ICO warns of privacy risk of corporate data harvesting

ICO Privacy

The Information Commissioners Office (ICO) has finally confirmed in writing what we have all known for years and years; big business slurping up personal data represents a massive risk to individual privacy.

The statement came in evidence given to Parliament’s Joint Committee on Human Rights which is currently carrying out an inquiry into the Right to Privacy (Article 8) and the Digital Revolution.

The inquiry has so far dragged on for nearly two years without showing any sign of reaching any sort of conclusions. However, late last week they published a series of written submissions to the inquiry which suggests they may finally be getting ready to publish some recommendations.

ICO warns of privacy risk of data sharing

If the submission from the ICO carries any weight at all, those recommendations could be a seminal moment for privacy in the UK.

In their submission, the ICO stated that the collection and aggregation of private data by companies, in particular those whose business models are built around data processing, “underpins the risks to individuals’ privacy at a very fundamental level.”

The noted that the rapid development of technology has allowed companies to collect user data on an “industrial scale”. “It has reached the point where data collection is not simply a means to a business end, but the end in itself. Data has become the commodity.”

This statement might seem self-evident to those who are already conscious of the myriad of risks to online privacy there are out there.

But it will have come as a surprise to some MPs. Let’s not forget these are the MPs who voted for the massively invasive Investigatory Powers Act and the recently aborted online porn age verification scheme.

Some might say that abuse of personal data by UK-based businesses is the responsibility of the ICO. To their credit, they have made some big strides in this area.

Only in April of this year, they fined Bounty, a popular parenting and pregnancy site £400,000 for sharing the personal data of more than 14 million people illegally.

It found that between June 2017 and April 2018, they shared around 34.4 million records with credit reference and marketing companies including Acxiom, Equifax, Indicia and Sky.

The Deputy Commissioner of the ICO, Steve Wood, claimed they have a growing track record for clamping down on such behaviour and stated that more such penalties would be forthcoming.

He noted that legal precedents against companies abusing data in this way were likely to be set in the European Courts in the near future.

Even if the UK leaves the jurisdiction of European law before that happens, it is unlikely to make any major changes here as most expect EU law to be transcribed into British law, at least in the short term.

Other powerful submissions

The ICO was not the only influential voice to submit written evidence to the committee.

Orla Lynskey, associate professor of Law, Department of Law, London School of Economics told the committee about the huge privacy risk posed by apps which demand access to unnecessary private data and information in order to function.

She gave the example of Ocado, not because it is alone but because it was an app she had recently downloaded. According to Professor Lynskey, the Ocado app for some reason demanded access to her photos before it would run on her device.

This will be an embarrassment to Government Minister Matt Hancock who recently released an app of his own which also made similar requests. He argued that this was a default requirement put in by his developer, but it is an excuse which rather emphasises the problem.

Another important common theme which cropped up in a number of submissions was the question of lawful consent. Several organisations stated that, in their view, most people had no idea what was happening to their data. They therefore asked how they could possibly give meaningful consent to its use.

How to keep your data safe from snooping businesses

Much of these submissions are self-evident to many but the fact that they are being spelt out to politicians has to be positive. The Joint Committee on Human Rights cannot force the government’s hand on this issue, but they can put it very much back in the political spotlight.

If you are worried about your own data, there is some simple advice you can follow to try and keep it safe. Firstly, always use a VPN such as ExpressVPN to try and ensure you don’t accidentally leak any data to anyone online.

If you are downloading an app, always read the privacy details carefully and make sure you are comfortable with the permissions the app requests before installing.

We all have to open accounts when using any online service but there are ways to keep it more private. If possible, set up an anonymous webmail account which cannot be traced back to you. Then you can also enter anonymous information into your account details.

But remember, if you do this without using a VPN, it will still be traceable back to your IP Address.

Awareness of corporate online privacy abuse is starting to grow. But there is a long way to go until we will all be safe from it.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *