Guernsey Press

10 Years On: Is data protection the new oil for Guernsey?

IN 2008 Guernsey already had data protection rules in place to protect information that related to individuals, which were based on the EU Data Protection Directive. However, the Directive was adopted in 1995, at a time when the world wide web was still relatively new, and it did not anticipate the technological progress and globalisation that changed how information is collected, stored and used.

Published
Stephen Ozanne, Walkers. (22596245)

However, by 2008 Twitter had 400m. tweets per year and Facebook had surpassed 100m. users. These businesses, and other tech companies such as Microsoft, Apple and Google, could collect vast amounts of information about their users, which in turn they could use to develop and offer new products and services.

A new business model was quickly evolving where users of online services were being commoditised in return for receiving those services for free, whilst customers were advertisers who wished to target those users. However, concerns were increasingly being raised in relation to how individuals’ information was being used, particularly when taking into account their fundamental human right to a private and family life.

Such concerns came to the forefront when a certain Edward Snowden leaked details of numerous global surveillance programs that accessed individuals’ online information, often without a legitimate reason for doing so.

Fast forward 10 years and Guernsey has adopted a new data protection regime, which is based on the EU’s new General Data Protection Regulation to enhance individuals’ rights to privacy.

Guernsey is one of only 11 non-EU jurisdictions that benefits from a data protection adequacy decision of the EU Commission, and Guernsey is committed to maintaining this status.

This means that it is much easier for businesses to transfer individuals’ data between the EU and Guernsey than between the EU and other countries that do not have an adequacy decision. This is a significant advantage for Guernsey businesses in respect of the ease of dealing with European customers and it has created an opportunity for businesses in jurisdictions that do not have adequacy decisions to use Guernsey to host data relating to their European customers to maintain compliance with GDPR.

Sorry, we are not accepting comments on this article.