Data Privacy

Data privacy is the confidentiality and protection of personal information and the right to access and transfer that data when desired. Personal data is information applicable to one specific person that identifies or clearly refers to them. Some organizations that process data may not consider it personal if it can be applied to multiple people (such as a shared home or IP address). Protected personal data refers to data handed to a controller, either given directly by the owner or taken from the owner’s Internet traffic or general activity.

Many national and state governments have regulations for data privacy. Though security (such as encryption) is one component of privacy, it is not the same. Privacy includes an individual’s secrecy, right to choose where their data is stored and transferred, and personal freedom (which, over time, lack of data privacy can erode). Organizations often must create a privacy policy or statement, which details how they use customer data. Privacy statements are very thorough documents that help protect the business and the customer alike and explain to third parties how data may and may not be used.

Data protection laws and regulations

The GDPR (General Data Protection Regulation), introduced in the European Union in 2018, is the best example thus far of legal strictures applied to data protection. Though it isn’t perfect, the GDPR lays down thorough data privacy laws that bind all businesses that have EU customers. This includes any companies in the U.S. and elsewhere with customers that live in the European Union (which is most large companies). Under the GDPR:

  • Businesses must explain how they use data and be open in providing data to its owners. This typically means creating a privacy statement that is available for all users.
  • Individuals have the right to erasure, which can mean deleting their data from a database or fixing/deleting inaccurate data.
  • Individuals have the right to portability (moving or transferring data that was provided to a controller).

In the U.S., the California Consumer Privacy Act (CCPA) that went into effect in 2020 has requirements similar to GDPR. HIPAA protects medical wellness data for healthcare patients, and PCI DSS requires businesses to employ adequate encryption and security measures when processing card payments. Though these laws do not ensure perfect data protection, they attempt to provide privacy for customers through stringent regulations. Regardless, data breaches occur regularly. Millions of customers’ data is compromised on a monthly basis. Companies such as Microsoft and Walgreens saw data breaches in the earlier months of 2020.

Data privacy and advanced technology

Intelligent devices in individuals’ homes further complicate data privacy. Ubiquitous computing is the unobtrusive technology within our smartphones and devices that smoothly collects data and learns from it. This helps devices learn more about users and suggest things like appropriate songs, restaurants, and fitness techniques for them, but it also means that devices are gathering ever more data about their users. Webcams that gather physical data and microphones that listen to conversations cause reasonable concern about privacy.

Facial recognition is another concern: it can assist in locating criminals, but it can also fail to accurately identify people. Facial recognition technology is advancing significantly, but it has little legal regulation thus far. Some regulations have been suggested for mass surveillance, as it limits personal privacy and secrecy and can be misused in the process of identifying criminals.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...