Blog: Ssssssh… What’s the Secret to Privacy?
Fiona McAllister (pictured) discusses privacy rights six months after the creation of IPSO.
Six months after the Information Commissioners Office (ICO) issued its Data Protection guidance and the Independent Press Standards Organisation (IPSO) took over from the Press Complaints Commission, we still haven’t seen any major changes to the privacy landscape driven by Leveson.
But there have been incremental changes building, indicating a step in the right direction. IPSO’s code of practice might not have given the media the overhaul Lord Justice Leveson was hoping for but they do at least now have the power to issue fines of up to £1 million for breaching the code, which, amongst other things, includes intrusion into private and family life, home, health and correspondence, including digital communications. The ICO has been able to issue increased fines of up to £500k and prosecute for damage and distress caused by non-compliance with the Data Protection Act 1998 since 2010. Following last week’s announcement from the department for media, culture and sport, the ICO is also now set to get more powers to fine nuisance callers and spam texters, even where there is no substantial damage or distress.
These harsher sanctions must be, at least in part, a result of the Internet, which remains unregulated. Digital media provides the perfect platform for the never ending conflict between the ECHR Article 8 right to privacy and Article 10 right to freedom of expression. It is so easy to share opinions, information, images and videos which are then stored on servers, often across many jurisdictions for lengthy periods of time.
The controversy over storing information was highlighted by the Google Spain case (Google Spain SL, Google Inc v Agencia Espanola de Proteccion de Datos, Mario Costeja Gonzalz), which was decided by the Grand Chamber of the European Court on 14 May 2014. This was seen as a landmark decision for changes to privacy law. The Court found that search engines (and it is limited to search engines) can be forced to remove web links by third parties where the information contained within them was inaccurate or outdated. But some would say that Gonzalz is no more than a storm in a teacup since there has always been a right to have inaccurate or outdated information prohibited or removed from publication.
The biggest impact of this case has been the dramatic increase in the public’s awareness of privacy rights. Its high-profile nature has resulted in hundreds of thousands of people making applications to Google and other search engines for the removal of their information, although the majority have been unsuccessful.
The law is undoubtedly adapting in light of this increased awareness in the public, which can be seen by the increase in court actions which include claims for damage and distress caused by non-compliance with the Data Protection Act 1998. These claims are either raised as standalone actions or are added to claims of privacy, misuse of private information or breach of confidence.
But many issues remain unresolved. For example, Google Inc. in the US has not recognised the Google Spain decision, which gives individuals the right to request that a search engine remove any links when their name is typed into the search engine. The consequence of this is that information taken down from google.co.uk will remain available on google.com, which is hardly a victory for the ‘right to be forgotten’.
The EU Data Protection Article 29 Working Party disagrees with that approach and interprets the Google Spain decision to mean that all search results should be taken down – so the dialogue on interpreting the current law continues. However all eyes are currently on the new EU data protection Regulation, due to be finalised late 2015/ early 2016, which will, it is hoped, bring greater certainty to the extent of the ‘right to be forgotten’ (although there remains the obvious issue of jurisdictional reach on the internet).
This is likely to remain a hot topic for some time to come so it’s important, now more than ever, to respect privacy rights in order to protect your (or your company’s) reputation.