-
Notifications
You must be signed in to change notification settings - Fork 0
2. Understanding Data Privacy and Data Protection
Note: Content in this section is adapted from: Atenas, J. (2021). The datafied present and future. In Understanding data: Praxis and politics. HDI - Data, Praxis and Politics. https://doi.org/10.5281/zenodo.4698609
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
— Article 12, Universal Declaration of Human Rights
The boundaries of data opening, publishing, collection, storage, and management are determined by regulations and laws designed to preserve the privacy of individuals, even when data is collected by public bodies.
Emerging technologies and data-processing techniques create asymmetries between those who control data and those whose data is used (Belbis & Fumega, 2019). AI, algorithms, and learning analytics, products of the digitisation of information services, make it crucial to develop frameworks protecting individuals and groups from misuse of data.
Privacy is essential to human dignity and a cornerstone of democratic societies, enabling freedom of expression, information, and association (Privacy International).
Data protection operationalises the right to privacy, especially in an era where individuals can be identified and tracked through large datasets, enabling predictive analytics.
Privacy is recognised as a fundamental human right in major international instruments:
- Article 12, UDHR
- Article 17, ICCPR (1966)
- Article 16, UN Convention on the Rights of the Child
- Article 11, American Convention on Human Rights
- Articles 16 & 21, Arab Charter on Human Rights
- Article 8, European Convention on Human Rights
Globally, 132 out of 194 countries have legislation securing data protection and privacy (UNCTAD). A country-by-country overview is available here.
- Sweden – Data Act (1973): First data protection law; illegal to handle personal data without a license (Data Act
- Iceland – Data Protection Act (2000): Requires informed consent, purpose limitation, and gives individuals the right to withdraw consent (Iceland Info)
- 1984 Act: Introduced basic rules on data collection and access rights (UK Legislation)
- 1998 Act: Legal rights for individuals to control information about themselves; principles for lawful processing (Data Protection Act 1998)
- 2018 Act: Applies the EU GDPR; offences for obtaining, disclosing, retaining, or selling personal data without consent (Data Protection Act 2018)
The General Data Protection Regulation (GDPR) (Wikipedia) outlines seven principles for lawful processing of personal data:
- Lawfulness, fairness, and transparency – Data must be processed legally, fairly, and transparently.
- Purpose limitation – Collect for specified, explicit, legitimate purposes only.
- Data minimisation – Limit collection to what is necessary.
- Accuracy – Keep data accurate and up to date.
- Storage limitation – Retain data only as long as necessary.
- Integrity and confidentiality (security) – Ensure appropriate security of data.
- Accountability – Be responsible for compliance with these principles.
flowchart TD
%% Nodes
A[1984 Act<br/>Basic rules on data collection<br/>+ access rights]
B[1998 Act<br/>Legal rights to control data<br/>+ lawful processing principles]
C[2018 Act<br/>Implements GDPR<br/>+ offences for misuse of data]
D[GDPR Principles]
P1[Lawfulness, Fairness & Transparency]
P2[Purpose Limitation]
P3[Data Minimisation]
P4[Accuracy]
P5[Storage Limitation]
P6[Integrity & Confidentiality]
P7[Accountability]
%% Structure
A --> B --> C --> D
D --> P1
D --> P2
D --> P3
D --> P4
D --> P5
D --> P6
D --> P7
%% Styling (pastel colours, black text)
classDef pastel1 fill:#FFD6E8,stroke:#333,color:#000;
classDef pastel2 fill:#E0F7FA,stroke:#333,color:#000;
classDef pastel3 fill:#E6E6FA,stroke:#333,color:#000;
classDef pastel4 fill:#FFF4CC,stroke:#333,color:#000;
class A pastel1;
class B pastel2;
class C pastel3;
class D pastel4;
class P1 pastel1;
class P2 pastel2;
class P3 pastel3;
class P4 pastel4;
class P5 pastel1;
class P6 pastel2;
class P7 pastel3;