Data Privacy
Data Privacy
Data Privacy
1 - Privacy helps reinforce user trust of online services, yet online privacy is
under constant pressure of being undermined.
First things first: Although there is no universal privacy or data protection law
that applies across the Internet, several international and national privacy
frameworks have largely converged to form a set of core, baseline privacy
principles. One of the most influential of these is the Organisation for Economic
Co-Operation and Development (OECD) 2013 Privacy Guidelines
1- There should be limits to the collection of personal data. Any such data should
be obtained by lawful and fair means and, where appropriate, with the knowledge or
consent of the data subject (the individual).
2- Personal data should be relevant to the purposes for which they are to be used,
and, to the extent necessary for those purposes, should be accurate, complete, and
kept up to date.
3- The purposes for which personal data is collected should be specified. The use
should be limited to those purposes or other purposes that are not incompatible.
4- Personal data should not be disclosed, made available, or used for other
purposes except with the consent of the individual or where authorised by law.
8- Individuals should have the right to obtain information about their personal
data held by others and to have it erased, rectified, completed, or amended, as
appropriate.
9- Those who collect personal data should be accountable for complying with privacy
principles.
1- Privacy and data protection laws are not the same across all countries, and some
countries do not have privacy or data protection laws.
2- Even where the data is covered by the laws of both countries, the protections
may vary (e.g., data collection may be opt-in or opt-out). To complicate matters
further, more than one country may assert that its laws apply.
1- The Internet spans national borders, yet privacy and data protection laws are
based on national sovereignty.
2- Provisions are needed to protect personal data that leaves one country and
enters another to ensure the continuity of data protection for users.
3- Information about you may be shared with others without your knowledge or
consent. It may happen because of something you do or something someone else does.
As personal data has monetary and strategic value to others that may not be aligned
with an individual’s interests, it is a challenge to ensure that it is only
collected and used appropriately.
4- Privacy impact. Understand the privacy impact of personal data collection and
use. Consider the privacy implications of metadata. Recognize that even the mere
possibility of personal data collection could interfere with the right to privacy.
Further, understand that an individual’s privacy may be impacted even if he or she
is not identifiable, but can be singled out.
6- Choice. Empower users to be able to negotiate fair data collection and handling
terms on an equal footing with data collectors, as well as be able to give
meaningful consent.
10- Tools. Promote the development of usable tools that empower users to express
their privacy preferences and to communicate confidentially (e.g., encryption) and
anonymously or pseudonymously; and enable service providers to offer choices and
visibility into what is happening with user data.
1- Personal data has monetary and strategic value to others that may not be aligned
with an individual’s interests.
2- Ethical data collection and handling principles can assist in protecting online
privacy.