There is a lack of legal protection of individuals with regard to automatic processing of personal information relating to them, especially when considering the increasing use made of computers for administrative purposes. There is also a lack of general rules on the storage and use of personal information and in particular, on the question of how individuals can be enabled to exercise control over information relating to themselves, which is collected and used by others. Mistakes in data held can wrongly label individuals with a criminal record or unfairly list them as a credit risk.
The use of computerized personal data systems may have adverse effects on the right to privacy by gathering and storing a greater amount of data pertaining to the private life of the individual and disseminating them to a wider audience than the individual consented to or anticipated when he originally surrendered the information, thus infringing upon its confidentiality.
Computerization of personal files has been also viewed as having a specific impact in organizational decision-making, on what is called (in the Anglo-American legal systems) the due-process tradition, as the data collected in these files are relied upon to determine rights, benefits or obligations of the individual. Concern has sometimes been expressed that expansion of computerization of personal data may result in a 'dossier society' which would have 'dehumanizing' effects on the individual.
The relative inflexibility of computer-based record-keeping resulting from the system having been designed to use certain pre-conceived categories, coupled with the constraints that some computerized systems put on the freedom of persons concerned to provide explanatory details in responding to questions have been considered as contributing to the dehumanizing effect of computerization.
The use of the standard universal identifiers (SUI), in connection with computerization, has recently raised fears and anxieties (even in some European countries where such identifiers were introduced without opposition). Because of the introduction of SUIs, citizens feel a sense of alienation from their social institutions and resent the dehumanizing effects of a highly mechanized civilization.
In addition, fear of loss of anonymity, and the suspicion that bureaucrats confronted by numbers will tend to forget that they represent real people, have been also mentioned as negative psychological effects of SUIs. In addition the use of computerized personal data systems may have harmful effects on human rights in relation to inaccuracy and obsolescence of data, access to and sharing of data, accumulation of data and the record-keeping personnel. One or several of the human rights mentioned above may be adversely affected by one of these negative consequences. For example, inaccuracies in personal data, due to the use of computers, may affect the right to a fair and public hearing, if the computerized information is used as evidence in courts and, when it is employed for making decisions, other rights of the individual.
Information power brings with it a corresponding social responsibility of the data users in the private and public sectors. In modern society, many decisions affecting individuals are based on information stored in computerized data files; payroll, social security records, medical files, etc. It is essential that the undeniable advantages obtained from automatic data processing do not at the same time lead to a weakening of the position of the persons on whom data is stored. The question has arisen to what extent national data protection laws afford adequate protection to individuals when data concerning them flow across borders. Computers, in combination with telecommunications, are opening new prospects for data processing on an international scale. In several sectors (for example banking, travel, and credit cards), such transfrontier data processing applications are already commonplace. In principle, it should make no difference for data users or data subjects whether data processing operations take place in one or in several countries. In practice, however, protection of persons grows weaker when the geographic area is widened. Data users might seek to avoid data protection controls by moving their operations, in whole or in part, to 'data havens', that is, countries which have less strict data protection laws, or none at all.
In the UK, 10% of enterprises surveyed reported unauthorized disclosure of computerized information by employees to competitors. Also in the UK, some 60 protests per week are made concerning errors in personal information held in state and private data banks. Such errors have been discovered in police and hospital computers as well as among commercial collectors of personal data. In 1994 it was reported that private security firms were offering to obtain confidential information, such as bank statements or medical details, on neighbours, friends and colleagues for £750.