The topic of data protection looks as dry as dust in some of the syllabuses I’ve seen. They tend to focus on the legislative aspects, which in my opinion should be dealt with last of all.
Why? First, because trying to learn lots of dates without any kind of context is difficult, to say the least. Second, and related to this and, in my opinion more fundamentally, before anyone can learn anything they have to have a few “mental hooks” on which to hang the information.
In the case of data protection in the UK, for example, why would any school pupil be interested in the fact that there is a Data Protection Act? What does it mean for them personally? It’s much more important to get the pupils to understand the principles of the Act first, and then to tackle the details.
For example, one of the tenets of the Act is that a company can’t collect data for one purpose and then use it for another. Another is that organisations that collect personal data have to do their best to keep it protected. That isn’t just a matter of making sure it’s password-protected, but a matter of everyone throughout the organisation understanding the principle of keeping people’s data safe.
A good example, of the opposite of this was a travel agency I visited some years ago. I was sitting waiting to be served, when the employee dealing with the person in front of me had her computer screen angled such that I could clearly see the customer’s name and address while the employee was saying, in a loud voice, “So you’re looking at the two weeks starting 1st July…” Needless to say, I quietly took my leave, and have never been back since.
This raises another interesting issue. Data protection is also to do with marketing and reputation, not only ethical behaviour. Actually, the two are closely related: in my opinion, a company that somehow allows its employees to treat personal data in the cavalier fashion I’ve just related is not, in my opinion, a very ethical company. Or at least, not ethical enough.
So data protection, and privacy, are not merely legal concerns, but ethical ones too. Dealing with the ethical issues is, I would suggest, likely to be more interesting than attempting to teach a list of dates and principles in isolation.
Legal and ethical issues start to become a bit cloudy in some areas. I am thinking in particular of publishing photos of people without their permission. My understanding is that in the UK you can do so as long as the photo was taken in a public place, is not indecent, is part of a general (crowd) scene as opposed to a close-up, say, and that you’re not using the image for advertising, financial gain or to illustrate something uncomplimentary.
However, when is a public place not a public place? For example, a shopping centre, owned by a company, is not a public space as far as photography is concerned. In fact, some even have notices up saying “No photography”.
Even if you are completely within your legal rights as far as publishing the photo is concerned, is it ethical? Put another way, would you feel comfortable coming across your photo on a website completely out of the blue?
Also, if your website is hosted outside the UK, presumably the data protection and privacy laws of that country should be taken into account too.
It seems to me that the best thing to do is ask people to sign a media release form once you’ve taken their photo. I haven’t refreshed my memory of this area because I am using it simply to illustrate the point that when it comes to data protection and privacy there are ethical as well as legal issues to consider. There are also, as the example of the travel agent suggests, business issues in terms of reputation.
It is clear that data protection could be covered from different angles in several subjects. It could be covered in a business course, personal and social education, possibly RE, definitely in a photography course if your school runs one, ditto a journalism course (and therefore as part of the English curriculum?) and certainly in the ICT curriculum. From the point of view of self-protection from legal consequences, this whole area could also be thought of as another aspect of e-safety.
Bearing all this in mind, I see no reason that data protection should ever be boring.