Back to Blog

Should You Trust Organisations With Your Data?

By Solicitor (Foreign Qualified), Group Litigation

The power and value to businesses of our personal data has never been greater – and companies are becoming increasingly sophisticated at harvesting and using private information.

But as the market for our data has rapidly expanded over the past few years, concern has grown over the ways in which this highly sensitive material is handled.

Recently, political parties and candidates have come under scrutiny for their use of social media marketing to target specific audiences.

This election the Conservative Party and Labour are expected to spend over £1m on social media adverts. However, political campaigns that collect data from social media might be breaking data protection laws if they fail to obtain consent from users.

The Information Commissioner’s Office (ICO) is currently investigating how data analytics are being used for political campaigns. This will determine whether or not political parties’ current practice, where analysis of data from third-party sites is used to target voters, is breaking the law.

If political parties are found to have broken the law then they could be fined up to £500,000 under the Data Protection Act. The fines for charities and political parties tend to be much smaller, in the tens of thousands, and this is unlikely to act as a deterrent when you consider that over £37m was spent on campaigning for the last general election in 2015.

However, General Data Protection Regulations, which will replace the Data Protect Act in May 2018, will increase the fines available to the ICO. With the power to fine the greater figure from either €20m or four per cent of the organisation’s turnover the ICO will be able to crack down on cases of unlawfully processed data.

General Data Protection Regulations Which Will Impact Targeted Advertising

  • New rights not to be profiled based on your data or online behaviour.
  • The creation of new categories of ‘sensitive personal data’ including ‘biometric’ data and data that could be used to profile you based on your behaviour that must be treated with greater care than that of ‘personal data’.
  • Expansion of the definition of personal data to include all data that has the potential to identify an individual, such as IP addresses and location data.

Slater and Gordon Lawyers provide expert legal advice on privacy and data protection. If you would like further advice you can call us on freephone 0800 916 9060 or contact us online.

David Barda is a group litigation lawyer based in London.

Comments