The wide scope of privacy laws

The concept of privacy has a wide scope embracing domestic, commercial and state surveillance, protecting individual space and behaviour, data privacy, data security and much more. The term “privacy laws”, which provides the name of this publication and company, covers a widening spectrum of issues.

Some of the tech giants have become more aware in recent years of their responsibility in their use of personal data. For example, Facebook has set up a research organisation, TTC Labs, which is examining what users of Facebook’s services understand by the term “privacy”.

Last week the research team published their report Users’ Top of Mind Privacy Concerns. They surveyed 40,873 users of Facebook, Instagram, Messenger, and WhatsApp in 10 countries and invited respondents to describe their privacy concerns for Facebook products in their own words. By doing so, the research team have provided an interesting taxonomy of 16 privacy issues in three categories. Their concerns related to:

  1. actions that other people might take toward someone in the app,
  2. how apps are assumed to collect and use data, and
  3. who has access to information the app is assumed to know about people.

A new law ahead

Overshadowed in the news by the death on 9 April of Prince Philip, Duke of Edinburgh, there is a connection between Prince Philip and the Computer Misuse Act 1990, which I have not seen reported.

In 1985, Prince Philip’s personal electronic message box was hacked. The perpetrators were tried in the Southwark Crown Court; the Criminal Division of the Court of Appeal, and ultimately the UK’s top court, the House of Lords (now the Supreme Court). They were acquitted because their actions did not fit into the terms of the Forgery and Counterfeiting Act 1981. This sequence of events led, as a consequence, to the creation of a law which would have fitted the facts of this case, the Computer Misuse Act 1990.

As recently as 11 May, Home Secretary, Priti Patel announced a formal review of the Computer Misuse Act 1990. She said “The Computer Misuse Act has proved to be an effective piece of legislation to tackle unauthorised access to computer systems, and it has been updated a number of times to take account of changes we now face. Alongside the Act, there is also separate legislation that provides powers for law enforcement agencies to investigate both cyber-dependent and cyber-enabled crimes.”

Cyber security failures

In March the government published the Cyber Security Breaches Survey 2021 which revealed that two in five UK firms experienced cyber attacks in the last year and a mass of significant risky corporate behaviour, including:

  • nearly a third (32%) of large businesses have laptops with unsupported versions of Windows
  • nearly a quarter of businesses and charities (23% of each) have cyber security policies that cover home working
  • only a fifth of businesses (18%) and a quarter of charities (23%) have policies that cover the use of personal devices for work.

The government and ICO are focusing on online harms and risks to children. On 21st April, the government announced cyber security legislation for Internet of Things devices.

ICO’s Sandbox continues to produce win-win results

The common factor behind the organisations in the ICO’s Sandbox is that they all provide a social benefit from their use of personal data. The benefits of using personal data for good are highlighted by two of the most recent “graduates” from the ICO’s Sandbox. Tonic Analytics is developing a programme aimed at reducing road deaths and injuries, and the Greater London Authority aims to reduce violent crime. (See PL&B UK Report September 2019 p.1 and Privacy Paths podcasts numbers 6 and 9)

In the case of the Greater London Authority, the project’s contribution to the understanding of the factors behind violent crime extend to broader issues of societal health and wellbeing.

“The victims and perpetrators of violence are consistently reported to have higher health needs, and worse health outcomes across a range of measures compared to the rest of society. Through a better understanding of these health needs, the right health provisions can be provided at the right time to those that need them most; reducing health inequality and increasing the overall health and wellbeing of society.” (Source: The ICO Report Section 3.6 page 7)

These organisations in their use of personal data provide models of privacy protection beyond the commonly discussed examples of companies’ collection and use of personal data, characteristic of Facebook and other tech companies. The vision of ever changing privacy laws is aiming at constantly shifting targets, resetting privacy and winning trust.

These themes and much more will be discussed at PL&B’s 34th Annual International Conference.

I am delighted to announce that the opening speaker at the conference, Resetting Privacy: Winning Trust, will be the Right Honourable John Whittingdale OBE MP, the United Kingdom’s Minister of State for Media and Data; and Joe Jones, Head of Data Adequacy, Data Policy Directorate, Department for Digital, Culture, Media & Sport, UK.

We will soon announce the full programme of six online sessions on 5, 6 and 7 July and look forward to meeting you there.


Stewart Dresner, Publisher


UK Report 115

Lead stories:

UK adequacy progresses but not completely without obstacles

Will the European Parliament’s intervention delay the decision? And how are the UK, Channel Islands and the Isle of Man affected? Laura Linkomies reports.

How does data protection law affect Safety Tech?

Safety Tech plays a vital role in protecting consumers from online harms, but developing and using the tools relies on processing personal data. By Victoria Hordern of Bates Wells.

Click for full contents list