- What we do
- Who we work with
- Who we are
As our Managing Director, Andy Hamilton, mentioned in his blog post on data privacy versus data security, data security has long ceased to be a problem in the grand scheme of things. Instead, data privacy has become a primary focus for many people – or rather, how to keep data private. For a long time these competing ideas seemed to be meshed together in an apparently unbreakable union. Quite simply, data security was the process for ensuring data privacy. Therefore, as long as data was secure it was private, or at least it seemed that way. However, in recent years these assumptions have been shaken and stirred somewhat, leaving us to challenge this old assumption and has brought data privacy to the fore, leaving the uncomfortable aftertaste lingering; is our data really private at all?
We live in an age of online surveillance; more than 45% of all websites use some form of analytics and scripting technology to gather personal data in order to understand our behaviour and mine information. Google, for example, accesses data in private Gmail accounts; Facebook conducts secret experiments on its users, and cookies have ceased to be an afternoon treat. The revelation that these actions take place has been surprising, perhaps, but it is the actions of NSA whistle-blower Edward Snowden regarding the mass surveillance in Europe by America and Britain that really began to challenge the order of things, and made us re-evaluate the real meaning of data privacy.
Until recently there has been no fine line between which data items should be private and which not. There was, perhaps, a tacit acceptance that only information the needed, or had been given permission, would be shared. However, Edward Snowden’s expose has unravelled this assumption, making him a persona non grata with the US government in the process.
This might read in a slightly alarming manner, it is not nice to be reminded that Big Brother really is watching us (and reading our Christmas email to Aunt Muriel!) but there’s good news. The events of the last two years have pushed the “Sovereignty of Privacy” to the top of agenda on a worldwide scale. Governments, and regulatory bodies in the EU and further afield are investing a lot of energy into defining what private data is, as well as what, and who, has the right to access it.
Additionally significant reform of data protection laws has put the power firmly back into the hands of the individual. In 2012, a major reform of the EU legal framework on the protection of data was proposed. These proposals are intended to strengthen individuals’ rights. For example, under EU law, personal data can only be gathered legally under strict conditions and for a legitimate purpose. Furthermore organisations which manage personal data must protect it from misuse. Simply put, users are no longer prepared to leave the power to access private information open to outside sources and EU law has recognised this.
It is not just regulators that have begun to change their attitude to data privacy. Companies like Microsoft are actively trying to make services, like their cloud offering, safe from prying eyes (or at least those without clearance). The company is the first enterprise cloud provider to receive approval from the EU data protection authorities which is, as Dervish Tayyip, Assistant General Counsel at Microsoft said, “An important development for our customers at a number of different levels.” By acknowledging that Microsoft’s contractual commitments meet the requirements of EU’s “model clauses”, Europe’s privacy regulators have essentially said that data stored on the Microsoft cloud is subject to the EU’s privacy standard no matter where the data is actually located.
Significantly Microsoft has also taken the fight for data privacy a step further. As mentioned in the previous blog, Brad Smith, Microsoft’s Senior VP and General Counsel has publicly taken on the US courts in their demand for access to foreign data. He stated his opinion explicitly, in an article for the Wall Street Journal last week, “Microsoft believes you own emails stored in the cloud, and that they have the same privacy protection as paper letters sent by mail. This means, in our view, that the U.S. government can obtain emails only subject to full legal protections of the Constitution’s Fourth Amendment.”
Undoubtedly there is far more to be said on the issue of data privacy. As the right to access private data wrangles it way through both the European and American courts we are sure to see more changes brought into place, but the message at the moment seems crystal clear…no person or company should be forced to give access to data, everyone has the right to online privacy.
Microsoft Cloud Future thinking Office 365 Collective intelligence Intranets Business intelligence Digital Transformation Business Transformation Office Technical Change Management 20th Anniversary Gold Partner Microsoft Inspire CRM Privacy Partners Director's Briefing Public Sector Training Websites