Handling personal data

Richard French

Richard French, Legal Director at the Digital Catapult

Earlier this month the Digital Catapult held its first legal conference, ‘Handling personal data: a conference for digital SMEs’ at our Centre in London.

In the same week as the Magna Carta was signed 800 years ago, we debated the pros and cons of current and future legal safeguards to protect citizens’ personal data in a world where technology is leaping forward at dizzying speed.

The atmosphere was expectant and alive to the possibilities. It could have been that many of us had Tim Cook’s recent reproach of some Silicon Valley businesses “lulling their customers into complacency abut their personal information…gobbling up everything and trying to monetise it” ringing in our ears.

It could have been that Eric Schmidt’s words at the previous day’s Founders Forum, “we know far less about you than you think we do…” had sent us jumping for joy. Or perhaps it was excitement about the spike in FitBit shares and the explosion of interest that would drive in healthcare apps and wearables.

Opening the conference was David Brewer, Personal Data and Trust Lead at the Digital Catapult. Eddie Copeland, Head of Technology Policy at Policy Exchange, captured the mood in the room with an enlivening talk about possible uses of personal data in the public sector. I chaired the first of three panel discussions on ‘Understanding Compliance and the Law’.

I was joined on stage by Gabrielle Patrick from Epiphyte, Oliver Yaros of Mayer Brown, and Kevin Poulter of Bircham Dyson Bell. We learned that that was no exception for SMEs to comply with the current UK and EU laws and that what constituted data subject ‘consent’ in the online world remains a grey area for digital SMEs.

The US adopted an approach focused more on keeping personal data secure with specific rules in sectors such as finance and health. Wise heads suggested that compliance was best addressed by putting the user first.

After a short break to network over tea and coffee and catch up on email Jon Kingsbury from the Knowledge Transfer Network followed with his insights into what the future has in store for digital technologies, stressing that soon there will be six billion people connected worldwide and that personal data laws will have to be “internationalised”.

Our second panel debated the pros and cons of the new EU regulation on data protection. I chaired a panel of Alastair Barter from the ICO, Marc Dautlich of Pinsent Masons and Professor Ian Walden of Queen Mary’s University, London. While there was little direct benefit to SMEs expected from the new regulation and question marks over enforcement in multiple jurisdictions, there was some support for the goal of harmonising the laws across the EU.

Some members of the audience also questioned the sense in fining public authorities for breaches that they could ill afford and that a different remedy would be better suited.

The conference was not just presentations and panel discussions. It closed with an intimate Q&A session for those SMEs present that wished to share a thought or idea in confidence.

Topics ranged from how to design websites to ensure that consent was ‘informed’ to use of blockchain technology to record consent as an auditable ‘receipt’ to the use of trust symbols or icons to differentiate services when online. An insightful day indeed.

Richard French is Legal Director at the Digital Catapult. You can follow us on Twitter at @DigiCatapult.

If you have an idea for a future conference in this area, or are interested to find out more about Catapult events then please contact events@cde.catapult.org.uk