From this concept, the right to privacy in general that all individuals have, and in particular the right to privacy over data concerning our persons, clearly emerges.
In the times we live in, claiming this declaration seems utopian to say the least, but it does not mean that it is pointless to claim the rights of individuals. Thus, several organisations have come together in an effort to defend the right to data privacy and have declared 28 January as International Data Privacy Day.
The question then arises, what is an "international day" and what is it for? The answer comes from the UN General Assembly, indicating that they are instances in which "activities aimed at raising public awareness" of certain problems that affect all the inhabitants of the planet are invited to take place.
The fundamental purpose of International Data Privacy Day is to empower individuals to assert their right and at the same time to raise awareness and encourage organisations in general to respect privacy, protect data and build trust.
Millions of people have no idea how their personal information is being used by third parties as part of the increasingly common activities in our digital society. The increase in the amount of data being generated, as a result of the exponential growth of the technologies that produce and subsequently manipulate it, has meant that even though we are aware of the problem, its control has slipped out of our hands.
In a world where information is money and power, it is extremely difficult to defend it from actors intent on obtaining at least one of these two things.
Personal information, while it may not serve strategic purposes at the level of governments and organisations of various kinds, is very valuable in several respects. To begin with, it should be important to each of us, since it consists of data concerning our identity, health, ways of thinking (religion and politics), various preferences, places of activity, means of contact and various other personal attributes, which should not be handled lightly by third parties. To continue, many of these attributes can be used to the detriment of their holders, either to trick them out of access credentials to protected online sites (mainly linked to banks, money and the like) or to sell them to collectors of the personal data of huge numbers of people, with which today's technology makes it possible to do things that were unthinkable until relatively recently. As a brutal example of the lack of respect for privacy, the case of Facebook supplying information on almost 60 million subscribers to the firm Cambridge Analytica, and worse still, what the firm did with that data, occupied much of the news some time ago.
We should not forget that our activity on social networks, although we often believe we have control over it, choosing what is public and what is not, is in fact all public, as it is in the hands of the organisations that manage them. This means that a large amount of the personal data of each person on them is in the hands of often unscrupulous firms, whose sole aim is to maximise their profitability regardless of the means used for this purpose. Thus, the data ends up being exposed when it is sold or provided to other companies, or simply due to changes in privacy policies or often due to technological vulnerabilities in the infrastructure in which the social network operates.
To briefly outline the background to this day, it is worth remembering that in 2006 the Council of Europe created Data Protection Day to celebrate the signing of "Convention 108", the first international treaty of a legal nature related to privacy and data protection, which took place on 28 January 1981 in Strasbourg, France. This date is now celebrated worldwide and outside Europe it is called Data Privacy Day.
On this date, governments, parliaments and national data protection organisations carry out activities to raise awareness of privacy rights and the protection of personal data.
It is worth remembering that in our country there is Law 18331 on Personal Data Protection and Habeas Data Action, which this year celebrates its 11th anniversary and which clearly establishes the rights of individuals regarding their personal data and the obligations of the organisations that have some of them, for whatever purpose they may have them. The fundamental principles imposed by this law and by which all those who act in relation to the personal data of third parties must abide are: legality, truthfulness, purpose, prior informed consent, security, confidentiality and accountability.
Author: Hugo Köncke - Regional Consulting Manager at Security Advisor
Connect