A solicitor specialising in technology says he will defy the rule requiring him to display the Solicitors Regulation Authority’s new digital badge on his firm’s website – on the ground that it contravenes data protection law.
George Gardiner, of commercial and technology firm Gardiner & Co, described the badge, which becomes mandatory for SRA-regulated firms next month, as ‘an illegal gimmick’. He told the Gazette that his concerns stem from a lack of clarity about how the provider of the badge technology and the underlying technology will handle data generated when individuals click on the badge to check a firm’s bona fides.
The ‘clickable logo’ contains embedded software which confirms that a practising certificate is valid and clicks through to an SRA-hosted page which confirms that the firm is regulated and outlines what protections this regulated status provides. Its display will be mandatory from 25 November.
Gardiner said that, as the data controller responsible for his firm’s website, he has to ensure that all processing of personal data is lawful. However he said that the system’s design involves the processing of data by technology supplier Yoshki, and does not ask users to give their consent. Yoshki’s system is based in turn on technology developed by Google ‘which is in the business of harvesting personal data’, he said. In theory it has the capability to track a visitor to a law firm’s website and target them with promotions on social media.
’I have been in discussions with the SRA for some nine months and have got nowhere,’ Gardiner said.
An SRA spokesperson said: ‘We – and our development partner Yoshki – only have access to the data which is necessary to implement the clickable logo service.
'So that we can address any improper use of the logo, and understand which firms have adopted the service, we can see which websites have implemented the logo. We can also see how many times the logo has been clicked – this is to help manage system performance and to gain insight into usage.
’We do not have access, record or store any additional data such as IP addresses or page navigation behaviour. We do not collect data that would identify an individual.
’If we find a firm is not making any effort to comply with our transparency rules after they become mandatory on 25 November, then we will need to consider enforcement action.’
Gardiner was not persuaded: ‘If they don’t understand the technology they shouldn’t install it.’