Data Privacy or information privacy is a techno legal aspect of handling individual personal data with high end data protection. Know why data privacy is important and how regions have taken firm initiatives on data privacy and protection to safeguard citizen's personal data .
Introduction:
Today due to huge rise in internet market, from morning to night everyone is sharing their information to get the quick service from internet. But one thing, we are forgetting that how valuable is our information and what the service providers do with our information. The information’s which are gathered about us are called as our data. For example our personal information, educational information, residential information, job information, financial information, identity information and any sort of information such as psychological, behavioral, genetic and etc. which identify a natural individual person are called as personal data. Nowadays we are not as important as compared to our data. The way our information plays a significant role in our personal life and surrounding, in the same way our data plays a huge role in international cyber market. So in order to give protection to our data, from the increased rate of cyber attack, data breaches and unauthorized use of personal data, the concept of data privacy comes up that every nation wants to implement to protect their citizens personal data. So let’s discuss in detail about data privacy.
What is Data Privacy?
Data Privacy or information Privacy is a techno legal aspect of handling individual personal data with high end data protection. Data privacy concerns on how data is collected, what is the purpose of collection, how it will be stored, how data will be processed, sharing of data with third parties and cross border transfer of data. Data privacy gives the authority to individual person that with the consent of individual person, data can be collected, processed and shared. But all the processing of data will be under the supervision of data privacy guideline of the nation to which the individual belong.
Now the question may arise why data privacy is important? What is the requirement of Data Privacy? What is the harm in collecting, sharing and processing our data??? But before understanding the importance of Data Privacy? First let’s understand, why privacy is important?
Why is Privacy Important?
We all want "privacy" in our life. We all share and disclose our information as per the requirement of certain aspect of our life. For ex., for pursuing higher education we share our educational and parent details to the college authorities. Similarly for job purpose we share our identity details such as name, mail id, phone number, qualification, residential, parental, gender, community and nationality details. For marriage purpose we share our habits, hobby, interests and photos. Similarly in hospital we share our health information’s. And moreover everyone keeps their bank details very secret because this information must not be disclosed to anyone.
Means whatever is require and essential to the circumstances we share our private information. We might not be interested in sharing our every individual information to everyone in our life which is called "privacy". Because we all know very well when private information get leaks then certain kind of problems may arise in our life. For example someone know about the bank details then we may face the problem of financial theft, similarly if someone access that when we get up, where we go usually then criminals can easily do any crime with us. In office, if any colleague will get to know about the other colleague health information’s then he or she might face discrimination. So many problems can arise if information breach or misutilization of information will happen.
Why is Data Privacy Important?
Similarly examining the several instances of data breaches where millions of personal and sensitive personal information of people are compromised, data privacy came into act. Data Privacy ensures organizations, which collect personal data such as personal identity information, financial information, health information, genetic information, biometric information which are also called as ‘sensitive personal information’, must provide a lawful, fair and transparent processing of individual data with individual person’s consent. They must ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organizational measures.
To know more about personal data,read our blog post " Personal Data, Sensitive Personal Data and Personal Identity Information are three gems".
Data Privacy and Protection Laws:
With the growth of Ecommerce, international trade and cross border data transfer, data privacy has become a deliberate global topic. In today’s digital world, personal data are the fuel that drives much commercial activity online. But, how this data is used and processed has raised concerns regarding privacy and the security of information. In December 2013, the United Nations General Assembly adopted resolution 68/167, which expressed deep concern for the negative impact that surveillance and interception of online/internet communications may have on human rights.
The General Assembly affirmed that the rights held by people offline must also be protected online, and it called upon all States to respect and protect the “Right to Privacy” in digital communication.
Regional Initiatives on Data Privacy & Protection:
1. GDPR (General Data Protection Regulation):
Among all the regions, the most significant regional initiative has been taken by European Union in year 1995 which established the “European Union Data Protection Directive”. The directive has also had a major impact on global privacy. It has set the standard for international data flow for two decades. After more than twenty years of operation, the European Union has upgraded the directive and replaced by “General Data Protection Regulation”. The GDPR was adopted on 14 April 2016, and became enforceable from 25 May 2018.
General Data Protection Regulation is a mandatory data protection regulation that ensures a harmonized approach across all European Member State. It provides a uniform and simplified legislative data privacy framework. GDPR establish a single pan European set of law that makes it easier for companies to adopt single privacy policy throughout the EU. And at the same it protects the rights of individual across the continent.
To know more on GDPR also read: "European Union's General Data Protection Regulation(GDPR): Everyone must be aware."
