close
close
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
View other resources
header image

What is Data Privacy?

Data privacy, called “data protection” in Europe, is about protecting people’s right to privacy in an increasingly digitized world.

Since the 1960s, privacy has been an internationally recognized human right. Article 12 of the Universal Declaration of Human Rights (UDHR) requires that no person be “subjected to arbitrary interference with his privacy, family, home or correspondence…,” and that “everyone has the right to the protection of the law against such interference or attacks.”

Relational databases became exponentially cost-effective through the 1970s and 80s, making it easier than ever to store, search, and analyze electronic data at scale. In response to these advances, the UN Human Rights Committee called for laws that protect individuals’ privacy rights as well as their data.

The 1970 U.S. Fair Credit Reporting Act (1970) and the 1973 Swiss Data Act were some of the first such laws. As information technologies advanced, so did the opportunities and risks from an increasing volume, variety, and velocity of personal data. In response to these challenges, the European Union enacted the pan-European 1995 Data Protection Directive. Across the Atlantic, laws like the 1996 U.S. Health Insurance Portability and Accountability Act (HIPAA) and 1998 U.S. Children’s Online Privacy Protection Act (COPAA) continued America’s focus on specific data privacy issues.

Today, Europe is thought to have the world’s most comprehensive privacy regime thanks to its 2016 General Data Protection Regulation (GDPR). Among other benefits, the GDPR strengthened existing protections for Europeans and added more ways for them to control their data. The GDPR also inspired an ongoing series of global privacy reforms, including in the U.S. by way of the comprehensive 2018 California Consumer Privacy Act (CCPA).

As such, data privacy is also about the laws and obligations that inform how organizations should protect personal data and mitigate their interference with our rights to privacy

What is Personal Data?

Personal data is defined differently under different laws, but overarchingly, it is data that relates to an individual.

Every time you stream a show, buy a product online, register for a newsletter, pay your bills, download a free app, or apply for a credit card, you give up data about yourself. Even without your knowledge, information about who you are, what you do, and what you like is compiled and analyzed behind the scenes for a variety of uses.

Comprehensive privacy laws like the GDPR, and recently the California Consumer Privacy Act (CCPA), take this reality into account by considering ways in which data is collected, created, and related online. These laws broadly define “personal data” (GDPR) and “personal information” (CCPA) to include online identifiers, psychographics, location data, and other characteristics that, with today’s data science, are easy to mine and package into comprehensive profiles.

Consumer protection laws like the U.S.’s Fair Credit Reporting Act (FCRA) and Health Insurance Portability and Accountability Act (HIPAA) deal with specific kinds of personal data, defining narrower terms like “consumer report” and “protected health information.” Even the commonly-used “Personally Identifiable Information” (PII), which is defined in the U.S. Code of Federal Regulations, is arguably narrower than Europe’s PD and California’s PI.

The GDPR defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…

Going by the GDPR’s definition alone, it becomes clear that the ability of an organization to relate a piece of information to a person — or their browser or device — may be enough to make that data “personal,” and therefore subject to the law’s sweeping protections.

Why Data Privacy is Important for Your Business

Data privacy is critically important for every business, and it’s not something to be taken lightly.

According to Gartner, “By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today.”

This means proactively creating a privacy program that can meet the letter and spirit of rapidly evolving international requirements. Having a scalable privacy program can help your business stay compliant and nimble. Staying nimble and mindful can also help you avoid steep penalties. Modern privacy laws supercharge regulators who can fine you thousands — if not millions — of dollars. Egregious violations can even mean criminal charges and jail time.

If that’s not enough, staying diligent about how you manage personal data also helps protect your customers from harm like data breaches while helping you build brand trust. When your customers’ private data is improperly handled or falls into the wrong hands, they are vulnerable to fraud, harassment, and surveillance they didn’t ask for. If this happens, you can bet your brand reputation will take a dive. But if you do the opposite, you build your image as a responsible, ethical business customers can trust.

All-in-all, data privacy it’s not just common courtesy, it’s the law. (More on this later.)

continue reading