Forty years ago, it would take a four-drawer filing cabinet to store 10,000 documents. You would need 736 floppy disks to hold those same files; now it takes up no physical space at all to store 10,000 documents on the cloud.
As data storage has evolved, so too has the whole information landscape, and with it the challenges of storing, transferring and appropriately using people’s personal data.
An exhibition by the Information Commissioner’s Office (ICO), which opened at Manchester Central Library this week, charts the evolution of data privacy through 40 items, each chosen to illustrate how access to information has evolved, or how data has been at the heart of some of the biggest news events of the past four decades.
“I think the wonderful thing about the exhibition is that the world that we occupy, like any specialty, is filled with jargon and technicalities,” the information commissioner, John Edwards, said.
“[People] won’t know what a data controller is, they don’t know what a data processor is, they don’t know what a data subject is, we have to use some of these specialist terms. What the exhibition shows is what we do is about people, and it’s about real human impacts.”
Items in the exhibition, which is also available to view online, include a Pokémon toy, a floppy disk, a Tesco Clubcard, a modem, a millennium bug pamphlet, a football shirt and a Covid vaccination card.
Other exhibits highlight how the ICO has made changes in society; from ending the “employment deny list” in the construction industry, to the introduction of public food hygiene ratings for restaurants.
Edwards’ favourite item? A pair of spiked lawn aerator shoes, which illustrate an early example of enforcement action when, in the 1980s, the company behind them was found to be making almost as much money from selling its customers’ information as it was from selling the shoes.
“They were fined quite significantly for their exploitative marketing techniques,” Edwards said.
The 40th plinth in the exhibition remains empty, with members of the public asked to put forward their own ideas for objects that have shaped the data landscape.
“That’s to reflect the notion that privacy is personal, subjective,” Edwards said. “We each have our own expectations and experiences.”
The ICO was founded 40 years ago, in a small office near Manchester, as the UK’s data protection regulator, responsible for presiding over a new Data Protection Act. Since then the landscape overseen by the regulator has changed beyond all recognition.
Today, people have “tens of thousands of times” more personal data out in the world than they did when the role was created, Edwards said.
“You just move through the world today shedding data wherever you go,” Edwards said. He asks how the Guardian travelled to this interview (by bus). “Did you tap on?” he asked. “You created data there.
“You used your cell phone on the way, so you’re pinging off cell towers the whole way. Forty years ago, none of this was a thing.
“We’ve had this, kind of, data world sneak up on us, and most of that data, for most of those years, was an accidental byproduct.
“We’ve now got to a stage where all these companies are going, hang on a minute, we could make money out of that.”
Every year, he said, “hundreds of billions of data transactions” took place, and with “infinite variety”. The ICO was regulating everything from small schools, GP surgeries and libraries to huge “fiercely competitive” social media companies, which Edwards said often “don’t pause long enough to test the privacy implications of what they’re doing”.
“The biggest challenge has been trying to keep up with the pace of change,” Edwards said. “Companies innovate very quickly, we regulate and investigate very slowly.
“I think part of the objective of an investigation is to put some lines in the sand for companies to say: ‘You can’t do this,’” he added. “But if it takes us three years to do that, then all the companies have moved on by the time we learn that lesson. So that’s the biggest challenge, and that’s something we’ve got to get better at.”
What will data and privacy look like in 40 years’ time? “Look, I don’t know where we’re going to be four weeks from now,” Edwards said.
“The geopolitical situation is really kind of volatile at the moment,” he said. “We’ve got an environment where US tech firms are pushing back on a lot of regulation that affects them, even when it’s in a jurisdiction that they want to do business in. We haven’t seen how that’s going to play out.”
“Quantum computing has potential to change everything,” he added. “Agentic AI is the next AI coming down the pipeline.
“It’s going to be really fascinating even the next 12 months,” he said, “let alone the next 40 years.”
