One of the consequences of the high profile data privacy breaches worldwide has been the enactment of laws, legislation and policies to protect the data of internet users and ensure the integrity of database management systems. Because the breach of users’ data infringes on their privacy rights, threatens the security of lives and property and could lead to reputational damage, countries across the world had to take action by making laws and policies that enhance privacy and protect the digital economy. In what follows, we shall examine these privacy policies across major countries and regions of the world.
The premier encompassing privacy law in the world is the General Data Protection Regulation (GDPR) applicable in the European Union and outside the European Union when the personally identifiable data of European Union residents are being processed. Because of the large market and number of countries the GDPR applies to, internet companies must pay attention to and adhere to a vital piece of legislation. Under the GDPR, companies operating in the European Union or processing the personal data of European Union residents must seek their explicit consent before doing so. Not only seeking the consent of their customers before processing their data, they must also provide information about the company or organization that will process the data, including the reason why the company will use the data, how long they plan to keep the data and details of third parties that may receive the data.
Internet users also have the right to withdraw consent when they no longer want their data to be used. Users can refuse data holders’ permission to sell their data or use such personal data to send them targeted direct advertising messages. Users also have access to what is held about them and possess a right to be forgotten, which means requesting their data holders to delete them. Under the GDPR, internet companies and data holders are required by law to notify data protection authorities about any breach of their database and inform those affected by it. It also created a mandatory role of Data Protection Officers (DPO) to be responsible for data processing. Those who misuse personal data could face hefty fines.
United States of America:
In the United States, there is no single federal privacy legislation equivalent to the GDPR. What exists is a patchwork of legislation. In the absence of federal legislation regulating the processing and management of data, the states are taking the lead in enacting privacy laws. Among these, the most elaborate and wide-ranging data privacy law is the California Consumer Privacy Act (CCPA). The law applies to companies and organizations that process the personal information of California residents that has gross annual revenue of about 25 million dollars or generates at least 50% of their annual income from selling the information of California residents. Given the large size of the California economy and the number of companies operating there, its effect is wide-reaching.
The law gives California residents the right to be informed about the type of personal data companies collect about them and the right to object to the sale of their data to third parties. Consumers or internet users have a right to obtain a copy of their personal information that companies hold for the last 12 months. They have a right to request that their data be deleted. Companies must provide a clear and conspicuous link on their website home page with the title “Don’t sell my personal information”. The link allows users to opt out of having their data sold or shared with third parties. The CCPA also empowers residents to sue companies that use their stolen data. They can also sue companies that neglected their data security, leading to a breach of their privacy.
India has enacted a law known as the Personal Data Protection Bill. It requires companies to give prior notice before the personal data of individuals can be used, with limitations on the purposes for which the data could be used. It also places restrictions to ensure that only personal information necessary for providing a service to internet users is collected. Computer users should not just rely on privacy policies but also get an app like Hoody. It will help you protect your privacy and security. When using your browser with Hoody, each one of your tab and website gets a new IP, a new location and a unique set of Fingerprints, making tracking impossible. Hoody Phantom Browsing™ future-proof technology beats the most advanced and invasive tracking techniques.
Conclusively, while data privacy policies across the world vary, data privacy policies are generally guided by five main principles:
- Consent and choice: people must have the will and consent to decide what data is collected about them and how they are used.
- Access: It must be accessed only by authorized persons
- Notice: People must be adequately informed about the data being collected about them.
- Integrity and security: privacy policies require data to be protected and the integrity of the database management system ensured
- Enforcement: Companies, data managers and electronic data holders must comply with privacy legislation. Where they fail, they must face sanctions. These policies are intended to protect users and hold organizations accountable for the data they collect.