Saturday, 27 December 2014

My data protection predictions for 2015

I’ve been squinting into the future – and now I’m ready to face the forthcoming year with renewed vigour.

The good news, in terms of data protection standards, is that not much is likely to change in 2015. So we should carry on trying to apply the rules we already know about. Officials from the EU member states will continue to meet to consider how the current standards ought to be modified. They will be placed under increasing pressure from politicians who are keen to be seen to be raising data protection standards across the globe  - but whether citizens will actually feel better protected this time next year as a result of all this pressure is highly unlikely.

Communications Data

Petty criminals will flourish as law enforcement investigators working with local authorities (the sort that investigate dodgy dealers, con men, environmental health breaches, trading standards officials – you know the sort) will be starved of the resources that are required to obtain legal orders forcing communication service providers to supply the evidence that is so useful in securing convictions. Local politicians will increasing explain that they don’t have the funds to pay for the data requests to be approved by local magistrates, and as its only low level crime, the national media won’t bother drawing attention to the problem.

Connected Cars

Regulators will realise, only far too late, that new EU rules on mandating electronic communication devices in cars have placed users under a new level of surveillance. Although primarily designed for use in locating a car after an accident, its “always on” facility provides amazing opportunities for data controllers that have other purposes in mind.


Consumers will reduce their expectations about the extent to which their data is safe when online. The media will continue to report on large-scale cyber security incidents, increasingly committed by state actors for political and national security reasons. Regulators will be increasingly drawn onto prolonged disputes about the extent to which data controllers are reliable for security breaches that result from attacks by professional criminals and (state-sponsored) hackers.

Data Retention

Data retention requirements will feature in 2015 – but with a twist. This time, regulators will press for data to be retained for longer periods, in order that the actions of suspected offenders can be reviewed long after their deeds were committed, while the more slippery data controllers will press for data to be deleted ever faster, to prevent evidence about said organisations being potentially available to prosecutors in the event that past behaviours need to be reviewed.     


Despite continuing to drone on about drones, guidance about “safe droning”, issued in the UK by the Surveillance Camera Commissioner, the Information Commissioner, the Civil Aviation Authority and a myriad of other bodies will be blissfully ignored by many thousands of happy droners, most of whom will be entirely unaware of the laws they will continue to break.

Employment Opportunities

HR Departments will continue to see data protection as an issue that requires a lawyer on board, rather than a hands-on data protection practitioner. The focus will continue to be mainly on “what does the current law, or a possible new law, mean for the organisation?”  It ought to be “what do regulators expect an organisation to do to ensure that procedures are in place that implement the current, and possibly any future requirements, within the organisation?”

Fortress EU

EU citizens will continue to take advantage of innovative and compelling services from data controllers whose vision and ambition outstrips those who advocate the constraints of protectionism afforded by the administrators of a would-be EU super state.


People’s expectations of what personal privacy means will continue to be shaped by the extent to which they wish to engage online. Privacy will increasing become a luxury, a privilege that will be paid for through the use of subscription-only services. The overwhelming majority of citizens will be increasingly aware of the value exchange that occurs when they consume “free stuff” – and they will remain very happy to share “their” information for the “free” stuff.

Privacy Advocates

Will continue to flourish, but towards the margins of the debate. Colourful individuals will be courted by the media, and good stories will emerge that entertain and occasionally inform the public, whose insatiable thirst for news will momentarily focus on the odd data incident. But public attention will soon move on to other stories.

The Surveillance Society

Despite the cry of frustration from law enforcement officials whose job has been made much harder by the wholly predictable (and necessary) need for communications service providers to provide better layers of encryption and security, the overwhelming majority of citizens will accept that public surveillance is a necessary way of life in the democratic part of the developed world. 

The greater integrity that democratically elected politicians (and regulators) have, the greater will be the public acceptance that surveillance will be used for benign purposes. My crystal ball was, unfortunately, unable to tell me whether the integrity of democratically elected politicians (or regulators) was likely to climb or drop in 2015.