Privacy and Data Protection

Question 1

Key aspects of Privacy

Answer 1

• Freedom from intrusion: No unwarranted interference.
• Control over personal information: Decide how your data is shared.
• Freedom from surveillance: Avoid being monitored unnecessarily.

Question 2

Human Rights

Answer 2

Right to live privately without government interference (e.g., Article 8 of the Human Rights Act).

Question 3

1960s Historical Context

Answer 3

Collection and distribution of information became a commercial activity.
* Governments centralized information about private affairs.

Question 4

1970s Historical Context

Answer 4

• Younger Report (1972) raised concerns:
  
  1. Compiling personal profiles on single databases.
  2. Data matching across multiple databases.
  3. Unauthorized access to personal information.
• UK labeled a “data haven” due to lack of regulation.

Question 5

1984 Historical Context

Answer 5

Introduction of the Data Protection Act.

• Focused on protecting personal data of identifiable individuals.

Question 6

Data Protection Act 1984

Answer 6

Key terms:
* Data subject: Individual whose personal data is processed.
* Data users: Entities processing or controlling data.
* Computer bureaux: Organizations processing data for others.

Enforcement:
- Monitored by the Data Protection Registrar.

Question 7

Sneaky Responses

Answer 7

Terms of Service (ToS):
* Legal agreements between service providers and users.
* Often used to collect extensive user data without transparent consent.
* Example: Licensing user-generated content to the platform.

Question 8

General Data Protection Regulation (GDPR)

Answer 8

• Overview:
  * Enacted in 2018 to regulate personal data processing across the EU.
  
  • Became a model for global data protection laws.

Question 9

Key Principles of GDPR

Answer 9

1. Lawfulness, Fairness, and Transparency:
   
   • Clear user consent or other legal basis for data processing.
2. Purpose Limitation:
   
   • Data collected for specific, legitimate purposes only.
3. Data Minimization:
   
   • Only necessary data should be collected.
4. Accuracy:
   
   • Personal data must be accurate and kept up to date.
5. Storage Limitation:
   
   • Data stored only as long as needed.
6. Integrity and Confidentiality:
   
   • Data must be secure.
7. Accountability:
   
   • Organizations must demonstrate compliance.

Question 10

Rights of Data Subjects Under GDPR

Answer 10

1. Right to be Informed: Know how data is used.
2. Right of Access: Obtain copies of personal data.
3. Right to Rectification: Correct inaccuracies.
4. Right to Erasure (“Right to Be Forgotten”):
   
   • Remove data under specific conditions (e.g., withdrawal of consent).
5. Right to Restrict Processing.
6. Right to Object: Refuse data usage in certain contexts.
7. Right to Data Portability: Transfer data between platforms.

Question 11

Right to Be Forgotten

Answer 11

• Allows individuals to request removal of their personal data.
• Exceptions:
  
  • Freedom of expression.
  • Public health or public interest.
  • Legal obligations.
• Challenges:
  
  • Streisand Effect: Attempts to hide information can increase attention.

Question 12

Real-World Breaches and Fines

Answer 12

• HIV Scotland:
  
  • Fined £10,000 for an email data breach exposing 105 individuals.
• British Airways:
  
  • Fined £20 million for a data breach affecting 400,000 customers.