Data privacy in the digital age: protect your rights

• Personal Data: This includes a range of general personal data, such as name, date of birth, address, etc., and sensitive data, such as fingerprints and national identification numbers.
• Data Processing: This includes the recording, organisation, storage, retrieval, combination, transmission, erasure or destruction of personal data, as well as any other processes that involve working with personal data.
• Consent refers to individuals' choice and control over how their data is used.
• Data Controllers: Data controllers refer to individuals or companies determining the purposes and means of processing personal data. 

While data privacy revolves around the proper handling, processing, storage, and use of personal information, data security deals with the integrity of the information by ensuring its accuracy, reliability, and availability to authorised parties. 

Individuals have certain rights and legal frameworks that enable them to determine how their information is used, stored, accessed, etc. Some of the significant data privacy regulations that all digital platforms must follow include the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Singapore's Personal Data Protection Act (PDPA). These regulations and acts have been established to provide various obligations that digital platforms must follow regarding users' data. Some rights these regulations and acts grant to users include:

• Right to Access: Users have the right to know and understand the purpose of data processing, where the personal data is stored, the recipients or categories of recipients who have had access to their data, etc. 
• Right to Erasure: Also known as the Right to Be Forgotten, this grants users the right to obtain the erasure of all personal data and information should the need arise.
• Right to Object: Users have the right to object to the processing of personal data at any time, after which the data controllers must oblige the objection unless there are compelling legitimate grounds for the data to be processed.
• Right to Rectification: Users have the right to obtain rectification of inaccurate personal data or to have incomplete personal data completed. 
• Right to Restriction of Processing: Users also have the right to restrict the processing of personal data in certain situations, like when the accuracy of the data is being contested, there is unlawful data processing, users have objections to the processing of data, etc.
• Right to Data Portability: Users have the right to receive their data in a structured manner, commonly used and machine-readable format and to transmit data to other controllers without hindrance.

• Cookies: Websites use different types of cookies to follow users from one website to another, collecting data on websites they visit. 
• Forms or Surveys: An easy way for digital platforms to receive quantitative user data is through forms or surveys that users fill out when they register to new platforms, fill out customer surveys, etc. 
• Social Media: Many companies monitor social media posts and activities through different tools that help them gather data through trend analytics, hashtags, etc.
• Transactional Data Tracking: Companies have large databases that keep track of sales, orders, invoices, shipment information, payment details, etc., that help them collect all kinds of user information. 

Most platforms use this data to improve the platform, showing personalised or targeted ads, and more. As a user, it is essential to understand data privacy and how it works thoroughly. 

Data breaches are situations in which other individuals steal or access sensitive or personal information. Major consequences of a data breach include identity theft, financial loss, reputational damage, legal action, and operational losses. 

In April 2018, Facebook (now Meta) faced a data breach that exposed data from over 50 million users. A British consulting firm was able to steal and sell data belonging to millions of users using a loophole in the social media platform's application programming interface (API). This exposed major data security violations by Facebook, leading to a hefty multi-billion dollar fine for poor data protection practices. 

• Use strong, unique passwords and two-factor authentication. 

• Regularly update software and devices to have the latest security measures for digital platforms.
• Be cautious of phishing emails and scams, and do not open links and attachments from unknown users. 
• Avoid oversharing on social media to prevent digital platforms from using your private information or data.

Your online presence must be properly managed to safeguard and protect your data. Although default privacy settings offer a certain level of security, they are not always set to provide the highest level. Go through privacy settings and turn off permissions you don’t think are required. 

Limit the personal information you share, including your live locations and daily routines, and keep personal descriptions brief and general. 

Ensure the websites you visit use HTTPS. HTTPS provides data encryption between the browser and the server, allowing users to safely and securely share sensitive information like passwords, bank or financial details, etc. 

Use data encryption and biometric authentication on your mobile devices to secure your personal information at additional levels.

Data brokers specialise in data collection from the public and sometimes privately sourced records. These brokers then sell or license the data they collect to third parties for various uses. The third-party apps installed on your devices may also have permission to use other apps and features on your device or even access personal information stored on your device. To limit permissions on these apps and increase security, you can go to the settings of the apps and turn off all non-required permissions like camera, contacts, location, microphone, etc.

Suppose your data privacy rights have been violated. In that case, you have the right to report such violations to relevant authorities to ensure that security is restored and the same situation does not happen to anyone else. You can file written complaints with your national Data Protection Authority, which will investigate your complaint and take necessary action.

Your data is more valuable than you realise, and data privacy is crucial for appropriately protecting and securing your private information. Proactively protect your data privacy by being a cautious online user. Gain insights and knowledge through our training courses.

Explore how TÜV SÜD can support you in your cybersecurity journey here. Organisations can implement and certify themselves to ISO/IEC 27701 Privacy Information Management System and ISO/IEC 27001 Information Security Management Systems to mitigate cyber risks and demonstrate their compliance to privacy guidelines and laws.