2. Data Privacy
DATA PRIVACY Why does it matter?
Limits on power
Privacy is a limit on government power, as well as the power of private sector companies.
In the wrong hands, personal data can be used to cause us great harm.
Essential Freedoms
Privacy is key to freedom of thought, expression and protects our ability to associate with other people. Privacy is a critical component of a democratic society.
Right to second chance
Privacy nurtures the ability to learn from our mistakes, to grow and improve without being shackled to the mistakes of our past.
Data Privacy
EU General Data Protection Regulation
Under the General Data Protection Regulation (EU) 2016/679 Personal data shall be:
- processed lawfully, fairly and in a transparent
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date
- kept in a form which permits identification of data subjects for no longer than is necessary
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
GDPR
Art. 4 (1). Personal data are any information which are related to an identified or identifiable natural person. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Financial information
Credit card
Account data
Customer number
Contact information
Home address
Email address
Telephone number
IP address
Location data (GPS)
Other
Health records
Credit score rating
Examination answers
Appearance
In case of breach:
Notify the supervisory authority at the latest within 72 hours after having become aware of the breach.
Inform all those individuals affected if the data breach poses a high risk.
British Airways
- Half a million passenger records were accessed in a cyberattack. The company resolved the breach and notified the police
- The Information Commissioner’s Office (ICO) investigated and blamed poor security arrangements.
- The airline will have to pay £183.39 million ($230 million) to the ICO for failing to protect its customers’ data
“Surveillance is the business model of the internet.”
Bruce Schneider
The Pathetic Dot Theory
Lessig identifies four forces that constrain our actions: the law, social norms, the market, and architecture.