What do they really want with your data? About online privacy and data protection

We´re connected everywhere and at all times. Both at work and at home we make frequent use of handy technological gadgets, often without truly considering what information we are simply throwing out onto the web. But what does that mean for our privacy?

The internet and technology are ubiquitous in our everyday life. Via social media we keep in contact, we remain aware of events or we put together a scrapbook with memories, interesting and trivial facts. With the Internet of Things this is further enriched by connected cars and smart watches.

Technology analyses our health and makes us more mobile. Moreover, big data analyses forecast flu epidemics and study social behaviour. Our health data and family situation, education and work experience are more and more finding their way into centralised databases. This improves the fast and efficient functioning of the organisations we belong to, such as trade unions, social security, university college or university, and so on. In brief, technology and data are making everyone´s life easier. Moreover, we’re better prepared for what’s coming.

However, these technological gadgets reveal their downside when it comes to privacy. The protection of privacy is sometimes lost sight of when data is collected in order to improve our well-being. We don´t always have control over this ourselves. After all, online data isn’t just the data that you release yourself, but also the data which your technology collects about you. And we have a lot less of an overview on that.

All these data make us identifiable. Driving with GPS or walking around with a mobile phone is almost impossible without being able to be identified. Moreover, direct identification - with name, age or address - isn´t always necessary; indirect data can also generate a pretty accurate picture of you, which can also lead to identification. Also daily travel patterns, purchases in the supermarket or ATM money pickups to even anonymised medical data can, when combined, also quickly result in identification. A sound policy on data protection must therefore contain clear rules about what is and what isn´t authorised, so that even in the digital age the right to privacy remains guaranteed.

Data protection

Because privacy is a fundamental right, the European institutions in 1995 adopted a data protection directive that’s one of the best in the world. After 19 years, however, the directive is beginning to display a number of shortcomings and it urgently requires adaptation to the digital age.

In addition, there’s a need for better collaboration amongst the EU Member States. Governments are restricted to their national limits, while the internet exists on the international level, because many servers happen to be located on foreign territory. This makes international cooperation necessary.

The US and EU therefore concluded a Safe Harbor agreement which entails that American companies can obtain certification each year that they fulfil the Safe Harbor principles of the EU. However, the disclosures of Edward Snowden revealed that the principles are not being strictly observed in practice. Members of the European Parliament are therefore currently arguing for a thorough revision of the agreement.

The seven Safe Harbor principles:

  1. Always make clear the purpose of the data collection.
  2. Provide an opt-out for the sharing of data with third parties.
  3. If the data are shared with third parties, the latter must also observe the Safe Harbor principles.
  4. Users can always request their data, adapt them and have them deleted, unless someone else's privacy could be endangered as a result.
  5. Provide for data protection.
  6. The collected data must be relevant for the purpose for which they are collected.
  7. Provide a contact point for complaints, along with the annual Safe Harbor certification.

Snowden´s disclosures, in combination with several other scandals, have generated a “Big Brother” feeling worldwide. According to the European Commission, clear rules are required in order to restore trust.

Clear rules for everyone within the EU must define what is possible and what not. Moreover, they will make it possible for data protection authorities to work together more quickly. In this way complaints can be effectively processed, problems quickly solved and chaos avoided. In the event of privacy violation, European users and organisations can use the same procedures to address their own national data protection authority. A Dutch citizen who has problems with an Irish company can thus turn to the Dutch authority. The international communication then runs between the governments, after which the Irish authority will contact the Irish company in order to look for a solution together.

EU a pioneer in privacy and data protection

A sound protection of data and clear regulations, with restored consumer confidence as a consequence, offer European companies a competitive advantage on international markets. The feeling of privacy amongst citizens is at a low level right now. Many internet users even engage in self-censorship. Nevertheless, these data can be used to improve the life of many people. They offer enormous opportunities for innovation, employment and the development of a digital economy. Health, care and prevention are an excellent example, but also optimisation of insurance policies and strategic communication are amongst the possibilities.

On the international level it isn´t always easy to bridge over differences in vision. This is demonstrated by the negotiations that the EU and US initiated in July 2013 on a new trade and investment agreement. At the end of October, European Commission Vice-President Viviane Reding decided not to include online data in the agreement. She declared that the protection of personal data as a fundamental right is non-negotiable. This position was reaffirmed in February in a communication of the European Commission concerning internet policy. While the European Union considers privacy of paramount importance, the American government finds, as Edward Snowden revealed, that security needs can´t always be reconciled with privacy protection.

Supporters of high data protection standards assert that a stricter reform will attract more users to European companies. Opponents fear that overly-strict laws will prompt European companies to leave for countries with less strict legislation. In January, Brad Smith, top lawyer at Microsoft, proposed allowing consumers to choose on which servers they wish to store their data. Microsoft users would then be able to opt for servers in the EU instead of American servers.

Right to be forgotten?

So, will you soon really be able to definitively remove your data from the net? The intention is to implement this ´right to be forgotten´ in the new European legislation as well. There are limits to this right, in connection with e.g. freedom of the press and historical research. In other words, search engines will not be obliged to delete your data. According to the Commission, the rewriting of your history may not be the intention. By contrast, young people who made mistakes must later receive the possibility to remove this information. Today each citizen can already contact a company or organisation with the request to remove information. In the future, these companies and organisations will also have to inform third parties with whom they share the data of this request.

Do you want to do something about your privacy yourself?

In the European Parliament, the LIBE group has been organised on privacy issues. LIBE is striving to achieve a robust privacy protection and formulates positions on the reform of the 1995 data protection directive. You can find the LIBE positions via the website of the European Parliament. You can also contact various lobbying groups, such as the Dutch Bits of Freedom and the French La Quadrature du Net.


Ines Kefel is a freelance blogger passionate about communications and new media, with expertise in data, web policy and internet governance.