The current digital landscape is a major threat to consumers’ privacy, with the majority of people effectively unable to limit the ways companies exploit their personal data.
That is just one of the submissions to Parliament’s joint human rights committee, which has published evidence as part of its new inquiry into the rights of privacy in the digital environment.
Written submissions by the likes of the Information Commissioner’s Office and Privacy International highlight issues around how freely consent can be given to share personal data in the digital age.
Privacy International said in its submission: “Private companies create unduly lengthy privacy policies worded with confusing language. As a result, individuals often cannot provide meaningful, freely given, specific, informed, and unambiguous consent to, or effectively control or limit, the ways companies are using their information.”
The organisation highlighted Carnegie Mellon research, published in 2012, that found the average Internet user would have to spend 76 working days a year to read all the privacy policies they come across.
In its submission, the ICO said: "The mass collection and aggregation of data, particularly by companies with data-driven business models, underpins the risks to individuals’ privacy at a very fundamental level.
"Businesses have always collected data on customers and users, but the rapid development of technology, particularly online, has allowed this collection and aggregation to be done on an industrial scale. It has reached the point where data collection is not simply a means to a business end, but the end in itself. Data has become the commodity."
In addition, the regulator highlighted the privacy risk for consumers when they have to choose between giving their consent and having their access to the product or service denied. It added: “Where the service is very important to the individual or the company in question acts as a de facto monopoly, a question arises over how willingly consent can be given.”
Privacy group Liberty also pointed to this Catch 22, saying that many users will feel “trapped” by either having to accept terms and conditions or being unable to access a service “which may form an integral part of their lives”.
Both Liberty and Privacy International quoted research published by the Norwegian Consumer Council in 2018, which highlighted the default settings and techniques used by companies to encourage users to share more of their personal data.
Finally, Law Society of Scotland insisted that the international co-operation on enforcement of existing data protection legislation will become increasingly important.
The organisation wrote: “The digital environment renders traditional physical borders increasingly irrelevant and businesses can operate in and from multiple jurisdictions. Regulators and law enforcement agencies will therefore need to work collaboratively to provide global solutions to global compliance issues if data protection and privacy rights are to be properly protected.”