Data Privacy in the 21st Century: What you need to know.
We all have a platform where we get information, meet new people and chat with our friends such as Instagram, Twitter, WhatsApp and so on to name but a few. Before we can’t fully access the full packages these platforms has to offer. We must create an account by giving some personal data such as DOB, location, names, phone number etc. which we consider very personal.
If it’s free then you’re the product: your data
How then is our personal data valued and how much protection is given to them? am I safe in giving my data out to these organization? does privacy still hold in this century and ones to come with the advance in the development of technology? what can I do to protect my data? what regulations and laws are being followed by data collectors and processor? we all have asked such questions and want answers.
This article focuses on what data privacy is, why it is important to keep our data safe, what regulatory controls govern data privacy in key countries and how we can improve data privacy for personal and business concerns.
Privacy form the basis of our freedom — Dr. Ann Cavoukian
What is data privacy and why it is important?
One of the hot topics of the 21st century has been data privacy with the wake of explain-ability deep learning models and machine learning form personal data, processing, storage and making decisions based on the give data.
Data privacy deals with how one’s information (personal) should be handled on any given platform based on its relative importance such as Personal Identifiable Information (PII), National Identity Number, Bank Verification Number(BVN), Social Security Number, and so on. Since 2011, the amount of data generated daily is about 5 Billion Gigabytes making it not just an important asset to an organization but also individual lives.
There has been a lot of concern about Cyber-security threats, use of personal data, what an organization does with personal data being generated, what type of data does an organization have on me? and so on.
These questions and concern go on and on but they revolve around these three basis:
a. Autonomy — do I get a say about the way my data is used
b. Is my data shared with a third party? If yes, is it with my consent?
c. What regulatory law(s) or restriction(s) is/are there to protect my data
Despite recent advances in data privacy legislation and practices, consumers privacy is still being compromised by companies.
“The age of big data has brought a social-economic revolution, because over a very short period of time, big data have reorganized the way we live and interact” -Nathan Colane Professor of Ethics, University of Seattle.
The huge amount of data suddenly made available about human activities has rise to developing a technology that can collect, store, analyze raw data. Just like the industrial revolution, the age of big data is inevitable but just letting it happen is a recipe for disaster. With this in mind, different countries around the world have started passing various data privacy laws and acts to protect their citizens by prohibiting organization from disclosure and misuse of information about a consumer. Most data privacy laws also ensure that consumers record are kept up to date, there should be a mechanism for individual to review data about them to ensure accuracy.
Below are the common data privacy laws in developed and developing countries around the world:
1. The General Data Privacy Regulation (GDPR)
In 2016, the European Parliament enacted a data privacy regulation that applies to all member state of the European Parliament. The GDPR believes that the US laws which deals with data privacy law by sector is not concrete enough, (example of such laws are: GLBA that protects financial non-public data, HIPAA that proects healthcare and health insurance data and the COPPA that protect children below the age of twelve) thereby taking an extensive approach by putting them all together in one piece including all personal data. The GDPR also permits regulators to fine organization that fail to comply with the law in excess of $20 million or 4% of their worldwide annual revenue — which ever is greater. Also companies outside of the EU may be subject to liability if they collect, store or process an EU citizen data (Extraterritoriality).
So how does the GDPR help protect EU’s consumers and citizens:
a. It allows consumers to move their data between platforms
b. It applies to business that collect, store and process data
c. Definition of Personal data has been expanded beyond Names to Location data, Online Identity and genetic information.
d. Grant consumer the right not to be subject to decision based on automated data processing algorithms.
e. Gives consumers certain rights over their data such as right to access personal data, right to rectify data, right to erase and right to restrict any form of processing.
2. California Consumer Privacy Act (CCPA)
CCPA is a state regulatory act that gives California citizens the right to demand to see all information an organization have on them. As stated earlier, the US doesn’t have a federal level consumer data privacy act. Similar to EU’s GDPR, CCPA gives consumer the right to delete, access, opt-out of processing at any time through the Data Subject Access Request (DSAR). The CCPA applies to companies that:
a. Have $25,000,000 or more in annual revenue
b. Possesses the potential data of more than 50,000 households, costumers or devices
c. Earn more than half of its revenue selling consumers’ data
If a consumer feels like their privacy has been breached, consumer can bring a legal action for statutory damages ranging from $100 to $750 per violation and actual damages.
Finally, businesses have to inform consumers on what type of data/information they are collecting and the purposes of collecting the data. The interesting thing about the CCPA is that if a consumer exercises any of these right as mentioned above, they can’t be discriminated against by being denied goods and services in the nearest future.
3. Nigeria Data Protection Regulation (NDPR)
The NDPR which was enacted on January 2020. It introduced some major compliance obligation on organization and businesses across all sector and posses a penalty for any possible breach by organization. The NDPR doesn’t only applies to transaction and processing of personal data of a consumers’ residing in the country but also to Nigerian citizens residing in foreign jurisdiction as with the GDPR & CCPA.
The NDPR confers consumers’ certain rights such as right to delete, access and rectify personal data, right to withdraw consent, right to object, right to data portability and the right to be forgotten. As we can see the NDPR offers consumers’ a full data privacy and protection package, but isn’t this to much? Having in mind that any technology can be use for good and for bad.
The NDPR obliges data controller to only transfer consumer data to foreign country or international organization subject to the supervision of the NITDA and the Attorney General of the Federation (AGF).
Finally, if there occur a breach of the NDPR, the following penalties are applied:
a. If the organization processes data of more than 10,000 consumer, it will be liable to pay 2% of its annual gross revenue or ₦10,000,000; whichever is greater.
b. If the organization processes data of less than 10,000 consumer, it will be liable to pay 1% of its annual gross revenue or ₦5,000,000; whichever is greater.
4. Other Regulatory Laws
As stated earlier, the US doesn’t have a federal level consumer data privacy act, However, various states in the US have begun implementing and passing data regulation act such as Massachuset’s DPL, New York’s NYPA, Hawaii’s HCPPA, etc. However, developing countries in both Asia and Africa have started implementing data privacy act in their jurisdiction such as India’s Personal Data Protection Bill (PDPB) which is under discussion as December 2019. As at October 2019, 25 out of 54 countries in Africa have passed a data protection law while some other countries have introduced data protection bill which are under discussion or waiting to be on the legislative agenda.
The age of big data has come with lots of benefits to the technological world along with its downsides which poses a big threat to humanity. To control and reduce these effects on human lives, data privacy laws and regulations is encouraged in all countries around the world.
