Data protection in the age of consent

Unexpectedly finding a picture of oneself frolicking at a somewhat frivolous club night on a tabloid website is pretty much guaranteed to ruin your day. A friend of mine was not pleased when that happened to him after the London Naked Painting party, and complained to the event promoter, saying that he had not been asked for consent for the image of him to be published.

The promoter was dismissive, pointing out that the published rules for the party stated: “Only accredited press is allowed photography.” The promoter added that if my friend had allowed himself to be photographed, he should have assumed those photographs could appear in the press.

The promoter had a point, but the incident raises more general points about consent. How detailed do terms and conditions need to be when one is seeking consent, for example to use data, or even to publish a photograph on a prominent news website? Should consent for one thing be presumed to extend beyond the original use, and how much onus should be on the individual to refuse to be photographed? Should the person being photographed say explicitly: “You may take my photograph now but you may not sell this image on to a third party”? Is it acceptable to assume that partygoers will understand that any photographs taken of them at the event might end up in the press? Should the photographer have asked my friend before firing the shutter at the party? Should he further have made clear that he would be selling the images to the Daily Mail website?

Robert Bond, head of data protection and information security at law firm Speechly Bircham, says: “That exposure might well be unfair, although the fact that this was a naked event and the reference to press photography might mean consent was implied.

“On the other hand, the terms of the event did not clearly say that participants might have their image publicised and given the nature of the event such transparency might be necessary.” In other words, it is a grey area, to say the least.

Every interaction we have with technology involves consent, either explicit or assumed. Whether that is choosing to keep out of the way of a camera, or installing an app on your smartphone, using a social media platform or a free cloud service or even using one of a plethora of smart devices for the home – each activity requires you to grant consent so that the device or platform can function.

However, it is time to be both more circumspect and questioning about the permissions we grant. And that means those whose businesses depend on technology need to think more carefully about what consent they ask of users.

The trade-off thus far has been that you consent to surrendering data in return for using a free service: the obvious examples are Facebook and Gmail, which collect a lot of information about you in order to show you “relevant” adverts. Given their large numbers, most users are clearly more or less comfortable with that bargain.

But how often do you look at precisely what permissions something you want to use is seeking? And what happens if a product you are comfortable with changes hands? When Google bought Nest, which makes smart thermostats, at the beginning of the year, Nest said that it would not share data with Google, allaying the fears of many commentators. Yet just six months later, at the end of June, Nest said that, um, yes, after all, it would share data with Google. At the moment, Nest users have to opt in to share that data, and it is only available in a limited way to Google to allow the Android app to function.

For those concerned about the porous borders through which data can leak, however, it is a reminder that your consent to a specific use can be potentially compromised further down the track.

And just ticking the box granting an app permissions can go wrong. The most recent example of that came when Yo, the app that only allows users to send the message “Yo”, was hacked. The hackers had discovered a security hole that exposed the phone numbers of any Yo user: to prove it, they texted the developer. The app needs access to your phone list to function.

You consent to surrendering data in return for using a free service

Taking care of such data is going to become a lot more important when the proposed EU data protection regulations come into force, probably towards the end of 2016. Not only could businesses reporting a data breach be subject to a fine of up to 5 per cent of global turnover, it is also likely that they will have to be much more transparent about seeking consent to use data: one proposal, which Bond expects to be adopted, is that the language will also have to be appropriate to the age of the person signing up. That is going to pose a challenge, he says: “How do you tell a 13-year-old at the same time as a 17-year-old with a different level of understanding what’s they’re agreeing to?”

Nonetheless, a greater reluctance simply to grant consent without stopping to consider the implications could be turned to the advantage of a smart business: the developers who make data privacy, safety and explicit consent a key part of the brand could find themselves more successful than rivals who set less store by such concerns.

Meanwhile, says Bond, as businesses will be required under the new framework to have data protection officers, those seeking a career change could do a lot worse than developing an expertise in this area – and becoming data protection officers.

——————————————-

App and away: software that helps you make the most of your time

Glympse, all platforms, free

Arranging to meet someone can be tricky if you are on the move. Glympse is a neat way of letting someone know where you are: it uses your location data to send an alert to the people you want to share your location with – and to protect your privacy, your Glympse is only available for a time limit that you set. The recipient does not need to have the app on their device – the alert sends them a link to a website which updates in more or less real time.

Entrain, iOS, free

The developers of Entrain reckon their app can help you get over jet lag faster by creating a sleep and light schedule. The principle is that exposure to light is the quickest way to set your circadian rhythm. The app uses information about your travel, the time you usually go to sleep and wake up, and the amount of light you expect to be exposed to, as light levels have an effect on how quickly your body resets to a new timezone.

Lightroom, iOS, free

The app enables you to crop images, tweak parameters such as white balance, contrast and highlights, as well as apply presets to images – but only those that come built-in with the full paid-for desktop version (which is required in order to have the app). There are no user-defined presets. It is an impressive app that is free with any of Adobe’s subscription packages and like its desktop big brother, is great for both professionals and keen amateurs.