We’re giving away more data than ever before, businesses and brands collect and handle more data than they’d ever able to make use of, and there are increasingly more ways of making use of this data, be it for health advice, advertising or to analyse emerging trends. As a result, data has become extremely valuable and is often sold for large sums of money or used in ways to make more money out of individuals. Its new uses also carry great risks with them, both for us as individuals and for society as whole. It’s during this time that data privacy, too, has become more important than ever before.
In 2021 we’re living in an era of digitalisation. One of the things that has become clear since the start of the Covid-19 pandemic, for example, is that many of our lives can be conducted on a purely virtual basis if they have to, and that our future may be more online than ever before. Another thing that we’ve seen is that data can have critical impacts on politics, laws, businesses, and, ultimately, our lives. Of course, this is not only the case for infection and health data during Covid-19 responses, but for all of the data collection that this era of digitalisation is bringing about.
In this series, we’d like to introduce you to, and help you understand, the Data Privacy Basics – key concepts that we should all know around our personal data, regulations that are in place to protect that data, and what Data Privacy means for us. To kick this series off, we’ll be focusing on why data privacy is needed at all, starting with an introduction to what ‘data’ actually means, what kinds of things we consider as ‘data’, and what the concept of ‘Data Privacy’ entails.
What is data?
Data is a term that we commonly use to refer to information that can be analysed and used to generate insights. Often, when we speak of data, we mean information in a computer-readable format, predominantly facts or numbers that humans or machines use for better decision-making.
With the emergence of new laws and regulations around the protection or privacy of data, we now increasingly speak of ‘personal data’ or ‘personal information’, which refers to information that relates to identifiable natural persons. This ties personal data to people as opposed to just any data derived from the world. It also requires that data ‘relate to’ an ‘identified or identifiable’ person. This means, for legal protection to kick in, data must be either about us, or affect us in a way that is significant enough to meet that threshold. Additionally, the data must give away enough about the individual to identify them directly or make it possible for somebody else to identify them by reference to additional information derived from elsewhere.
As such ‘personal data’ is the kind of data that is most relevant to us individually: it is the data we create or give away about us, ourselves. It is the data that others (humans and/or machines) use to make decisions about us. And it is the data that businesses and organisations sell or process to tailor advertisements to our liking, make money or change our behaviour. Simply speaking, it is data that can be used to manipulate us and make profits off our behaviour, especially if it is not efficiently protected.
But let us take a step back. As you can tell from the above definition, data has always been around, as has personal data. What has changed with the digital revolution, however, is the scale of data collection, processing and sharing among ourselves and among businesses and organisations. With the internet, data can be collected and accessed from anywhere, and sophisticated machines (e.g., algorithmic systems, and tools in machine learning and deep learning) make it possible to use data in new ways that were previously unfeasible. Some of these practices will be touched upon more specifically in the next part of this series. An even more in-depth review of this field, which is broadly referred to as ‘artificial intelligence’ (‘AI’ in short), we will discuss in another upcoming series.
These developments have brought about, and are, in turn, being enabled by ‘Big Data’, i.e., the collection and existence of very large datasets that are so large they can only be used, understood, and stored by said machines. Big Data analytics uses these large datasets to generate new insights about us and the world, finding correlations and causes that we humans, by ourselves, would not be able to. Because of this, it can turn facts that were previously useless or irrelevant to us into valuable information. As a result, more and more personal data is collected and linked with other pieces of information in case it could become useful through Big Data analytics and other AI methods. This process of turning something, anything, into data is called ‘datafication’. It may mean that your reaction time on a mortgage application form is turned into data points that can help determine whether your are likely to have answered the questions truthfully. Or it using a person’s likes, shares and tweets on social media to find out about their political affiliation or sexual orientation. If this sounds intrusive to you, you’re not the only one. Big Data analytics and the use of personal data in these new and, for normal people, unpredictable ways are not just scary futuristic scenarios, but they are part of our modern world.
So, what is data privacy?
The right to privacy is a fundamental human right. This has been agreed in many iterations of human rights treaties around the world. So from this right to privacy stems the idea of data privacy – the practice of handling data, especially personal data, in a way that gives us the ability to decide over our data, and that prevents access to this data by anyone who should not have access to it. Data privacy refers to our ability to gain control over what data we give out and how our data gets used.
Nowadays, this practice is underpinned by laws and regulations, which provide individuals with further rights in regard to their personal data and which impose obligations onto those collecting that data.
Considering the enormous amounts of data that are being collected about us, data privacy has become increasingly important to not only protect our data from being used in harmful or illegal ways, but also to protect ourselves from our data being exploited or used against us.
In order to better understand this importance and see where data privacy is needed most and why, we have to dig a bit deeper, though. Therefore, stay tuned for our next Data Privacy Basics insight, during which we will do just that. And we will answer the questions on what the main purposes of data collection are, where our data is being collected and who acts as the biggest data collectors.