Site navigation

Leader Insights | The Great Privacy Debate with Sorcha Lorimer, Founder of Trace

Ross Kelly



Sorcha Lorimer believes 2020 could prove to be a critical year for public awareness and how organisations approach data protection.

In recent years, the issue of data privacy has been a hotly debated, often contentious topic.

The very nature of our increasingly data-driven society has raised serious concerns over where the line should be drawn with digital privacy – how much insight is too much intrusion?

We caught a glimpse of the implications of this for ordinary citizens when the Cambridge Analytica scandal broke in 2018. Millions of social media users profiled, their data commodified and misused to game or undermine political processes.

And while many would have not given a thought toward how their data is being gathered, used and sold, this incident, alongside a raft of high-profile data breaches in the last two years, helped propel the issue into the public consciousness.

A recently-published study on data privacy from Deloitte suggests that many consumers remain ‘unperturbed’ about how their data is collected, used and stored. While the debate surrounding this growing issue continues, has there truly been a change in societal perception of data privacy?

Sorcha Lorimer, founder and CEO at Edinburgh-based data privacy consultancy, Trace, believes that while some may be fatigued from an onslaught of data privacy-related scandals, 2020 could prove to be a critical year for both public awareness and how organisations approach data protection.

Lorimer thinks that the coronavirus pandemic – combined with high-profile civil rights protests – have brought the issues of data privacy and surveillance firmly into the public domain.

“I think we have seen a change in 2020 on data privacy, because it’s s heavily related to debates around surveillance and civil liberties globally.

“The pandemic has definitely brought all of this into sharp focus. We’ve seen a greater awareness of privacy and its importance to individuals and communities – especially when we consider the Black Lives Matter movement and discussions around the use of surveillance technologies.”

Discussions around privacy rights and surveillance, Lorimer asserts, mirror what society dealt with in the wake of the 9/11 attacks, and this is a process where people must remain vigilant and vocal.

“We’re seeing this debate play out right now where state surveillance is pitted off heavily against human rights and individual liberties.

“What we saw in the wake of 9/11 and the subsequent introduction of new regulations or laws was concerning as they don’t just stop or end once things have quietened down.”

Increasingly vocal groups within society and a growing awareness of data privacy across all age groups, Lorimer believes, is a positive. Especially given the perilous year the world has endured.

Frequently throughout 2020 the collection, use and storage of critical data – particularly in the healthcare sector – has prompted concerns over privacy.

The UK Government has come under criticism both for its use of public data to combat the coronavirus pandemic, as well as its attitude toward data privacy.

Civil rights campaigners, Open Rights Group, launched a legal challenge to the government’s track and trace programme this summer amid claims it failed to carry out adequate data protection impact assessments.

Changing perceptions

Public perception of data privacy is also changing for the better, Lorimer suggests. Especially in regard to dispelling previous ‘myths’ over what this means for citizens.

“Traditionally there has been a little misunderstanding of what ‘privacy’ is. It’s always been a cheap shot to say, ‘why would you care about it’, or equate privacy with secrecy,” she says.

“Privacy is not secrecy. It’s the right not to be monitored or surveilled and recognising that being monitored to such an extent changes your behaviour as an individual, as a country, as a society.”

The post-GDPR privacy landscape

The introduction of the General Data Protection Regulation (GDPR) in May of 2018 marked the beginning of a new era in data protection and privacy rights for both consumers and businesses alike.

Nearly two and a half years on from its implementation, the landscape has changed, and we have seen a number of major organisations fined due to data breaches or lax attitudes toward data protection.

Lorimer believes that while GDPR has prompted positive changes in how consumers and organisations interact on the topic of data, there is still a long way to go until significant improvements can be noted.

“We’re still in a very immature landscape here, it’s almost shockingly immature in some areas,” she says.

“But it’s worth noting that this is the start of a very long journey and we don’t yet have the technology solutions in place to transform the environment.”

Moving forward, Lorimer says a ‘principle-based’ approach to GDPR and data privacy is key for organisation to evolve and adapt to an ever-changing landscape.

It’s about culture – not ticking boxes

“We need to ensure there’s an intention there to create a culture of compliance rather than simply having done all the paperwork and ticking boxes,” she says.

“I think many businesses have, and continue to, tackle GDPR in the wrong way, they’re not looking at this holistically and possibly it’s because they’re driven by a classic sense of fear or uncertainty of the consequences.”

Initially with GDPR, Lorimer explains there was a lot of confusion surrounding what the regulations would mean for businesses. Similarly, in many cases neither organisational focus nor monetary investment were directed in an efficient manner.


“A major issue in many cases was that companies thought that their legal department was a one-size-fits-all solution to compliance and adapting to the new regime. They represent only part of the solution, however.

“This has to be a very joined-up approach right across an organisation where lawyers work with technologists, who work with operations, who then work with marketing and there onward.”

A gradual shift toward privacy-by-design approaches at many organisations will, in the long-term, help accelerate a cultural shift in how businesses deal with data protection and privacy.

This, Lorimer explains, will enable businesses and staff to “get under the skin of the intention” of GDPR. “Instead of just trying to prove that we are compliant, let’s actually work to build that compliance and a better process. That’s what the focus should be.” she says.

Driving innovation

A key positive outcome of GDPR thus far has been its ability to drive and accelerate innovation and the development of new, privacy-focused solutions, according to Lorimer.

“This is an exciting market with a lot of great opportunities, especially for startups hoping to innovate,” she says.

‘GDPR solutions’, as she explains, were viewed with a degree of cynicism ahead of the regulation launch and in the months following. But now there is an exciting innovation space growing around this and exploring new ways for organisations to comply and adapt to changing trends.

“In 2018 there were a lot of people jumping on GDPR as an opportunity just to make money, but the people who are still in it now are really interested in actually helping.

“There are so many people working in privacy and data protection and they’re all so passionate and helpful with it. They really want businesses to do the right thing and are driven by the ethics of it.”

Join the Debate – Data Protection 2020 Summit

Sorcha will be speaking about privacy by design at the upcoming Data Protection 2020 Summit on 10th December.

Hear from leading experts from across the data protection landscape and explore the crucial issues facing frontline practitioners.

Register your free place now at

Ross Kelly

Staff Writer

Latest News

%d bloggers like this: