In the world of data protection, we are quickly burning stages: 2014 was the year of the right to be forgotten, 2015 the year of the repeal of Safe Habor, 2016 the year of the replacement of Safe Habor (the Privacy Shield) and the new EU Regulation – with an entry path until 2018 -. I would like to reflect on something that we must always keep in mind today: diligence in the management of our personal data.
The business of personal data
The big business of the 21st century is no longer so much oil as obtaining personal data, something we need to be very aware of. For many people, the value of their data tends to be zero, an issue – among others – from which big business emerges. As an example: the American company Interactive Data Intelligence has created one of the largest databases in the world (initially focused on US citizens), whose intended operation is that, by simply entering the name of a person, the database returns a detailed study of their activity: expenses paid by card, properties, residence, financial relationships between different people, consumption trends, lifestyle, … something like the business reports of companies.
[cta titulo=”¿Quieres más información sobre Derecho digital?” imagen=”/wp-content/uploads/2017/07/derecho-digital-imagen_retocada.png” parrafo=”Te facilitamos las soluciones legales que necesitas para el correcto desarrollo de tu negocio y cualquier actividad empresarial o de marketing que lo requiera.” enlace=”https://www.agenciareinicia.com/contacto/” boton=”ME INTERESA”]
According to the aforementioned company, it is not that they carry out specific investigations of certain citizens, but they have created a file of each one from public information databases or through the legal purchase of databases from other private companies. The information they integrate from the name and surname, are the known physical and electronic addresses; age, telephone numbers; movable properties (vehicles, boats, …) and real estate (homes, second homes, rentals, …), along with the financing that we may have used to acquire such properties; geolocated images; profiles and comments on social networks, conforming with all this a personal and behavioral profile, which exceeds even the perception we have of our own knowledge.
The primary purpose of these databases is to anticipate an individual’s consumption trends and decisions, which seems a bit sweeter than the purposes that government intelligence agencies may have in handling the same data, but do you really not care that someone outside of you knows what you’re ordering pizza for dinner at home today, how you’re going to pay for it and almost who you’re going to have it with?
What is the right to be forgotten?
The right to be forgotten, from the legal point of view, is an expression of the execution of the recognized rights of opposition to the processing of our data and the right to cancel such data. What it protects is the power to prevent the dissemination of our personal information on the Internet, provided that this dissemination is inappropriate or persistent in the terms that the regulations understand, that is, when information is disseminated that the passage of time itself has made obsolete, that is no longer relevant and has lost its public interest, even if the original information disseminated is legitimate because it is published in an official bulletin or is protected by the fundamental rights of freedom of expression and/or information.
I believe that beyond the right to be forgotten of a certain information about us that appears on the Web, there is the right to personal privacy in a global way, but of course, when we ourselves reveal so much information about our lives, how can I manage my privacy? We are entering a field full of contradictions: do we stop using Social Networks, do we do without our hyper-connected and hyper-vitaminated Smartphone, do we not use that magnificent “free” service – of course, paid for with our data – that solves so many things for us?
Where is the solution or the break-even point? From my point of view, we have to work in two ways. First, in the culture of the citizen and the company, of the user of digital media and channels, so that they are aware of what is involved in providing data in applications, various records and, in general, in the use of these channels and media. Here it will be the public administration (data protection agencies and network security organizations) that will play a very important role in disseminating and offering this culture. Of course, parents in the case of minors, a particularly vulnerable group that causes me great concern due to the fashion or social need that makes children of 9 or 10 years old already have smartphones (and even the star gift of communions) with the consequences of unwanted intrusion, improper handling in danger of their own safety and access to content not appropriate to the age range or maturity required. Secondly, file managers and especially those who offer digital services – as the new Regulation requires – will have to pass from one formal privacy to a managing your privacyIn other words, digital tools should allow – without hindrance and impairment of its basic functionality – the management of the data you give or share, through a control panel with the same access as the rest of the functionalities, which does not collude with the right to be forgotten, which is a different thing, but it is about the responsible management of your data by the user, through the access control or privileges granted.
David Garcia
ICT Lawyer
