4 - Data protection and privacy
Published online by Cambridge University Press: 08 June 2018
Summary
Introduction
Most developed countries have at least a minimum level of data protection legislation in place; the USA is notable in having only limited protection at a federal level, although many states have introduced such legislation. On the one hand, everyone should have the right to freedom of expression, the freedom to hold opinions and to impart information and ideas without justified interference. On the other hand, every individual has the right to privacy – to be left alone. These two worthy concepts can, and do, sometimes collide.
Typically, a data protection law requires the following:
• Data controllers (those who manipulate data about individuals) must register with a supervisory body if they currently, or plan to, use personal data, and if that data can be searched or manipulated using the individual's name (or some code equivalent) as the search key.
• Data subjects (the individuals who have data about them stored and manipulated by third parties – every one of us) have the right to inspect what information is held about them.
• Data subjects have the right to demand to know whether data is held about them.
• Data subjects can sue for damage caused by inaccurate data about them, or for other breaches, such as unauthorized release of such data.
• Data controllers must abide by certain general principles and codes of practice.
• No doubt there would be exemptions for matters of national security, crime prevention and so on.
• There must be systems in place to prevent unauthorized access, deletion or amendment of records containing personal data.
However, some countries’ legislation goes much further, for example, stating that:
• data controllers must explicitly request the permission of data subjects before handling their personal data
• data subjects can insist that data about them is deleted
• data subjects are entitled to know to whom data about them has been passed, and where data about them has come from
• no decisions about the data subject may be made purely relying on information obtained from personal data files.
- Type
- Chapter
- Information
- Publisher: FacetPrint publication year: 2012