The government in the United Kingdom (UK) is to amend The Data Protection Bill in order to protect security researchers working to uncover abuses of personal data, removing this way criminalisation of legitimate research. As media reports, the bill will contain a clause making it a criminal offence to ‘intentionally or recklessly re-identify individuals from anonymised or pseudonymised data’. The government has introduced an amendment to the bill providing an exemption for researchers carrying out ‘effectiveness testing’. With this, researchers would have to notify the Information Commissioner’s Office (ICO) within three days of successfully deanonymising data, and demonstrate that they had acted in the public interest. Minister for Culture, Communications and Creative Industries in UK, Matt Hancock, stated: ’We are strengthening Britain’s data protection laws to make them fit for the digital age by giving people more control over their own data. This amendment will safeguard our world-leading cybersecurity researchers to continue their vital work to uncover abuses of personal data.’
Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.