The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). In simple terms, GDPR’s purpose is to ensure that your private information and personal data are stored securely. The aim of the framework aims to put you at the centre of your personal data, so you are the one who has to agree to have it stored, processed, and removed if needed. In addition, GDPR’s purpose is to force companies to reframe how they think about data privacy, making “privacy by design” (data protection through technology design) a must.
Why does it matter?
When using digital technologies such as apps or websites, your personal data is being collected. Your personal data might include your age, location data, your phone and so on. In most cases, you need to agree to a website or an app’s terms and conditions” to be able to use gain access to their content. Depending on your choice (e.g, agree to all) your choices contribute to the creation of your ‘digital/data shadow’. Through the use of different devices (e.g., computer, smartphone) you leave behind data points which are later combined to create stories about you or profiles of you and the so-called digital shadows.
When thinking about the different parties involved in the creation and management of your data shadow, GDPR distinguishes different types of actors and activities:
- Data processing — any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing and so on.
- Data subject — the person whose data is processed, In this case, this would be you using an app, website, or smart tv.
- Data controller — this is the person who decides why and how personal data will be processed. In most cases, this is a tech company (e.g., social media) or an app creator.
- Data processor — a third party that processes personal data on behalf of a data controller.
In a sense, GDPR aims to tackle the problem of the digital shadow, so you can become the one who is in charge of your data and your potential shadows. However, it is important to note that GDPR also applies to your personal data offline. This might include filling in surveys or application forms – in all cases, GDPR regulations should be followed in Europe and apply to all users accessing information from Europe.
The GDPR framework itself is obviously way more complicated and has many limitations.
That is why in this section we will explore the different topics related to the GDPR.
More on GDPR: