Data Privacy Day

Blog

Four New Year’s resolutions for the coming privacy year

Kicking off Data Privacy Day

Happy Data Privacy Day! This yearly event, initiated to raise awareness about the importance of protecting your personal data, is the perfect moment to pause and think of our wishes for this coming privacy year. Please continue reading to find out more about our most important New (privacy) Year’s resolutions.

New resolutions on Data Privacy Day

New year, new resolutions! What this year is going to bring us in terms of privacy may be hard to say, but what we want it to bring us is a different story, one that we can define ourselves. For this year’s edition of the Data Privacy Day, we have compiled our wishes as New Year’s resolutions by putting emphasis on awareness, responsibility, and clarity. Themes with which we hope to achieve great improvements and with which we can make a big difference and let our voices be heard. Here we go:

Resolution 1: treat online data like you treat your physical assets

Imagine that you had only one key for all your physical assets, such as your house, mailbox, car, and office. What might happen if you lost this key? Perhaps not that much. But now imagine that all your neighbours, the stores you visit, the bus driver, and anyone else that you interact with has your key. What would be the point of locking your valuables away if so many people have access to them? Also, the responsibility of keeping your key safe does not only lie with you, but becomes a responsibility of many.

Now extrapolate this to your valuables in the digital space. Your key is your password. We often use one password for many occasions - for instance, to make purchases, file tax returns, or handle municipal affairs. The key can potentially be leaked – not just by you – but by any of the parties involved. The consequences may be the same as in the real world. Your valuables can easily be stolen and people may have access to things you prefer to keep private.

This year, let’s try to treat our online data just like we would treat our physical assets. Having strong passwords without re-using them is therefore very important. Take conscious measures to protect your e-mailbox: start with using a password manager to generate and manage random passwords and set up (non-SMS) 2-factor authentication.

Resolution 2: trade ”questionable apps” for more privacy-friendly alternatives

Treating your data like you would treat your physical assets also means considering more privacy-focused alternatives to existing apps. As an individual, you may want to consider using Signal as your messaging app. It is a more privacy-oriented alternative to current popular apps and is recommended by many privacy and security experts.

However, as individuals, we often depend on the apps that are used by others, e.g. by our friends or our employer. Therefore, organisations can play an important role here: they should recommend and arrange more privacy-focused tools for their users and employees. Such tools process only information that is necessary for the functioning of the application and avoid gathering and monetisation of personal information.

All in all, let’s try to choose privacy-focused apps over their less privacy-focused counterparts and let’s continue to speak up about the importance of privacy-friendliness in apps (that sometimes prevails over ease of use), so that organisations hear our voice.

Resolution 3: increased responsibility about handling data in organisations

Speaking of letting our voice be heard: organisations should not only think of privacy as just a legal obligation but also as a manner of demonstrating responsibility, taking ethical considerations into account. They should help customers to acquire knowledge about privacy and security in their services because only then they are able to make an informed decision on what services to use.

Organisations could, for example, publish aspects of their performed Data Protection Impact Assessment (DPIA) – such as how their interests are balanced against those of the data subjects involved – to create more awareness for their customers and users.

Since we live in an era in which technology rapidly changes, and we get overwhelmed with terms like AI (artificial intelligence) and algorithms on a daily basis, it is often unclear what impact the use of those technologies have on our private lives. Especially when used to process personal data. Organisations should preemptively investigate and mitigate risks related to their use of AI and algorithms, and also be transparent about this. Transparency offers users a choice - and the upside for organisations is of course that in this way they build trust.

We already see great improvements, but there is still a lot of work to do. Therefore, as a message to all of us working with technologies such as AI, let’s be vocal about the importance of raising awareness around this topic and let’s be transparent about how we use it.

Resolution 4: increased clarity regarding compensation caused by misuse of data

Headlines about fines against organisations– because they have violated a particular aspect of the GDPR – are becoming increasingly common. However, what we hear less about is compensation that data subjects receive after being impacted by a data breach involving their data. The right to compensation is also a right that data subjects have under the GDPR.

Unfortunately, courts of law in different countries use various methods or criteria to decide whether an individual has the right to compensation, especially where damages are non-material. The European Data Protection Board (EDPB) has written many guidelines on different topics in the GDPR, but guidelines on this topic have been missing so far. The EDPB should aim for more clearness about the possibilities of compensation for individuals. This would not only give individuals a better way to understand their rights but would also offer organisations a more detailed insight into the possible consequences of unlawful ways of processing personal data.

Therefore, to create more certainty about the possibilities for data subjects to request compensation, let us speak up about this lack of clarity so that all parties involved will hopefully know what they can expect.

Closing off, let us not throw these resolutions overboard in the first weeks of the new year, as so often happens with our New Year’s resolutions. Instead, let’s commit ourselves to one final resolution: let’s keep spending attention to privacy, not only because it’s our job, but especially since it is important and considers all of us. In doing so, we can celebrate many more Data Privacy Days to come, build a relation based on trust with our customers and users and as individuals take more responsibility for our data ourselves, by making conscious decisions and raising our voices when needed. Happy Data Privacy Day!

To celebrate this day even more, our colleague Jan Jan also wrote an article for the Dutch website Emerce, on our expectations for privacy in the coming year. Follow the link to read all about this.

 

Did you find this useful?