Let’s just start by calling a spade a spade — data privacy in the enterprise sector is often more of an afterthought than a priority. This is true for most companies that enjoy unchecked access to the private personal information of users. Regardless, personal data protection is a digital right.
These businesses, especially Big Tech, often exploit sensitive user data to create in-depth consumer profiles. They then use these consumer profiles to supplement their business strategy and revenue streams. And yet, most of these companies have periodically forced us to watch helplessly as our sensitive personal information falls into wrong hands due to their negligence or questionable security infrastructure. And it’s not just businesses, how many times have we seen governments going out of their way to keep a tab on citizens and their digital footprints in the name of national security and whatnot?
To counter such blatant attacks on privacy, a movement is currently underway to make our right to online privacy supersede corporate greed or prying government eyes. And to make this movement successful, the average internet user must be in the know of the ideas and issues surrounding data privacy, so they cannot be taken for a ride anymore. That’s precisely what this guide is about.
Table of contents
- What is data privacy?
- Data privacy vs. data protection
- Why is data privacy important?
- Data privacy laws in major economies
- Top 5 major threats to online privacy
- TikTok repeatedly proves why we need data privacy
- 10 tips to protect your data privacy
- Digital privacy in crypto
- Always stay updated and vigilant
- Frequently asked questions
What is data privacy?
Data privacy or information privacy describes the practices meant to ensure that the data shared online by an individual is only used for its intended purpose. It is a subset of the broader data protection area that deals with the appropriate handling of user data agreeing with existing data protection regulations.
Online privacy (also called “internet privacy” or “digital privacy”) and data privacy are widely considered among the most crucial consumer protection issues today, as they deal with the right of individuals to have control over how their personal information is collected and used.
Note that although the terms “data privacy” and “personal data protection” are sometimes used interchangeably, they’re not exactly the same. More on that below.
Data privacy vs. data protection
Simply put, data protection deals with protecting user data from unauthorized use. Data privacy, meanwhile, deals with who has authorized access to that user data.
Data protection is mostly about having robust technical control and security infrastructure to safeguard user data. Meanwhile, data privacy requires transparency and regulatory compliance.
So, in a nutshell:
- Data protection addresses technical control systems that keep data safe. Information privacy is about ensuring transparency while establishing standards and norms for data accessibility.
- The onus of ensuring data protection lies on teams consisting of experts from technical and digital security backgrounds etc. Information privacy teams mostly consist of experts from law and policy-making backgrounds.
- Having either of the two doesn’t automatically ensure that you have the other as well. It is possible for a company to have robust data protection mechanisms but awful information privacy standards (and vice versa).
Why is data privacy important?
To answer that, first, make a mental note of all the information you have shared online to date. If you are anything like most internet users, chances are you have shared at least your name, email address, physical address, phone number, and some financial details, such as your bank account or credit card info, among others, on multiple platforms. Would you want such sensitive personal info to ever fall into the wrong hands?
Nothing good comes out of a situation that involves sensitive personal data falling into the wrong hands. For example, a data breach at a government platform could lead to enemy states or operatives gaining access to sensitive information. A breach at a financial services provider could give away your credit card details to the perpetrators. Similarly, a breach at a university could put students’ PII in the hands of malicious actors, paving the way for potential identity theft.
So as you can see, data privacy is not merely a luxury, but a basic necessity that we cannot do without in this information age.
Data privacy laws in major economies
Most countries/regions have their own versions of data protection and privacy laws. The following is a rundown of some of these laws in major countries with substantial digital footprints:
The United States
The U.S. doesn’t have one single comprehensive data protection and privacy law that covers all types of data. Instead, it has a mix of laws, including:
- Fair Credit Reporting Act (FCRA): The FCRA is a U.S. Federal Government legislation that aims to ensure the accuracy, fairness, and privacy of consumer information in the files of consumer reporting agencies. It has been in effect since 1970.
- Electronic Communications Privacy Act (ECPA): Effective since 1986, the ECPA protects electronic communications data. The act covers email and telephone conversations, as well as any data stored electronically.
- Children’s Online Privacy Protection Act (COPPA): The COPPA is a federal law that imposes specific requirements on online services and website operators to safeguard the privacy of children under 13.
- Health Insurance Portability and Accountability Act (HIPAA): HIPAA mandates the creation of robust national standards to protect sensitive patient health information.
- Gramm-Leach-Bliley Act (GLBA): This federal law requires financial institutions to disclose how they protect and share nonpublic personal information (NPI) of customers.
- Video Privacy Protection Act (VPPA): The U.S. Congress passed the VPPA in 1988 to restrict the ability of video providers to extract and disclose a consumer’s personally identifiable information from their rental, purchase, or subscription history (of audio/visual materials).
