Blog | Data Protection Day
Since 2007, Data Protection Day, on the 28th of January, has been celebrated globally. It can also be known as Data Privacy Day.
The goal is to raise public awareness about data privacy and to engage the broader public and businesses to encourage them to adopt best practices when it comes to protection of Data Privacy.
What is Data Privacy?
First, what is Data Privacy in this context? Fundamentally it’s about ensuring that an individual has full control over how their information is used, shared and communicated by others. Personal Identifiable Information (PII) is any representation of information that permits the identification of an individual to whom the information applies. This can be either information that directly infers the identity of an individual (e.g. name, address, telephone number, email) or information that could indirectly identify them (such as religion, race, gender, postcode/eircode etc.)
Over time as the general use of the Internet has increased and as individuals have come to increasingly depend on internet facing services for different things (interacting with government agencies, mapping, online banking, shopping, dating, social media etc.) there has been a corresponding increase in the importance of Data Privacy.
It is possible, for example, that some web services/apps may actually carry out data collection that is in excess of what an individual user may have expected, resulting in less privacy and the risk of potential data breach. In this context there has been increasing move in recent years to improve the situation by regulating what data can be stored about individuals and how it may be processed.
European Union citizens have their personal data regulated under the General Data Protection Regulation (GDPR). Article 4 of the GDPR, gives the following as a definition for “personal data”.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Why is Data Privacy important?
Privacy is regarded as a fundamental human right in most jurisdictions. Examples of this can be seen in the European Convention on Human Rights, where privacy is considered a fundamental right: Article 8 – Right to respect for private and family life.
Likewise, the Council of Europe adopted Convention 108 (Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data) in 1981 (updated in 2018) driving home the importance of the protection of Data Privacy when it comes to personal data and how it may be processed.
As individuals engage in more and newer online services, it’s important that they have a fundamental expectation that their personal data will be handled with care and protected. Organisations that follow best practices when it comes to data protection policies can demonstrate to their customers/userbase that they can be trusted with an individual’s Personal Information.
In the world of “Big Data”, PII is an important commodity and it’s important that organisations which may collect an individual’s Personal Information do so in a manner that is not open to abuse. A clear example of the latter is when a business uses customers information without consent in a way that was entirely different to what had been presented to them when the data was collected.
A well-known case was that of an organisation gathering information from users of a specific social media platform so that they could surreptitiously build a profile on how the user may vote in an upcoming Presidential election. Other potential risks include cybercriminals taking advantage of the lax Data Privacy practices of a targeted organisation, exposing individuals to potential fraud, harassment or harm by the malicious use of their personal data.
What can regular users do to protect their privacy?
Have you come across a situation where you search for a topic on a search engine and minutes later you start seeing ads in social media for the same thing you looked for?
Applications and websites sometimes go to extreme lengths to track your online usage so as to build a better profile of you. One could almost think of it like a trail of breadcrumbs, curiously enough, those breadcrumbs are called cookies in internet jargon.
So are you defenseless when it comes to protecting your privacy? Definitely not. There are a number of practices and tools you can use to reduce or eliminate these “breadcrumbs”.
- Apple added a feature into their products to allow you to choose if you want to be tracked. You may have come across a notification saying “Allow App to track your activity across other companies’ apps and websites”. You can choose not to be tracked, thus increasing your privacy.
- Mozilla in 2021 added the ability to block tracking cookies across sites to Firefox, thus reducing your exposure to being tracked.
- Sometimes Internet Service Providers (ISPs) are in a position to sell your internet activity profile to interested parties, you can protect yourself using VPN software, masking your activity.
- If you are a Google user, you can check what information Google knows about you and reset it if you want.
What can businesses do to provide more privacy to customers?
Depending on the place you live, certain businesses will ask for more information they need to know in order to provide you services. For example, is it relevant for the mechanic of your car to know your address or date of birth? European businesses are regulated by GDPR and other frameworks to protect privacy. In general, a business can be more privacy-conscious if they:
- Are aware of asking the minimum amount of information to provide services.
- Hold the collected data for just the time necessary to do business.
- Disclose clearly how your information will be used, and nothing more.
- Ensure the data they hold is properly protected.
What .IE does to protect our customers’ privacy
We provide all our customers a clear and simple Privacy Policy indicating what PII we request and how it’s used, a Data Retention Policy explaining under what conditions we keep certain personal data and for how long, and how our business practices were adjusted to comply with GDPR.
Read more about the range of critical services we do which underpin and protect the .ie namespace – Technical Services
Sebastian Castro is our Data Scientist and leads our data analytics team. Paul Duffy is our Systems Administrator and a subject matter expert on the Network & Information Security Directive (NIS2).