Reflections on privacy, identity and consent in on-line services

The paper gives an overview of the evolution of the laws protecting personal data privacy in the UK over the last 30 years. Against this background, the author considers: the compromises to personal data privacy brought about by the electronic age; individual motivations for using e-services and the balance of risks and benefits; the place of identity management in e-transactions; and, the ways that data guardianship can be improved by an understanding of the roles and responsibilities of those responsible for personal data in organisations, data handlers and individual citizens. The conclusions reached are that once personal data has been recorded electronically it persists and the divide between public and private space is blurred. Citizens should retain rights to personal data including the right to be asked for their consent before it is shared or linked for commercial or administrative purposes. This puts a particular duty on government to behave (and be perceived to behave) responsibly and transparently with regard to the collection, use and disposal of personal data so as to create trust and support democracy.