2. APEC Privacy Framework:
In November 2004, Ministers for the 21 APEC member economies endorsed the APEC Privacy Framework. The APEC Framework, published by the Asia-Pacific Economic Cooperation, is a framework to protect privacy within and beyond economies and to enable regional transfers of personal information benefits consumers, businesses, and governments. The second iteration of the Framework was published in 2015. And it forms the basis for the development of a regional system called the APEC Cross-Border Privacy Rules (CBPR).
The APEC CBPR system is an innovative self-regulatory mechanism for allowing the transfer of data between APEC members where a company has voluntarily joined the scheme. It ensures the continued free flow of personal information across borders, while establishing meaningful protection for the privacy and security of personal information.To date, eight APEC economies have formally joined the CBPR: the U.S., Mexico, Canada, Japan, South Korea, Singapore, Australia and Chinese Taipei.
3. California Consumer Privacy Act (CCPA):
The California Consumer Privacy Act (CCPA), enacted in 2018 provides their citizen a strongest consumer data privacy right. CCPA is the robust privacy legislation which provides more power to consumer in regards to their private data. It creates new consumer rights relating to the access, deletion, and sharing of personal information that is collected by businesses. It says “No to sale of the Personal Data”.
CCPA was initially introduced as a bill which was passed by the California state legislation and signed into law in June 28,2018.The act is officially called as AB-375,has been described as GDPR in US.
4. China Internet Security Law:
The Cyber Security Law of the People's Republic of China is commonly referred to as the China Internet Security Law. This law was enacted by the Standing Committee of the National People's Congress on November 7, 2016 and was implemented on June 1, 2017. It requires network operators to store select data within China and allows Chinese authorities to conduct spot-checks on a company’s network operations.
The law was enacted
To increase cyber security and national security of the country.
For Safeguarding the cyberspace sovereignty and public interest.
To protect the legitimate rights and interests of their citizens, legal persons and other organizations and promote healthy economic and social development.
Further perfected the rules of personal information protection.
Defined the security obligations of internet products and services providers.
5. South Korea Personal Information Protection Act(PIPA)
South Korea’s Personal Information Protection Act (“PIPA”) was enacted on September 30, 2011. It is considered as one of the tough data protection regimes in the world. Like the European Union GDPR it governs the collection, usage, disclosure and other processing of personal information. PIPA applies to all private and governmental organizations, unless there is sector-specific legislation.
On November 2018, the South Korean National Assembly considered a bill to amend the Personal Information Protection Act (“PIPA”) to give the Personal Information Protection Commission (“PIPC”).
Remarkably, PIPA established the PIPC as the independent supervisory body, and set down strong penalties for breaches which include heavy fines and even imprisonment for data handlers.In June 2017, South Korea has also joined APEC Cross Border Privacy Rule.
Around 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now come forwarded to protect their citizens personal data with comprehensive data protection laws.
Though United States have no single data protection legislation but a jumble of hundred of laws are enacted in both federal and state level to protect the personal data of US residents. Children’s online privacy protection act (COPA) prohibits the online collection of any information of child under the age of 13.It requires publication of privacy notices and collection of verifiable parental consent when information from children is being collected. Similarly health insurance portability and accountability act 1996 (HIPPA), video privacy protection act and many more such privacy protection acts are implemented in US.
The personal information protection and electronic document act (PIPEDA) in Canada is also a stringent regulation for preserving the right to privacy of its countrymen. Japan’s Act on the protection of personal information (APPI) was the first data protection regulation in Asia.
In India Justice Sri Krishna Committee has introduced a draft bill “Personal Data Protection Bill,2018” which has yet not been passed. The Bill regulates the processing of personal data of individuals (data principals) by government and private entities (data fiduciaries) incorporated in India and abroad. A national-level Data Protection Authority (DPA) is set up under the Bill to supervise and regulate data fiduciaries.
Conclusion:
Data privacy is now raised as a national and international issue. Right away the country with robust boundaries and weapons are not treated as the secure and safe countries. Rather the countries which shielded it with ironclad data privacy rules are globally ranked as the immune countries. Personal data is the online currency which expedites international trade and business. The nation which really aware about the monetary worth of “personal data” they have come up with a hard nosed data privacy regulation which not only administer the “personal data” usage inside the country but also outside the border. So now the time has come every country should tighten their internet border security with a stalwart privacy policy to protect their fellow citizens personal data. And it is only possible when their landsman will be aware about the importance and urgency of “Data Privacy”.
Comments