by Alexis Aarons | 28 January 2014
Happy Data Protection Day!
Yes, you read it right, today is Data Protection Day.
Although it didn't sound like the most exciting of days, after hearing this on the news this morning I was interested to know what it was about.
The idea is simple; European Data Protection Day aims to raise awareness around what kind of data is collected about people, how it is used and why it is used. It is also an opportunity to become more aware of the inherent risks associated with the unlawful use of personal data.
The date was decided in 2006 when the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day. The 28th January was the chosen date as this is the anniversary of the opening for signature of the Council of Europe's Convention 108 for the Protection of individuals with regard to automatic processing of personal data. The convention is over 30 years old but two years ago, the European Commission proposed a reform of the EU's data protection rules making them relevant to the 21st century.
Data protection law exists to controls how people's personal information is used by organisations, businesses or the government. The majority of problems encountered related to the processing of personal data, such as the unjustified transfer of personal data to third parties, improper and excessive collection and storage, storage of inaccurate information and unlawful disclosure. Research suggests that most data protection violations arise from internet-based activities, direct marketing, credit card fraud and video surveillance.
The reforms in 2012 were designed to enable user to trust websites that they use every day, striving for a single standard of date protection across technology firms and offering advantages to companies who make data protection a priority.
Under the new reforms, the European Commission states that people will have:
A right to be forgotten: When you no longer want your data to be processed and there are no legitimate grounds for retaining it, the data will be deleted
Easier access to your own data: A right to data portability will make it easier for you to transfer your personal data between service providers
Allowing you to decide how your data is used: When your consent is required to process your data, you must be asked to give it explicitly. It cannot be assumed
The right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours) so that users can take appropriate measures
Data protection first, not an afterthought: 'Privacy by design' and 'privacy by default' will also become essential principles in EU data protection rules - this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm - for example on social networks or mobile apps.
I am sure we have all, to different levels of severity, been victims of data protection breaches from numerous unwanted emails and calls to transactions on credit cards in shops that you don't even know exist. Despite this, I still happily gave my email address to 2 companies when I downloaded new apps this morning.
Will I start to read a company's data protection policy before I give them my personal details in the future? Probably not, but I will think twice about who I am providing my personal details to and what I am 'opting into' and 'opting out' of.