Most of us are aware that we have a right to privacy, but very few people I’ve spoken actually understand where that is laid out, and what is in place to enforce it on your behalf. Fewer people still take an active part in their own defence.
Before I go any further, I will once again reiterate (as I have in most of my blogs on GDPR), that I am NOT a privacy expert. I do cyber/information security, and while it has very little to do with privacy, it’s clear that the two have become inextricably linked. To the detriment of both I might add.
In my experience, the average person has no idea what their right to privacy means in real terms. They a have an expectation of privacy on the Internet (for example) and are somehow shocked and upset when things go wrong. Usually followed by finger pointing and lawsuits. This is little different from me thinking my right to freedom is somehow violated because I’m stuck in traffic.
To be clear, your human right is “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”. Nothing in here protects you when you give your personal data away for the sake of convenience, personal gain, or a few dozen ‘likes’ on Facebook. Nor should it.
Did you also know that privacy, while a ‘fundamental’ right is not an ‘absolute’ right? For the sake of this argument, fundamental rights are the 30 Articles of the Universal Declaration of Human Rights, and the absolute rights correspond to what are commonly called ‘natural rights’; life, liberty and so on.
For example, and certainly from my perspective, my right to life far outweighs your right to data protection (unless the loss of privacy puts YOUR life at risk!). This is what the GDPR means when it says in Recital 4;
“The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.”
But do you know what’s more ludicrous than not understanding your rights? Not understanding that the GDPR and all other privacy regulation were written for YOU! To protect YOU and YOUR loved ones, not to protect the businesses you work for! The number of articles on LinkedIn alone where people are complaining about how difficult/complicated it all is, how it’s impossible to comply, is ridiculous. Are you kidding me?!
This is YOUR data it’s trying to protect, and it’s trying to protect it from the very organisations who segued our personal data into profit for the last few decades without a thought to the impact. It’s putting the power back into your hands, giving you the mechanisms to control who does what with your data.
None of which does you any good if you don’t know what those mechanisms are.
And now be honest; have you even read the GDPR? Not just by giving it the once over, I mean actually READ it? Taken each Recital and tried to translate it into both a simple title and a plain language description that anyone can understand? Taken each Article and mapped it to not only the underlying Recitals, but every external document that supports it?
I have, and it took me over a month. Time well spent given the enormous impact the GDPR is going to have on the very fabric of life online.
The GDPR is the most important step in the world of privacy in a generation, and it is the responsibility of every ‘natural person’ / ‘data subject’ to understand it. As an individual AND an employee, take the time, it’s worth it.
[If you liked this article, please share! Want more like it, subscribe!]