Discussions around personal data protection in the European Union have drawn attention to the right of citizens to secure their privacy, a right that has been a constant concern over the years.
This is especially the case in the digital era, as the emergence of new technologies has changed things in ways that previous legislators could never have imagined. In Europe, the General Data Protection Regulation is intended to be a robust – and up to date – response to that.
Although personal data protection does not currently determine all aspects of privacy, it has nevertheless become a fundamental element in taking care of our information in the context of new technologies. This is especially the case with our online activities, as well as our digital identities.
Privacy has been a human right for some time
The idea of privacy, as we understand it today, has been around for quite some time (many see Samuel Warren and Louis Brandeis’ article from 1890, The Right to Privacy, as the first real intellectual argument for it, but, arguably, its history goes back further).
Defining privacy is not a simple task. It includes aspects like the right not to be harassed and the right to control one’s own information – how and when it can be shared, for example.
Our understanding of it changes with time and the concept can be subjective. Accordingly, achieving consensus can be difficult. However, few can argue with the following definition – privacy involves the right of individuals to separate aspects of their private life from public scrutiny. So we all have a right to it, without distinction.
Needless to say, in the 21st century, the topic of privacy has taken on a new level of vigor, with new technological developments creating all sorts of new challenges. We are currently overwhelmed with countless new digital tools that increasingly expose our activities, both with our – sometimes tacit – consensus and without our knowledge.
Data protection as a basis of online privacy
Digital identity can be defined as information associated with the activities that we carry out in cyberspace, as a result of the interaction with other users, organizations, or online services, where it generally involves personal data that is often given out to third parties.
Third parties often process, store, or transmit our data, even to the point of making a profit from our information. There are currently many online services that know a lot about our activities, likes, preferences, and identification data, which in their own right are used for commercial purposes. Protection of this information helps to safeguard our private lives.
Rights in the new data protection laws
In Europe, in the context of legislation for the protection of personal data, we have the upcoming General Data Protection Regulation. The aim is to ensure that new privacy rights are in line with current issues, such as the right to be forgotten online.
To expand – people now have the power to request that companies erase their personal data in certain circumstances, for example when it is no longer needed for the initial purposes for which it was collected or when its owner withdraws their agreement.
The right to object to profiling is also being considered, meaning that people may object to their personal data being processed or used for profiling in certain circumstances.
Profiling means tracking people online and targeting them with advertising based on their behavior. In other words sending out ads based on users’ browsing habits and likes. This activity should become more difficult for companies to carry out, as they will have to implement appropriate consent mechanisms in advance.
A third element being considered by this law is the right to data portability. Individuals have the right to obtain a copy of their personal data from the company that processes their information in a common and understandable format.
Although the implementation of these directives within organizations may prove complex – and how it will work in practice has not yet been defined – companies within and outside the EU should begin to consider the ways in which they will be able to put these rights into effect.
This is not expected to be a simple task. Besides having an impact on companies, it may also create changes in individuals, giving them better control and rights over their personal information. We hope that they are able to exercise these rights.
by Miguel Angel Mendoza, ESET We Live Security