With increased technological advancement, the idea of user data and the necessity for its protection and ethical usage are becoming increasingly important. Most times, privacy and data Protection are used interchangeably however, they are not exactly the same in application even though they are intrinsically connected. This article in an effort to bring out the interconnection between privacy and data Protection would also highlight the concept of Data privacy, data Protection as well as some regulatory enactments.
Data Privacy
Data privacy is the right of a citizen to have control over how their personal information is collected and used. It entails the right of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to them. Websites, applications, and social media platforms often need to collect and store personal data about users in order to provide services. However, some applications and platforms may exceed users’ expectations for data collection and usage, leaving users with less privacy than they realized. Other apps and platforms may not place adequate safeguards around the data they collect, which can result in a data breach that compromises user privacy.
Data Protection
Data protection is a set of strategies and processes one can use to ensure the privacy, availability, and integrity of individual’s data. It is sometimes also called data security. It is the process of safeguarding important data from corruption, compromise or loss and providing the capability to restore the data to a functional state should something happen to render the data inaccessible or unusable. It assures that personal data is not corrupted but accessible for authorized purposes only and is in compliance with applicable legal or regulatory requirements.
The scope of data protection goes to cover areas such as data immutability, preservation, and deletion/destruction. Data protection spans three broad categories, namely, traditional data protection (such as backup and restore copies), data security, and privacy data.
Nexus Between Privacy and Data Protection
Whether in respect to Privacy or Protection, the central area of focus is on data; and so, ensuring privacy as well as the protection of the data of users reveals the nexus between the two concepts. Both terms are often used interchangeably, however, there is a thin line of difference between them. While data protection focuses on preventing unauthorized access, data privacy is kin towards ensuring authorized access. Data privacy defines who have access to the data in question, while data protection provides basic tools and policies to restricting access to the data.
Privacy and data protection also intersect as data protection laws aim to establish frameworks and mechanisms to preserve individual privacy rights. These laws provide guidelines for organizations on how to collect, process, store, and share personal data in a manner that respects the privacy of individuals. By enforcing data protection measures, organizations can help safeguard individuals’ privacy and ensure the responsible handling of their personal information. In this way, privacy and data protection are deeply interconnected, working hand in hand to maintain the ethical and legal standards surrounding the use of personal data.
There is a seemingly inseparable degree of interconnection between data protection and data privacy. This is especially true from the provisions of the regulations.
Compliance/Regulations
Regulations such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and the Nigerian Data Protection Regulation (NDPR) of 2019 is on the use and protection of personal data. Data Security Standard seek to protect data and to prevent the unauthorized disclosure of this data by combining data protection, data security and data privacy into a comprehensive data management strategy.
GDPR is a set of data privacy law enacted by the European Union (EU) to ensure consumer privacy. This law ensures organizations to disclose their data processing and help ensure consumer privacy by giving consumers the right to determine how their data should be used, while also imposing penalties upon organizations for any data breach. Of course, GDPR isn’t the only data protection regulation. In the United States, healthcare providers are subject to HIPAA regulations, which is also designed to ensure the safety and privacy of personally identifiable healthcare data. GDPR, HIPAA and similar regulations set up data privacy standards while outlining requirements that organizations must put in place to ensure data protection and data security. The Nigerian Data Protection Regulation covers the use and Protection of personal data of Nigerians. It safeguards the rights of living individuals while maintaining recommended global best practices by preventing manipulation and fostering safe conduct in the exchange of personal data.
Preservation of Rights: Everyone has the right to the protection of personal data concerning them which include the right of access, the right to erasure, the right to rectification, the right to data portability, the right to object, the right to restrict processing and the right not to be subjected to automated decision making These rights of user data is preserved and guaranteed and this promotes information exchange and development of our digital economy space; the process of this preservation brings privacy and Protection to a degree of interconnection.
Tokenization: Tokenization involves removing personally identifiable information from data and replacing that information with a data token. This token is usually a number or a random string of characters, which serves to separate the data from its subject. That way, if the data was leaked, there would not be an easy way for the recipient of that data to associate a data set to the data subject. One way in which organizations protect themselves, while also helping to ensure consumer privacy, is by using tokenization.
Conclusion
Indeed, there is a nexus between privacy and data protection in today’s digital age. With the increasing collection and use of personal data by businesses, the need to protect individuals’ privacy rights has become imperative, which has led to the implementation of legal frameworks to mitigate the risk should a breach occur. It is hard to have true data privacy without having a system of data protection. Privacy and Data Protection have interconnections to the extent that the operation of one is fully affected by the other and so almost interchangeable.
Contributors:
Sandra Amaka and Idara Isonguyo
Referenced links
1https://www.cloudflare.com/learning/privacydefinition; 2nd march, 2023
2https://www.snia.org/education/what-is data-protection; retrieved 2nd April, 2022
image source: www.vecteezy.com
