The recent cyber attack that crippled the NHS demonstrated why cyber-security is a vital issue and one that can affect an entire country. The recent terrorist attack in Manchester also reminded people what’s at stake when deciding what data gathering and surveillance powers the government should have.
So how are the main UK-wide political parties proposing to tackle online security and privacy after the 2017 general election?
The Conservative manifesto appears to have the most to say about individual data privacy and takes a bold position on cyber-security. Despite having introduced the Investigatory Powers Act that allows government to access detailed records of everyone’s internet activity in the past 12 months, the Conservatives seem so concerned about privacy that the word appears six times in the manifesto.
It pledges data safety through new legislation, stating the party “will deliver protections for people’s data online, backed by a new data protection law”. Yet the manifesto says little about what shape this would actually take and whether it will align with forthcoming regulatory changes.
Any organisation handling EU consumer data will be forced to comply with the new General Data Protection Regulation (GDPR) that comes into force in May 2018. Because the Conservatives’ position on their new data privacy law is unclear, it adds yet another level of uncertainty and potentially new challenges for data compliance.
The Conservatives also plan to make online regulation more similar to that governing the offline world. They promise to develop a digital charter that will bring individual privacy to the forefront of the technology debate, yet make online service providers share responsibility for privacy protection.
There is also an indication that technology companies will be obligated to give the government access to any encrypted communications and data. This would mean creating a backdoor to personal data, undermining the secure nature of encrypted messages, including popular services such as WhatsApp. Given the increasing challenge of keep data safe from cyber attacks – and that public sector and government services are particular targets for hackers – the government should think carefully before trying to justify such a drastic move.
Another hallmark promise from the Conservatives revolves around safety for children online, and to make a requirement of social media companies to delete information about young people when they turn 18. Erasing millions of profiles across something like 20 social platforms with data storage across the world is a tall order. And what if users don’t want their data deleted, or want to keep part of it? Such a requirement could be seen as a big burden for social media firms.
But the Conservatives go further still by suggesting that they will also introduce an industry-wide levy from internet and communication companies to fund online safety and protection campaigns, similar to the approach taken with the gambling industry. While there is some evidence of links between social media and mental health issues, equating the internet with gambling is a big step to take by a party otherwise so keen to make the digital economy central to its manifesto.
Those keen to find out more about Labour’s position towards data privacy will find a rather opaque manifesto. It says: “Labour is committed to growing the digital economy and ensuring that trade agreements do not impede cross-border data flows, whilst maintaining strong data protection rules to protect personal privacy.” Very little light is shed on what laws would underpin these rules, but it seems very likely that a Labour government would keep the GDPR in its current format.
The manifesto also proposes the appointment of a digital ambassador to liaise with technology companies, promoting Britain as an “attractive place for investment”. But there is not a much said on how the position of this potential ambassador would affect on data privacy issues.
Labour’s position on security also lacks definition. Although it admits that individual rights and civil liberties are at times compromised, it promises to apply investigatory powers proportionately and when necessary The party would also continue to “maintain the cross-border security co-operation agreements with our intelligence partners in Europe and beyond”.
The Liberal Democrats stand on the other end of the spectrum. They promise to end the mass surveillance powers of the Investigatory Powers Act and oppose the unrestricted collection of communications data and internet records. They also propose to create a digital “Bill of Rights” to protect individuals’ privacy and to exercise more control over their online data.
The Lib Dems’ manifesto also pledges to counter the Conservatives’ efforts to create backdoors to encryption mechanisms.
With such a variety of positions on data privacy and digital surveillance, the main parties have given the electorate some clear options to consider. A big one is what a proportionate use of cyber-surveillance looks like. But there are also serious questions about how our data is protected online and whether some of the measures proposed will even work. The Conservative party manifesto promises that the UK will be “the safest place to be online”. That’s an awfully big claim in such an interconnected world.