The end of one year, and the beginning of another is, for me, always a poignant moment. I am grateful for the nudge it gives me to spend a bit of time taking stock of what the departing year has given, and what the arriving year may bring.
ENGAGE, EDUCATE, EMPOWER
In this short reflection on 2024, the first thing I want to mention is the DPAS Engage, Educate, Empower conference (which we’re doing again in February) that was held in Birmingham at the beginning of the year. There is something wonderful about events that give privacy and data protection professionals a chance to meet, talk, chat, share and learn, because it is not only hard work, it can also be lonely work. Our day was full of insight, experiences and commentary, not to mention fun. With Barry Moult dressed up as a dinosaur, what’s not to love?!
But these events also give us more, they give us the opportunity to escape from the pressures of the ‘day job’, just for a little while. We should not underestimate how important those moments are for us as professionals, but also for us all as human beings.
THE OVERVIEW EFFECT
Those that know me will know that I have a bit of an obsession with books (check out our book on AI and data protection by Nigel Gooding) and we are so lucky in this area to have such a rich array of publications from a wide range of authors. As much as I love the arrival of a new book in the post (and the divine smell of freshly printed pages) there is a serious side to it. The area we work in is moving so fast, and has so many facets, it is hard (if not impossible) to keep up with everything. Reading is one way to engage with a wide variety of other people and perspectives and does, in my case, encourage continuous learning and curiosity as well as a sense of perspective and humility (both of which I think are important attributes for DPOs).
As obsessed as I am with books about all things data, I try (every now and then) to incorporate other genres. If I am lucky, those other books resonate with the ‘day job’. One such book this year was a book about a phenomenon called the Overview Effect. It relates to a shift in world view reported by astronauts and cosmonauts during space flight. When they see the world from such a great distance, they are profoundly struck by its fragility, the fragility of humans, and the sense of humanity being ‘in this’ together. That experience changes them. I was fascinated by this concept as, despite not having ventured into space, I understood completely the value of stepping back from things, even just for a moment, and how that can prompt a change in perspective and attitude.
FEELING CAUGHT IN THE WEEDs
The reason I think it is relevant for those of us who don’t venture into space is because it is very easy for us all to get caught up in the weeds of the ‘day job’. Working in data protection and privacy is no different. Like many others, I am a strong advocate of building a culture of compliance, one where high standards of governance are baked into the organisation and everyone in it understands the opportunities of getting it right, as well as the risks of getting it wrong. But high standards of governance require (amongst many other things) effort and they require time. Although some may promise you some, there are rarely any shortcuts to good outcomes. And the reality of avoiding shortcuts can make it feel as though we are trapped in the weeds. For DPOs that will often involve supporting and educating staff, dealing with queries, working on DPIAs, responding to DSARs, managing data breaches… the list goes on. Although it has been quite some time since I was a DPO myself, I remember the reality of life at the coal face very well.
PRIVACY ISSUES AFFECT EVERYBODY
When I was looking through the DPAS bulletins and blogs written throughout the year, it served to remind me of the staggering breadth and depth of the work we all do, and which is only increasing. We all need to follow legislative reform closely, but the legal framework, despite being so important, is one piece of a much bigger picture. This is something so beautifully illustrated by the subject matter of those bulletins and blogs, because we cannot talk about data and our digital world, without looking at that broader picture. Whether discussing the impact of the fourth industrial revolution on children and young people; AI developments; the increasingly sophisticated scams that target us all (but particularly the vulnerable); the reality of cyber threats; or the everyday surveillance we are all subject to, there is one common theme. This is not a distinct and specific area of work, limited to a distinct and specific group of professionals. This is about every single person, every single minute of every single day. In talking about how we treat data, and the importance of governance, we are talking about how we treat each other, and the importance of doing so properly.
Organisations that embrace high standards of legal and ethical compliance may not benefit from shortcuts, but they will benefit from the trust and confidence of the community or sector they serve.
There has never been a more important time for us all to ensure we deliver on our ‘day jobs’. But we also need to find time to (metaphorically at least) take in the view from space. The world is fragile, our rights are fragile. Events across the globe in recent years are a stark reminder of that. Data protection is as much about a way of thinking as it is about a legal text. Of course the legal text matters, but when we engage with it from a slightly different perspective, that can be a game changer.
PREPARING FOR THE DUA BILL
The year ahead will continue to throw challenges at us all. The UK’s data protection reform, in the form of the Data (Use and Access) Bill, looks set to make progress in the first half of the year. After the flurry of activity around the DPDI Bill that fell earlier this year, it may be challenging to regain momentum and operational levels, and interest at leadership levels. Whilst a number of elements of the old bill have been dropped, there remains much that will be familiar, and we will need to give that our attention in the coming months.
DATA MATTERS MORE THAN EVER
2024 was certainly the year that conversations around AI hit a crescendo. Now the dust has had a chance to settle, perhaps we will say farewell to some of the hype. Like all technology, we should look at it in terms of what it ‘should’ do, not in terms of what it ‘can’ do. It needs a comprehensive and clear strategy, one which considers the data and the risks with clear-eyes. Data protection and privacy professionals are not opposed to AI, or any other new technologies; we are opposed to their deployment without those guardrails in place. And the world is increasingly aware of the importance of those guardrails. Data is now inextricably linked to questions of trust, confidence and reputation. Getting the foundations right around data governance will allow for better engagement with new technologies in the future. It will also support your business objectives in a way that engages with both legal and ethical imperatives, whatever sector you are in.
Data matters more than ever. Looking after that data matters more than ever.
Written by Emma Martins (Advisor to DPAS)
