The nature of the privacy debate needs to broaden. The centre of gravity of crime has shifted to personal data, and as the centre of gravity of communications consolidates on digital platforms we need to complete the legal framework. There needs to be a clear legal age of consent – for publishing personal data. The static web, sms and email have been joined by the richness of social networking, and the democratisation of access to data provided by social media. But there’s a subtle and critical paradox in law. The rigidity of the data protection act, the oversight of RIPA (the UK's Regulation of Investigatory Powers Act) and the fallback / legacy of Data Retention are part of what remains a young legal framework. But this framework is missing one critical link - clarification on what data people post about themselves and when they are legally responsible for what they publish. When I worked on RIPA at the time of launch, and the EU data protection directive at the time of revision (for incorporating sound and image), social media was not clearly mainstream and Facebook not yet an idea. As consumer culture evolves to entrench openness more deeply, both the risks of data publishing and the burden of responsibility need to be clearer.
In the UK the Information Commissioner’s Office has the unenviable task of charting a course through the unknowable. To support them there needs to be a wide and educative debate about what the legal age of data consent should be and what this means. The ICO has a rare opportunity to lead an issue of massive national and moral focus. Whether responsibility eventually settles at 7, 9, 11, 13 or more, once you drop the stone in the pond nobody can be sure how far the ripples spread.
Since the birth of the digital networked society, Britain has been a laboratory for how digital communications affect individuals and nations. Our government is in a unique position for thought leadership - we should embrace the nettle, however painful.
Comments