Data Driven Futures

JCHR calls for online data registry

Written by Peter Walker
05/11/19

The Joint Committee on Human Rights (JCHR) has raised serious grounds for concern about the nature of the consent people provide when giving over information online.

A new report stated that privacy policies are too complicated for the vast majority of people to understand: while individuals may understand they are consenting to data collection from a given site in exchange for free access to content, they may not understand that information is being compiled, without their knowledge, across sites to create a profile.

The committee heard alarming evidence about eye tracking software being used to make assumptions about people's sexual orientation, whether they have a mental illness, are drunk or have taken drugs; all of which was then added to their profile.

The group of MPs found that people cannot find out what they have consented to. Indeed, it is difficult, if not nearly impossible, for people - even tech experts - to find out who their data has been shared with, to stop it being shared, or to delete inaccurate information about themselves.

It also argued that it is completely inappropriate to use consent when processing children’s data, with children aged 13 and older, under the current legal framework, being considered old enough to consent to their data being used, even though many adults struggle to understand what they are consenting to.

The committee pointed out that there is also a real risk of discrimination against some groups and individuals through the way this data is used. It heard evidence about some companies using personal data to ensure that only people of a certain age or race, for example, see a particular job opportunity or housing advertisement.

Unlike traditional print advertising, where such blatant discrimination would be obvious and potentially illegal, the committee stated that personalisation of content means people have no way of knowing how what they see online compares to anyone else.

The committee therefore called on the government to ensure there is robust regulation over how data can be collected and used – along with better enforcement of that regulation.

The consent model is broken, according to the committee, and should not be used as a blanket basis for processing. The model puts too much onus on the individual, but the responsibility of knowing about the risks with using web-based services cannot be on the individual, MPs stated, adding that the government should strengthen regulation to ensure there is safe passage on the internet guaranteed.

The committee also suggested creating a single online registry that would allow people to see, in real time, all the companies that hold personal data on them, and what data they hold.

Harriet Harman, chair of JCHR, said: “Individuals are giving away lots of information about themselves when using web-based services and the expectation is that they should know about the risks of using the internet.

“Individuals cannot be expected to know whether their data is being used appropriately and what risks this poses to their right to privacy – instead there should be adequate regulation in place to ensure that everyone’s privacy is protected online.”

She added: “The government must address this, urgently, we say it often but it bears repeating; rights are meaningless if not enforced.”