Data Privacy is and continues to be a hot topic today. With the recent news of Amazon and Ring employees reviewing Echo and Ring user information, many consumers are concerned about what happens to their data. Who gives companies the right to review customer information and share it without their permission? Luckily, data privacy and protection laws are progressing to oversee what companies do with people’s data.
What’s Data Privacy?
This often refers to the privacy of personal data. This gives a person the right to their data not being viewable by uninvited parties. When evaluating data privacy, the following questions are often asked:
- How was this data collected, and who provided this data?
- Who owns and has control over this data?
- Who has access to this data?
- Who can this data be shared with?
- Did the person who provides the data sign any terms & conditions or privacy documents?
- Does the entity/company have permission to share this person’s data?
How GDPR Changed Data Privacy Forever
Prior to 2018, the laws worldwide pertaining to data privacy were weak and outdated in protecting consumers. This was especially evident when Facebook allowed Cambridge Analytica access to user data without permission.
The EU General Data Protection Regulation (GDPR) took effect in 2018, and applies to all citizens of the European Union. In basic terms, EU citizens have control over what companies do with their data (name, IP address, email, etc.). They can request to see what data has been collected about them as well.
There are many regulations that companies who collect EU citizen data or serve EU citizens must comply with. For example, many company sites have had to add a GDPR specific disclosure page to show they are compliant with the new standards. Also, companies are now required to report a data breach to their users and Data Protection Authorities within 72 hours.
GDPR has led to the development of more modernized data privacy laws such as the California Consumer Privacy Act (CCPA), Lei Geral de Proteçao de Dados (LGPD), and Thailand Personal Data Protection Act (PDPA). These data privacy laws and the many that have yet to come will play a crucial role in the future of a person’s right to their data.