Shut the barn door: UK data watchdog tells MPs mass slurping by firms is a huge risk to privacy

Regulators and campaign groups have warned a UK Parliamentary inquiry that the increasing collection, use and storage of data by corporations poses a serious risk to privacy and security.

The Human Rights Committee hearing into the right to privacy and the "digital revolution" follows the scandal last year of 87 million unauthorised Facebook users' details being shared with Cambridge Analytica.

In its submission, the Information Commissioner's Office said: "The mass collection and aggregation of data, particularly by companies with data-driven business models, underpins the risks to individuals' privacy at a very fundamental level.

"Businesses have always collected data on customers and users, but the rapid development of technology, particularly online, has allowed this collection and aggregation to be done on an industrial scale. It has reached the point where data collection is not simply a means to a business end, but the end in itself. Data has become the commodity."

In April, the ICO fined commercial pregnancy and parenting "club" Bounty £400,000 for illegally sharing personal information belonging to more than 14 million people.

The company shared approximately 34.4 million records between June 2017 and April 2018 with credit reference and marketing agencies, including Acxiom, Equifax, Indicia and Sky.

Steve Wood, deputy commissioner at the ICO, told the committee the ICO was actively "calling out" private companies sharing data in this way. He said in the next few years legal precedents are likely to be set on a European level against private companies amassing data.

Orla Lynskey, associate professor of Law, Department of Law, London School of Economics, said a lot of companies are asking consumers to consent to unnecessary data collection in order to access free services. She cited the example of online supermarket Ocado recently asking permission to access her photos in order to use its app.

"That is a common feature across applications," she said. "I would in no way single out Ocado – it is systemic."

Indeed, prime ministerial hopeful Matt Hancock released an app last year that also requested access to users' photos.

Not surprisingly, a lot of the submissions found folk don't understand what happens to their data and therefore do not give meaningful consent when using online services. According to digital charity Doteveryone, 62 per cent of people are unaware that social media companies make money by selling data to third parties.

Privacy campaigners have argued that consumers should have the choice to opt into data tracking.

Fears were also expressed that companies can build a profile around sensitive information such as political and religious views, socio-economic status, sexual orientation and other details of their family life.

In its submission Privacy International said: "Companies routinely derive data from other data, such as determining how often someone calls their mother to calculate their credit-worthiness. As a result, potentially sensitive data can be inferred from seemingly mundane data, such as future health risks." ®