What is Data Privacy?

Data Privacy governs how data is collected, shared, and used. Defining data privacy is very difficult because different data privacy laws do not explicitly explain what they mean by data privacy. It is more common for laws to spell out beat practices, consumer rights, and corporate responsibilities. This can becomes very difficult for legal practitioners because different data privacy laws mean different things. One company could be subject to multiple data privacy laws if they operate in multiple jurisdictions - which is commonplace nowadays. 

​

Some consumer rights incorporated in current data privacy laws:

• Right to be Informed - data subjects are informed about the collection and use of their data

• Right to Access - data subject can request a copy of their personal data

• Right to Rectification - if data is inaccurate or incomplete, data subjects can rectify it. 

• Right to Erasure - data subject can request the erasure of personal data related to them

• Right to Data Portability - data subjects can have their data transferred between systems

• Right to Object - data subjects can object to how their information is used by corporations

• Private Right of Action - data subject can directly sue a company for noncompliance

​

Some corporate responsibilities incorporated in data privacy laws:

• Purpose Limitation - data collected should be used for a specified purpose 

• Data Minimization - data should only be collected to the extent at is specified a purpose

• Data Security - proper safeguards should be put into place to protect the data

• Date Breach - when an unauthorized entity gains access to data 

​

These are some common terms that may or may not appear in a data privacy law. Practitioners and researchers should be aware of these concepts and can use these as search terms when deciphering or researching data privacy regimes and compliance practices. 

​

​