Friday 17 October 2014

What’s the difference between data protection and privacy?

An animated conversation broke out at a recent meeting of the Crouch End Chapter of the Institute of Data Protection. Members were discussing the differences between data protection and privacy. 

Eventually, we decided that data protection was relatively easy to define. It referred to legal controls over access to and use of data stored (mostly) in computers.

Privacy, on the other hand, was harder to pin down. It was multi dimensional, best described in terms of:
  • Privacy of personal information. This is any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, locational or social identity. Privacy of personal information involves the right to control when, where, how, to whom, and to what extent an individual shares their own personal information, as well as the right to access personal information given to others, to correct it, and to ensure it is safeguarded and disposed of appropriately. 
  • Privacy of the person. This is the right to control the integrity of one’s own body. It covers such things as physical requirements, health problems, and required medical devices.
  • Privacy of personal behaviour. This is the right of individuals to keep any knowledge of their activities, and their choices, from being shared with others.
  • Privacy of personal communications. This is the right to communicate without undue surveillance, monitoring, or censorship. 
So, there you have it. If you ever needed a conversation stopper at a drinks party, you can ask your chums for their views on the difference between data protection and privacy.

Many thanks to the member who recalled the great work on privacy that Roger Clarke has carried out in this area. 

Image credit: