1.3 What Is Privacy, Data Protection and Responsible Data Management?
Read through these slides, make a small quiz and then continue to the next exercise.
Slide 1: Privacy
Privacy is a fundamental human right, and is protected under Article 12 of the United Nation Declaration of Human Rights, covering both (a) Physical Privacy, and (b) Informational Privacy.
Right to Privacy
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
Slide 2: What is data protection
Watch this 3 min video of Privacy International:
Slide3: Data Protection Frameworks
To protect our Informational Privacy most countries in the world have Data Protection Frameworks that regulate data collection and data processing. The term of Data Protection might be misleading – the goal of those frameworks is of course not to protect the data, but to protect the data subject: the people.
As of January 2018, over 100 countries around the world have enacted comprehensive data protection legislation , and around 40 countries are in the process of enacting such laws.
Exercise: Visit this map by UNCTAD and see what the status of data protection legislation is in your country and in your neighboring countries.
Slide 4: Data categories
Most Data Protection Frameworks make a distinction between three data categories
1. Personal Identifiable Information also known as personal data, is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one that can be identified, directly or indirectly. This includes data that can be used to directly (name) or indirectly identify (a title such as PhD, someone’s shoe size) a data subject. Data Protection Regulation applies to this category of data.
2. Sensitive personal data, this is a set of “special categories” that must be treated with extra security. These categories are: Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade union membership; Genetic data; and Biometric data (where processed to uniquely identify someone). Data Protection Regulation applies to this category of data; and often requires special protection mechanisms.
3. Non-Personal Identifiable Information, any information that cannot be used to identify a natural person. Data Protection Regulation does not apply to this category of data.
Slide 5: Responsible Data Management
Responsible data management is the duty to account for unintended consequences of working with data by:
1. prioritizing people’s rights to consent, privacy, security and ownership when using data
2. implementing values and practices of transparency and openness.
Data ownership: most Data Protection frameworks refer to
1) the data subject, the individual whose personal data is collected, processed and used, and
2) the data processor.
The question of data ownership legally refers to who is the rightful owner of data and who is responsible for the use of this data. However, responsible data management acknowledges that data ownership should be thought about in terms of the data subject being owner of their own personal data.