contradiction to principles enshrined in the European Data Protection Directive.

The US DHS would refuse aircraft access to their air space, if the data was not forthcoming.

After protracted discussion the working parties realised that this situation, by stating that “ultimately a political judgement will be needed”.

This decision, alongside other mutual considerations, facilitated the signing of an agreement on July 23, 2007 between the European Union and the US DHS. This enabled the processing and transfer of the PNR data by Air Carrier companies to the US DHS.

This agreement had significant levels of dissension within the European Union.

Notwithstanding this, the European Parliament approved it with a clear majority on April 19, 2012. This allowed US counter-terrorism agencies official access to personal data, about air passengers entering US airspace.

This decision ended years of difficulties for both parties, and clearly illustrated the mutual needs of the US, a global super power economy, and its transatlantic super-state the EU, producing acceptable agreements, and closure.

Global village

How are other countries in the world dealing with these types of problems? The concept of the “global village” in the modern world is now a reality. Therefore each person, and each country in the world, is a commercial asset in terms of data.

An overview of the present legal framework for data transfer outside the EEA/EU would suggest that very good data protection is in place. Maintaining this, in reality, is a very difficult task. Data has become an exceptionally valuable commodity worldwide, creating many pressures on the appropriate legal protection, and practical enforcement.

On August 09, 2012, Google agreed to pay 22.5 million US dollars, the largest fine ever levied by the U.S. Federal Trade Commission (FTC), to settle allegations that it had breached Apple Inc.’s Safari Internet browser. This fine was the FTC’s first for a violation of Internet privacy, as the agency stepped up enforcement of consumers’ online rights. Google had planted cookies on Safari, to track users’ Internet browsing behaviour. Again Google did this same wrong doing and agreed to pay 17 million US dollars in November 2013. These cases show the demand for personal data, and the competition among the multinationals.

The continual evolution of internet trends, with a variety of large cross-frontier social activity, sales, other specialist interests, and networking sites, frequently means that a large amount of sensitive personal data may be being held for an unnecessary period of time, at servers all over the world.

This point was exposed when an Austrian law student requested his personal data from Facebook, and he received 1,224 pages of information. Some of this data had been deleted a long time ago by him.

To solve such problems the European Commission has introduced new legislation offering data subjects “the right to be forgotten”.

This regulation affords an individual greater control over his or her personal data. Article 17 of the DTA, the “individual’s right to be forgotten”, enables the data subject to request that a data controller erase all personal data held by the organisation.

European Data Protection law has had an impact globally.

The Directive’s substance is slowly permeating to other developed, and developing countries. In 2005, Japan enacted a new data protection law including data protection principles. South Africa also followed with a Data Protection Directive. Dubai became the first Arab country to enact a Data Protection Law (2007). China is also preparing new data protection proposals, influenced by the EU Directive. India has already introduced new data protection rules under the Information Technology Act 2000. The Philippines have also indicated, through the Information Technology E-Commerce council, that it intends to adhere to the EU Directive’s standards.

Without any doubt the European Data Protection Directive has created one of the best legal frameworks in the world for personal data protection.

This system imposes and controls the flow of personal data transfer across international borders with respect to Visa systems.

Moreover, this European Personal Data Protection legal framework is changing the global legal landscape when dealing with personal data.

This is the reality of how valuable and vulnerable our personal data is within the digital world. We are part of this world and cannot escape from it. The time has come to think seriously about our personal data.

The writer is a law graduate who holds an MA in Film (UK).