2•2 • Understanding data privacy and data protection •

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. "

By Javiera Atenas

The borders data opening, publishing, collection, storage and management are determined by a set of regulations and laws, which aim at preserving and safeguarding the privacy of people regarding the publication of certain information assets, even though these are collected by public bodies and managed and stored in public information systems.

The emergence of technologies and techniques for processing these data generate new asymmetries between those who own the tools and the subjects whose data are subject to these applications(Belbis & Fumega, 2019), for example AI and Algorithms, but also learning analytics or any other system product of the digitisation of the vast majority of information services, create the need to develop frameworks to protect individuals and groups from misuses of their data from public or private entities.

2• 2.1 • Principles of data privacy •

Privacy, according to Privacy international, is crucial for the protection of human dignity and constitutes one of the fundamental bases of democratic societies. It is a pillar that enables the exercise of the rights of freedom of expression, information and association. So, Data Protection is one of the ways to guarantee in practical terms the right to privacy in the context of the information society, where the storage of personal data is in the hands of public and private actors, as nowadays, it is possible to identify and single out individuals in large sets of data,  and use their personal data to monitor and surveil their behaviour or track their locations and interactions with platforms in order to perform predictive analytics.

According to the Office of the High Commissioner for Human Rights (UN Human Rights), privacy is a fundamental human right and is articulated in all of the major international and regional Human Rights instruments, including Article 12 of the United Nations Declaration of Human Rights 1948, the International Covenant on Civil and Political Rights (ICCPR) 1966, Article 17, the Article 16 of the UN Convention on the Rights of the Child; the Article 11 of the American Convention on Human Rights; the Articles 16 and 21 of the Arab Charter on Human Rights; and the Article 8 of the European Convention on Human Rights, while, according to UNCTAD 132 out of 194 countries had put in place legislation to secure the protection of data and privacy.

UNCTAD – Data protection and privacy laws worldwide 

An important element of the right to privacy is the right to the protection of personal data. While the right to data protection can be inferred from the general right to privacy, some international and regional instruments also stipulate a more specific right to the protection of personal data. To explore the landscape of data protection and privacy regulations around the globe, you can access a list by country to understand how data protection operates in different countries.

To explore the landscape of data protection and privacy regulations around the globe, you can access a list by country to understand how data protection operates in different countries.

2• 2.2 • Data protection laws and regulations•

The first-ever data protection law – Sweden’s Data Act – was created in 1973, and it basically has made illegal for any person or company to use information systems of any kind to handle personal data without a license. Iceland has the toughest privacy laws, The Data Protection Act of 2000 states that data must be obtained for specific purposes, and that people must give informed consent, thus they must be made aware in an unambiguous way of the type of data collected, the collection purpose and how the data processing is conducted and how is protected, giving people the right to withdraw their consent at any time. Not obeying the act could result in fines or even a prison term up to 3 years.

In the UK, Data Protection Act 1984 introduced basic rules on data collection and people’s rights to access data collected about them. This act was followed by the Data Protection Act 1998, which granted individuals legal rights to control information about themselves and defined a series of principles to ensure that information was processed lawfully. It was superseded by the Data Protection Act 2018 which applies the EU’s GDPR and lists a series of offences about knowingly or recklessly obtaining, disclosing, retaining, and selling or offering to sell, personal data obtained without consent.

In the European Union, data protection is regulated by the General Data Protection Regulation (GDPR) which sets out seven principles for the lawful processing of personal data, such processing can be understood as the collection, organisation, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure or destruction of personal data and its seven principles are:

  • lawfulness
  • fairness and transparency
  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality (security)
  • accountability


  • To discuss issues about data privacy with your students, we recommend using the Data, Privacy, and Identity (Design Changes for Cards) to help them to gain awareness of the different types of data collected and stored during online and assumed-to-be offline activities, reflect on the ways different types of data, and combinations of data, can reveal more about our identity than we might be aware or be comfortable with revealing, consider how the perception of harmless data collection changes when viewed through the lens of different identities and talk about the types of data users have no control over and are “essential” to the functioning of the tools, you can download and print the cards or work with them online.