- California Consumer Privacy Act (CCPA): The CCPA basically allows California consumers to demand access to all the information an organization, such as a company, has saved on them. The law also grants consumers the ability to see how the organization is using their personal information.
- California Privacy Rights Act (CPRA): The CPRA amends CCPA and includes additional privacy protection measures for consumers in the state. However, it doesn’t replace the CCPA.
- Virginia’s Consumer Data Protection Act (VCDPA): The law grants consumers greater control over the personal information businesses have on them. It also provides specific guidelines to businesses on how to deploy better and more practical privacy measures.
- Colorado Privacy Act (CPA): The CPA gives Colorado residents the right to opt out of targeted advertising or certain types of consumer profiling. It also prevents businesses from selling the personal data of users without their consent.
- SHIELD Act (New York): SHIELD is the acronym for Stop Hacks and Improve Electronic Data Security Act. It amends New York state’s existing data breach notification laws. Additionally, the act also imposes more stringent data security requirements on businesses that collect data on the state’s residents.
- Utah Consumer Privacy Act (UCPA): The UCPA gives Utah residents the right to 1) find out if any business is processing their data, 2) opt-out from having their data processed, 3) request copies of their data, and 4) forbid a company from using their data.
General Data Protection Regulation (GDPR): GDPR is a comprehensive data protection law for regulating how companies protect EU citizens’ personal data. Some key data privacy and protection requirements of the GDPR are:
- Businesses must acquire the consent of users before processing their data.
- Data should be collected anonymously to protect the privacy of users.
- Businesses must provide data breach notifications within a reasonable time.
- Optimal safety while transferring data across borders.
- Certain businesses must appoint a data protection officer to ensure compliance with GDPR requirements.
China has three laws to provide a comprehensive approach to cybersecurity, data privacy, and data protection. These are:
- Cybersecurity Law (CSL): The CSL aims to protect China’s national security interests in cyberspace while combating online crime and improving information and network security.
- Data Security Law (DSL): The DSL expands on the scope of the CSL and focuses on national security, as well as the classification of data. It also expands on data localization and the cross-border transfer requirements for important data.
- Personal Information Protection Law (PIPL): It is the most recent of the three laws and went into effect on Nov. 1, 2021. It has many similarities with the EU’s GDPR.
Top 5 major threats to online privacy
Online or internet privacy issues can range from the personal information you willingly share online and the annoyance caused by targeted ads, to targeted hacking and mass breaches.
Here’s a roundup of some of the most common threats to online privacy that you should be wary of.
1) Social media data harvesting
Social media privacy issues have been frequently in the limelight for a while now. Especially after the infamous Cambridge Analytica episode that involved unethical and illegal acts, including manipulation of voters, doxing, and cyberbullying.
That was just the tip of the proverbial iceberg, though. Social media giants like Facebook (now Meta) have suffered multiple data breaches, including one that compromised the data privacy of more than 500 million users. The leaked data included the full names of users, their phone numbers, location, email addresses, and date of birth, among other details.
2) Tracking by search engines
In addition to keeping a log of your online searches, search engines also track what websites you visit. That’s not all; if your search engine provider also happens to be your browser, they can track your browsing history too.
Typically, search engines like Google and Bing collect the following types of data:
- IP address
- Search history
- Click-through history
They often combine this information for “profiling” you as a consumer. In other words, they use your browsing habits and preferences, online shopping preferences, and social media activities to create a consumer persona for you. Needless to say, this is a serious privacy issue. Among other aspects, profiling someone with their personally identifiable information can lead to serious consequences when the data falls into the wrong hands following a cyberattack or data breach.
3) Mobile app permissions
All mobile apps require access to certain types of data and hardware to ensure optimal performance and user satisfaction. For example, it is perfectly normal for a photo editing app to request access to your phone’s gallery. Similarly, if you deny Google Maps access to your location, it will simply stop working.
However, you may have also noticed that some apps request certain permissions (or access) that do not even make sense. For example, a simple app for taking text-based notes probably has no business requesting access to the phone’s gallery, camera, and microphone.
The point here is that if you are not careful, shady app developers may gain undue access to your personal data. The silver lining here is that the smartphone operating systems these days are coming with better and more practical ways to manage permissions granted to individual apps.
4) Tracking with cookies
Cookies are generally harmless and even useful. For those out of the loop, cookies are small pieces of code that collect your browsing information. Their purpose is to help websites remember your language settings, login preferences, and other details.
However, cookies can be a double-edged sword if they start collecting huge volumes of data without user consent.
5) Online identity theft
As far as the history of crime goes, Identity theft has been around for a long time. In fact, it predates the internet by centuries. However, the information age has made it even easier for con artists to go around stealing unsuspecting victims’ identities.
