Today, all European data protection authorities mark the Data Protection Day, a Day which has been now highlighted in our annual privacy calendar for the past four years. This particular day recalls the signature date of the European Convention for the Protection of Individuals with regards to the Automatic Processing of Personal Data, way back in 1981. The Convention was the first legally binding international instrument in the field of data protection.
The initiative of the Data Protection Day was spearheaded by the Council of Europe, with the full support of the European Commission, and called on European data protection authorities to raise awareness on data protection by informing citizens on their privacy rights and make them aware about the value of their personal data.
Education is one of the main pillars in our society. It has always been our firm belief that for an effective culture change to happen there needs to be continuous investment in the young generation. Today’s children will be our future. Culture takes time to change, but the consolidation of all the elements in the privacy formula will eventually yield the desired results.
To mark this day on the local level, the Office of the Data Protection Commissioner has distributed informative material to Form 4 students in all state, private and church schools. The uphill task is to get the message across and make citizens, particularly from a young age, aware of the inherent risks which one may be exposed to when providing personal information on the net.
The ever increasing social networking has blurred the boundaries of what can be considered private. We are living in an unprecedented era where it has become customary to routinely share personal information online. For instance, the most renowned social networking site Facebook, claims to have hit more than 350 million users worldwide. A segment of these users are certainly young people who have little or no knowledge about the potential risks and vulnerabilities they may be susceptible to. It is very likely that only a fraction of all users have ever read the terms and conditions to which they signifying agreement with. There have been countless incidents around the globe, primarily caused by third party access to freely-available personal information, which have led to identity thefts, fraud, rejection of job applications and dismissal of employees from the workplace.
But then, one can justifiably ask: how can your Office safeguard the privacy rights of social networking sites’ users in case of infringement? This is no straight forward task. Legal and technical considerations have to be factored in the evaluation of the case. In the first instance, this Office has no jurisdiction over a social networking site operator based outside the perimeters of our shores; such as the giant social networking site Facebook, which operations are located in the United States. In the local sphere, an individual who suffers an alleged violation of privacy rights caused by the posting of personal information (including a photograph) by another user has to resort to the channels provided by the site’s operator to report the person who posted the information. Action will be taken accordingly by the operator.
However the domestic legislation applies in case where the user extends the activities beyond the scope of purely personal or household activities. This may be the case where an individual uses the social networking platform to advance political, commercial or charitable goals.
The changes in the privacy settings, introduced by Facebook a couple of weeks ago, have attracted international criticism. Critics have claimed that the changes nudged users towards sharing updates with the wider web and made them traceable via search engines.
The digital age has revolutionised the way personal data is processed. More stringent technical and organisational security measures need to be implemented for the prevention of unlawful forms of access and use of the data. Everyone has to be proactive in the drive to maximise identity security since a breach of privacy may result in permanent damages which cannot be financially compensated.
Each person’s reasonable expectation to privacy is a core concept deriving from the European Union’s Privacy Directive and is this Office’s guiding principle.