Episode 149: Navigating Data Protection Challenges

Jasmine Harrison, Philip Brining and Joe Kirk

Data Protection Made Easy Episode 135

Unlocking Insights: Episode 149 Recap on Data Protection Made Easy

In a riveting return on Episode 149 of the Data Protection Made Easy podcast, the hosts warmly welcomed back Phil Brining, the founder of Data Protection People, after his brief hiatus. Phil, a key figure who pioneered the podcast over three years ago, added his seasoned insights to an engaging discussion that spanned a myriad of critical topics in the realm of data protection.

The episode delved into an impactful incident—the Nicola Bulley case. This poignant case unfolded earlier this year when Nicola went missing. Lancashire police, in the pursuit of their investigation, took a controversial step by sharing special category data about Nicola with the press. They revealed sensitive information about her struggles with alcoholism and menopause, raising questions about the boundaries of data sharing during an active investigation.

John Edwards, the ICO representative, stressed the importance of learning lessons from this tragic case. He emphasised the necessity for police to demonstrate the proportionality and necessity of sharing personal information during fast-paced investigations. This led the hosts and Phil to reflect on the recurring issue of UK police forces breaching GDPR without facing substantial consequences.

A notable revelation from the ICO indicated a reluctance to issue fines to public authorities, deeming it a financial burden on taxpayers. However, this raised concerns about the lack of accountability for public entities, especially police forces, when it comes to meeting GDPR requirements. The hosts, including Phil, contemplated alternative approaches to enforce compliance and ensure the protection of special category data.

One proactive suggestion emerged from Joe—a proposal to host workshops. These workshops would bring together Data Protection Officers (DPOs) and key figures from various organisations to deepen their understanding of the critical responsibility they bear as data controllers. The emphasis on education and accountability marked a potential shift in addressing the systemic challenges faced by these entities.

Jasmine, one of the hosts, questioned the effectiveness and accountability of the Data Subject Police Team (DSPT). The conversation pivoted towards the backbone of DSPT and whether it possessed the necessary mechanisms to hold police forces accountable for data breaches.

Moving beyond this critical discussion, the hosts transitioned into a timely segment on the ICO’s guidance for Black Friday shoppers contemplating smart device purchases. In a world increasingly governed by interconnected devices, the ICO emphasised the need for careful consideration before embracing the latest in smart technology.

The guidance encouraged users to think before clicking ‘buy,’ conducting thorough research on privacy options, and familiarising themselves with the data collection policies of potential devices. Practical tips for device setup, updates, password security, and data sharing consent were presented as essential steps to safeguard personal information in the era of smart devices.

The ICO’s investigation into the data protection practices of UK tracing agents added another layer of complexity to the episode. Triggered by a women’s charity’s concerns about a tracing agent divulging a domestic abuse victim’s location, the ICO engaged with various stakeholders to assess the industry’s overall compliance.

In their findings, the ICO discovered no evidence of non-compliance but issued reminders to tracing agents and their professional bodies about their data protection obligations. The mention of abusers using affordable technology to trace victims highlighted the evolving challenges in the realm of data protection.

On a different front, the ICO published draft guidance on transparency in health and social care. This comprehensive guide aimed to provide clarity on privacy and transparency information, differentiating between the two. Examples were provided to illustrate scenarios where transparency information could enhance public trust.

Patient privacy concerns soared as the NHS awarded a £330 million contract to Palantir, a US spy tech company. The controversy surrounding Palantir’s history with organisations like the CIA raised questions about the security and privacy of patient medical records. The British Medical Association voiced deep concerns, demanding assurances that personal information wouldn’t be misused.

Adding to the complexity, the podcast explored the intricacies of opting out of data sharing within the NHS. Despite the option for patients to opt out at any time, questions arose about the application of this opt-out to the Federated Data Platform managed by Palantir. Privacy campaigners expressed worries about the potential monetisation of health data.

As the episode unfolded, the ICO issued a statement on the use of cookies, targeting some of the UK’s most visited websites. The ICO expressed concerns about users being tracked for personalised marketing purposes without fair choices. Websites were given 30 days to update their practices, with potential consequences for non-compliance.

The episode’s narrative reached a legal dimension with the Court of Appeal’s judgment on FOIA exemptions. The ruling clarified that the ‘aggregation’ of public interests for exemptions is permissible, aligning FOIA with the Environmental Information Regulations (EIR).

This intricate tapestry of discussions, spanning from tragic case studies to the legal nuances of data protection, encapsulates the essence of Episode 149. The hosts and Phil engaged in thought-provoking conversations, offering insights that go beyond the surface of data protection challenges.

“All this and more” awaits you in the full episode. Tune in to the Data Protection Made Easy podcast to gain a deeper understanding of the multifaceted landscape of data protection. Click on the player at the top of the page or tune in via Spotify or Apple Music to unravel the complexities and stay informed in the ever-evolving world of data security.