You probably created data before you made breakfast this morning. Every day you wake up in the morning, you check your email, you get in your car, you’re using GPS, you’re typing into your systems…you are creating more and more information.
Essentially, you’re putting out pieces of data every time you interact with an online device. But because you don’t see the data pouring out of your fingertips and floating through the air, you tend to forget about it. But this is a problem. Be aware that your digital activity is very similar to a digital tattoo. There’s a lot of information that goes out.
In this regard, you should be aware that in using the Internet your personal data is regularly processed. This happens when you use services such as browsers, email, instant messages, voice-over Internet protocols, social networks and search engines and cloud data storage services.
European Data Protection Day: Every day should be your privacy day
However, privacy is a right and no one has a right to the personal details of your life. Or your digital life. That is why, on 26 April 2006, the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day, to be celebrated each year on 28 January.
This date corresponds to the anniversary of the opening for signature of the Council of Europe’s Convention 108 for the Protection of individuals concerning automatic processing of personal data which has been for over 30 years a cornerstone of data protection, in Europe and beyond. Data Protection Day is now celebrated globally and is called the “Privacy Day” outside Europe.
The Data Protection Day aims to give individuals everywhere the chance to understand what personal data is collected and processed about them and why, and what their rights are with respect to this processing.
Data protection and online privacy
Privacy is a right, not a privilege and no one has a right to the personal details of your digital life, except in two cases: when laid down by law or when you have consented to it. Therefore, you should be informed of what personal data are processed and/or transferred to third parties, when, by whom and for what purpose.
Generally, you are in full control of your data at any time and you have the right, as exercise control over your personal data, in accordance with the EU data protection rules.
The EU General Data Protection Regulation, also known as GDPR, guarantee the protection of your personal data whenever they are collected. These rules apply to both companies and organisations (public and private) in the EU and those based outside the EU who offer goods or services in the EU, such as Facebook or Amazon, whenever these companies request or re-use the personal data of individuals in the EU.
Explore the following consumer rights to see what you can do about your privacy online as an EU citizen and what you should fight for.
Right to information and access to personal data
First and foremost, before collecting any data, businesses should inform the individuals of what data is processed, why, for what purposes, to whom it is transmitted and what rights he has. Thus, you have the right to access and receive a copy of any personal data and other supplementary information about how the data has been used, or is being used by a company or organisation. They should reply you within 1 month.
Right to deletion or the right to be forgotten
If your personal data is no longer needed or is being used unlawfully then you can ask for your data to be erased. This is known as “the right to be forgotten”.
These rules also apply to search engines, such as Google, as they’re also considered to be data controllers. You can ask for links to web pages including your name to be removed from search engine results, if the information is inaccurate, inadequate, irrelevant or excessive.
Right to object or withdrawing consent to use personal data
If you previously gave your consent for a company or organization to use your personal data, you can contact the data controller (the person or body handling your personal data) and withdraw your permission at any time. Once you’ve withdrawn your permission, the company or organization can no longer use your personal data.
For direct marketing emails that promote particular brands or products, your prior consent is required. However, if you are an existing customer of a particular company, they can send you direct marketing emails about their own similar products or services. You have the right to object at any time to receiving such direct marketing and the company have to stop using your data immediately.
In all cases, you should always be given information about the right to object to the use of your personal data the first time that the company or organization contacts you.
Unauthorised access to your data (data breach)
In case of a personal data breach – when personal information is stolen, lost or illegally accessed – the data controller (the person or body handling your personal data) must report it to the national data protection authority. The data controller must also inform you directly if there are serious risks related to your personal data or privacy due to the breach.
You may be entitled to compensation if you suffer material damage, such as financial loss, or non-material damage, such as psychological distress, due to a company or organisation not respecting EU data protection rules.
What about cookies?
Once you go online, you leave a trail of digital crumbs behind that say a lot about you as an individual, your private activities, and where you do them. These crumbs are spread out over more locations, can be harder to see, and – most importantly – have a more negative impact on your privacy. Cookies are used to follow your internet use as you browse, make user profiles and then display targeted online advertising based on your preferences. So for example, if you all of a sudden notice that Google shows you ads based on your latest internet searcher, that’s how it’s being done.
However, there are some cookies that don’t require your consent – those used for the sole purpose of carrying out the transmission of a communication. For example, cookies that are strictly necessary to provide an online service that you explicitly requested, like when you fill in an online form or when you use a shopping basket when shopping online.
Making a complaint
If you think your data protection rights have not been respected, you can make a complaint directly to your national data protection authority which will investigate your complaint and give you a response within 3 months.
You can also chose to file a case directly in court against the company or organisation concerned instead of first going to your national data protection authority.