Privacy is not just a policy nor is data security, although they are related concepts. It is related to your data, and who, when and how it can be collected, processed, transferred, controlled, and so on. But not only your data, it is about you as a person, your behavior, your communication (Clarke, 1999)⁠, even your thoughts and feelings, your location and space, and your association (Finn, Wright, & Friedewald, 2013)⁠.

Then, maybe you need to be the main interested in privacy, but you are not the only one. If you think about a web application which collect data about your navigation to offer personalized advertising, you should be interested -at least- about what kind of data an enterprise is collecting about you. What happens when you use an application that collect your location-data to offer location-based services (places to have dinner or to buy), but somebody track you and know when you are not at home and where you are; this information could be used to steal your belongings and even worse to rob you. In this case, the police should be worried too. Let’s consider a system used by all the hospitals in a city to collect, store and transfer patients’ data among them. What would happen if some personal data were extracted by any third, and this information were made public. It has social and legal implications, so, government organizations should care. In the same system, if there was a study about an illness, knowing the patients’ identity could affect the results, and mainly could violate the people’s intimacy. There can be many examples as the exposed here, so, who cares privacy? I think that all of us, including you, the government, public and private organizations, the whole society.

There are some organizations working on regulating privacy:

  • The Organization for Economic Co-operation and Development (OECD) with the “Guidelines on the Protection of Privacy and Transborder Flows of Personal Data”, which was released in 19801, and then updated in 20132.

  • The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) prepared the “ISO/IEC 29100:2011” Standard. The standard shows a high-level privacy framework, which aims to protect the personally identifiable information (PII) within Information and Communication Technology (ICT) systems3.

  • The Council of Europe in the treaty No. 108 about the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data” in 19814.

  • The European Parliament and The Council of The European Union in the “Directive 95/46/EC5 on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, which is in process to being updated by the “General Data Protection Regulation”6. Additionally, the “Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecomunications sector”7, replaced by “Directive 2002/58/EC (Directive on privacy and electronic communications) concerning the processing of personal data and the protection of privacy in the electronics communications sector”8, and then amended in “Directive 2009/136/EC”9.

Then, as you can see, American, European and worldwide organizations are working on this matter, releasing regulations, frameworks and standards. But every country in the world should be working on it. It means, using the standards if they are applicable or refining them according to their specific contexts.

Now we can think about how these laws and regulations are being applied in our daily life. If we are final users, how the ICT systems (mobile apps, web apps, services, and so on) we use are complying with them? How we can be sure of that?. If we are ICT services providers how we apply the law into our systems? how we can guarantee that our systems comply with them?.


References

Clarke, R. (1999). Introduction to dataveillance and information privacy, and definitions of terms. Retrieved October 28, 2016, from http://rogerclarke.com/DV/Intro.html

Finn, R. L., Wright, D., & Friedewald, M. (2013). Seven Types of Privacy. In European Data Protection: Coming of Age (pp. 3–32). Dordrecht: Springer Netherlands. http://doi.org/10.1007/978-94-007-5170-5_1

1http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

2http://www.oecd.org/internet/ieconomy/privacy-guidelines.htm

3http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=45123

4http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108

5http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF

6http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

7http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1998:024:0001:0008:EN:PDF

8http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002L0058&from=EN

9http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32009L0136&from=EN

jcaiza

About Julio César Caiza

Starting in the world of Privacy Research. PhD student at Universidad Politécnica de Madrid (SPAIN). Auxiliary Professor at Escuela Politécnica Nacional (ECUADOR).

CC BY-NC-ND 4.0 Who cares privacy? por jcaiza está licenciado bajo una Licencia Creative Commons Atribución-NoComercial-SinDerivar 4.0 Internacional.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>