Be on your guard before sharing data online

dubai - Various jurisdictions are mapping proposals on how to overcome potential infringements

As an ever engaged, technologically advanced society, the scope of information we willingly provide online is immense. Despite the right to privacy and information protection being guaranteed under the constitution of the UAE and the Federal Penal Code, individuals should be cautious of the potential implications of sharing particular details via online platforms. Information provided may be diverted and, as the abilities of technology intensify, so too does the potential for misuse.

Provisions under the UAE Cyber Crime Law and Consumer Protection Regulations ensure that offending individuals are penalised and, in the UAE, the authorities are proactive in protection of personal right to privacy and data protection. It is broadcast that personal information should not be distributed without careful consideration and awareness is drawn to the potential implications were such information to end up in the wrong hands. However, as the capabilities of software and applications enhance the information required to operate increases, resulting in a broad spectrum of specific data that requires even stricter guard.

The data we input to drive health apps may request medical records in order that operation be streamlined, exercise programmes and dietary guidance track our movements, our homes can be accessed and controlled via our smartphones, retina display unlocks our devices and, on the horizon, self-driving vehicles and drone delivery services. The capabilities are incredible and the impact on daily life is significant. However, to what extent are you assured that your information is adequately protected?

Unauthorised access may transcend jurisdiction and penalty may, therefore, be impossible to impose. This gap in data protection has long been identified and various jurisdictions are already mapping proposals as to how to overcome these potential infringements.

At the forefront of such development is the European Union which has developed and enacted the General Data Protection Regulation (GDPR) to be enforceable from May 2018. The GDPR provides unprecedented scope, carries severe penalty against any entity found to be in violation and is intended to harmonise the governance of information that relates to individuals across the EU. This extraterritorial legislation will not only affect companies operating in the EU but also extends globally to any entity that monitors EU residents or collects information pertaining to them. Entities that fail to adhere may be fined up to ?20,000,000 or 4 per cent annual turnover for the preceding financial year, whichever is higher.

Further legislation in alternate jurisdictions is likely to be forthcoming and companies not operating within the EU may still take profound steps in data collection and management. However, while such adaptations are in the works, individuals should ensure that their data is protected.

The concept of personal data as understood in the EU is not reflected under the UAE Federal Law and consent to collection of personal data in the UAE does not carry the same protection. As such, we as a community must become more vigilant in the absence of forthcoming adaptations to the current legislation. Companies operating out of the UAE should be equally pre-emptive and ensure that customer data maintained is adequately safeguarded.

Potential methods that individuals, as well as companies, may employ to track whether data requested is relevant and provision protected may include the following assessments:

a) Consent must be requested and equally easy to cancel at any time.

b) Collection of data should be for valid and legitimate purposes for which reasons should be clear.

c) Confidentiality should be enshrined.

d) Breach management must be identifiable and traceable.

e) Monitor whether data may be shared or transferred by the holder.

Where you are unsatisfied regarding the above, it is worth reconsidering whether input is critical. Alternatively, bring the issue to the attention of the service provider. Data protection should be an issue at every level and as we evolve our technologies, so too should we develop our practices and ensure our rights are protected.

It is likely that more onerous legislation will be forthcoming following institution of the GDPR. However, in order to be proactive and ensure personal protection, careful consideration is crucial prior to online contribution and data sharing.

The writer is in-house legal counsel at GCP Group. Views expressed are her own and do not reflect the newspaper's policies.