Editorial

Data protection

The astonishingly rapid evolution of information technology over the past decades has brought problems as well as huge benefits in its wake. Both departments of state and a whole range of private institutions and individuals have amassed enormous data banks of all sorts of information, personal or not, and for many years the accessibility of much of this data was not properly regulated in a number of countries, ours included. Indeed, it is only now that the Data Protection Act of 2002 has come into force that this very delicate field is subject to legal control.

This is a matter for satisfaction even though many will deplore the fact that for a good number of years the storage, transfer and accessibility of data has been totally unregulated, allowing marketing managers in many a corporation to make free use of information originally imparted by persons to a sole body for a very specific purpose.

From now on this should not happen any more, legally at least. Persons supplying data related to themselves have to be advised why data is being collected and how long it will be kept, and if the data is of the sensitive kind (such as data relating to political opinions or sexual proclivities) the subject's consent is generally required. Article 14 of the Act allows political parties or trade unions, say, to process such sensitive data concerning not only members but also others with whom that body has regular contacts. This may, and actually does at times, lead to abuse, for it is well known that the two main political parties have huge and detailed data bases relating not only to their registered members but to many other persons who may or may not share their political opinions.

The law now allows people to request the erasure of data relating to them and included without their consent in a data base, and they may request the Data Protection Commissioner, a powerful official established by this law, to see that the erasure is actually made. The Commissioner, who may only be removed by parliament, has a wide range of functions, many of them meant to protect privacy and prevent abusive use of data, such as the use of personal data for direct marketing.

Any reader on the e-mail will know full well how many unsolicited traders, Maltese or foreign, bombard them with offers to purchase this and that, not to mention obscure criminals from African countries who seem to have acquired considerable data banks for their scams.

The protection afforded by this law does not, however, extend to data processed for public security, criminal investigations by the police, certain areas of taxation, and so on. Again, this law does not seek to shackle journalism and the freedom of expression, but it empowers the Commissioner to encourage the drawing up of a code of conduct applicable to journalists and the media to regulate the processing of personal data and, until such a code is drawn up, the Commissioner may establish measures for the protection of individuals.

Only time can tell how effective the Data Protection Act will be. What is certain, however, is that Malta now has a firm legal platform on which the many possible abuses of data amassing can be controlled. A good start would be for the Data Protection Commissioner to ensure that all citizens know both their rights and obligations under the Act.

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.