Data’s Unstoppable Rise: How the Law Struggles to Keep Pace with the Digital Revolution
In an era where data reigns supreme, the digital revolution continues to reshape our world at an unprecedented pace. After the space race, we have entered an era of rapid technological advancements, as we race to keep up with the ever-accelerating digital revolution and the avalanche of information it has unleashed. Bridget Treacy, leader of the UK Privacy and Information Management practice at law firm Hunton & Williams, highlights the persistent challenge of legislation playing catch-up to evolving data practices.
Our expectations of control over our privacy have been overwhelmed by rapidly evolving technologies that track our every need, social networking structures, and societal norms. As Clive Humbly aptly puts it, “data is the new oil,” emphasising the unparalleled value of information in today’s digital landscape. However, this valuable resource demands proper regulation to prevent exploitation and ensure that individuals are not unwittingly made captives to large corporations.
Have you ever ventured into the depths of terms and conditions? This query unravels a prevalent truth: the commitment to dissect the intricacies of online agreements diminishes rapidly when faced with investments of time, money, or effort. According to a 2011 UK survey, a mere 7% of individuals embark on the exhaustive journey through the entirety of terms and conditions. The consequence of this pervasive oversight is striking, with 21% acknowledging the tangible repressions of neglecting these legally binding agreements.
“All this data is bought and sold on aboveground and underground markets. It’s processed by clever algorithms. Value is extracted. Ads are sold. Opinions are manipulated and elections alongside them. People of interest are identified. Their activities are logged”.
By accepting the perks offered in exchange for our personal information, we are, in essence, blindly consenting to be capitalised on.
The key legislation surrounding data are the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These laws specify certain obligations that organisations must adhere to that restrict the use of personal data. These laws not only establish distinct limits on how covered entities can employ gathered data but also confer heightened enforcement capabilities to regulatory agencies.
Although the implementation of GDPR and CCPA signifies a significant advancement in granting users greater authority over their data, their effectiveness continues to be the subject of ongoing debate. While certain individuals propose that the GDPR could potentially hinder competition, others contend that the CCPA may be too relaxed. Although the CCPA's perceived lack of strength may be attributed to its intention of protecting specific small businesses, laws that truly have an impact require rigorous enforcement mechanisms to influence the operations of large corporations such as Google. The €50 million fine imposed on Google, as the largest penalty under the GDPR, gives rise to doubts regarding the extent to which such sanctions provide substantial financial motivations for big companies.
In echoing Sanjay’s poignant questions, we must collectively ask ourselves: “Do we realise the extent to which our personal data is being monitored? What level of control and rights do we have over the personal information that is generated through our activities and involuntarily disclosed by us? These questions underscore the urgency of establishing robust legal frameworks that not only keep pace with technological advancements, but also safeguard individual rights and privacy in the face of the data-driven revolution.
By Nibin Babu
