GDPR-The Act of Balance!!
As we developed the identity platform, privacy became an essential theme for platform design. This topic further led to the exploration of “Privacy by Design” and “PET (Privacy Enhancing Technology)” which is a field of interest for Aikaki Limited. This article summarizes critical articles of GDPR- The General Data Protection Regulation, the most essential act of “Privacy,” which has changed how consumer data is handled within an enterprise.
Aikaki follows “Privacy by Design” as the system design theme for the identity platform and developing privacy-enhancing tools for consumers. We will discuss more of these topics in later articles.
History…
A 42-page article called “The Right to Privacy” in the Harvard Law review in 1890 is the first known writing about privacy. This article talks about the importance of consent when being photographed or recorded. This article came because of commercial cameras appearing on the scene. Fast forward a century later, in 1994, Netscape released a browser that made online tracking possible, and around the same time EU came up with the “Data Protection Directive.” The act aimed to protect fundamental rights and freedoms in processing personal data. This act later transformed into what we know today as GDPR- The General Data Protection Regulation.
Key Terms…
Personal data are defined as “any information relating to an identified or identifiable natural person(“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” (source: Wikipedia)
The notion of processing means “any operation or set of operations which are performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;” (source: Wikipedia)
Data, data, and more data…
Data is a digital fuel for innovation, and everybody (Businesses) wants more of it. With the proliferation of consumer applications and social media in the backdrop of 5G and IoT, consumer concerns about data privacy and security are rising. As per the latest surveys, 30–40% of internet users are worried about their data privacy.
As with the Data Protection Directive 95/46/EC, the GDPR has ultimately set a foundation for global privacy regulations that have forced organizations to re-evaluate their privacy-compliance practices and move to a higher baseline of standards.
This article states that you need to have a legal basis for processing the data this could be a contractual obligation, consent from the user for processing the data, legal obligations, or other interests to protect the individual. This article also states that you need to be transparent about how data is collected, processed, and managed within the organization.
It means that you must be clear about why you collect your user’s personal data and how you use it. If you use personal data for another reason than initially specified, its use is fair, lawful, and transparent.
Collect is what is relevant for your purpose; less is better. Holding more data than is required is unlawful and breaches the data minimization principle.
This is self-explanatory, Businesses should take reasonable steps to ensure the data they hold about an individual is accurate.
Businesses cannot hold data for longer than is required and must justify the reason for storing the data.
This article covers all that business need to do to protect information like encryption, anonymization, access control, cyber security, etc.
Businesses are responsible for showing compliance and are held responsible for violations.
The information in this article is for informational purposes only and should not be construed as legal advice on any matter of GDPR.
OkularID is a unique digital identity management platform to authenticate and validate user credentials in the digital space. It is promoted by Aikaki Limited, focused on developing a user-centric digital identity wallet enabling users to share their credentials and digital assets and securely sign documents.