Online identity theft most commonly happens when the perpetrators gain access to your personally identifiable information such as your social security number, driver’s license, bank account details, etc. In many cases, these criminals will put up your now-stolen identity for sale on the dark web.
The common ways to commit online identity theft include phishing, malware infection, and social engineering, among others. Personal data protection helps to avoid these types of crimes.
TikTok repeatedly proves why we need data privacy
While tech giants and social media platforms such as Google and Meta have periodically drawn flak from the authorities over their questionable approach to data privacy, TikTok seems to have taken the risk levels to a whole new level altogether.
The platform settled a class-action lawsuit earlier this year regarding the inappropriate collection and use of personal data from users. The settlement is the direct result of 21 lawsuits, including a few that were filed to protect the privacy rights of minors.
Notably, TikTok denied all the allegations, but agreed to pay $92M in settlement to compensate the users affected.
TikTok is possibly the most invasive of all social media apps on multiple counts. Especially, when you consider the backdoor it allegedly has to allow Chinese engineers (and possibly the Chinese government) access to user data.
Note that the Indian government has already banned TikTok over security concerns. The U.S. government has not banned it yet, but the platform is under security review for a while now.
TikTok’s alleged ties with the Chinese government
TikTok is owned by ByteDance, a Chinese company. Because of this, many critics suspect that the Chinese government may have something to do with the app and its rapid growth on a global scale. Note that it is not uncommon for Chinese-origin companies to face this suspicion. Huawei, for example, faced similar problems over its alleged links with the Chinese government.
The suspicion, however, is not entirely unfounded, considering that in the Chinese political system, the government has far greater control and influence over private companies (which is not usually the case in most democracies). So, it is quite possible that the communist government could (and likely will) collect data from a globally popular app like TikTok.
Even the hacktivist group Anonymous, known for their pro-privacy stance, put out a tweet in 2020 claiming that TikTok is a spyware created by the Chinese government. It is important to mention that personal data protection from the government is not for criminals, but is a digital right.
TikTok has repeatedly denied these allegations. However, the denial has hardly changed the perception on the ground. Especially now that the company has acknowledged that its staff in China can access user data from other countries, including the U.S.
Suspicious browser trackers raise a few eyebrows
A 2019 research by a German data privacy website found that TikTok installs browser trackers on your device that can monitor and log all your internet activities. ByteDance defended the use of these trackers by saying that their purpose was only to prevent “malicious browser behavior.”
But that didn’t quite explain why TikTok was using the fingerprinting technique that allocates each individual user a unique ID. Could this be for linking data to their source profiles in a targeted manner? Regardless, these practices are a threat to personal data protection.
Of course, ByteDance once again denied all these allegations. However, they didn’t explain what they meant by “malicious browser behavior.” Neither did they explain what happens to the data these browser trackers collected. It also didn’t shed light on why it collected the IP addresses of users. And above all, it never managed to explain what gave it the right to access your browser in the first place.
Is TikTok really a spyware?
In 2020, a Reddit user reverse-engineered the TikTok app to access and verify all things under the hood. They found that the app was collecting all kinds of data, including data that it doesn’t require to execute its functions as a short-form video hosting service:
- All about your device’s hardware configuration, including CPU type, screen size, dpi, memory usage, hardware ID, storage space, etc.
- Network information associated with the device, including your local and public IPs, MAC addresses of your device and the router, Wi-Fi name, etc.
- The list of apps installed on your device
- Location data (although, it may be necessary for some features to function)
- If your device was rooted or jailbroken
In addition, the fact that the app sets up a proxy server in your device without any kind of authentication whatsoever doesn’t inspire much confidence either.
Despite all these red flags, however, TikTok continues to grow by the millions. That is clearly a sign that the awareness surrounding data privacy — both on individual and policy levels — has not been quite up to the mark.
10 tips to protect your data privacy
1) Password protect everything
Always password-protect each and every device you own, including your home computer, smartphone, tablet, or any other that stores your sensitive personal info. Do not make it easy for malicious actors to steal your data should you ever lose any of your devices.
2) Use strong passwords
It may sound obvious to some readers, but you wouldn’t believe how many internet users still keep ridiculously simple passwords. Any password that’s even remotely guessable is a bad password. You might want to avoid that mistake.
3) Avoid reusing passwords
Once again, this is a no-brainer. The idea is to use one unique password for each website or online service you use. This way, even if one of your passwords is compromised somehow, the extent of the subsequent risk will be limited to only that particular website/service that you use that password for.
Granted, you probably regularly use dozens of websites and online services regularly, like most of us do. If you worry that remembering so many unique passwords is going to be an issue sooner or later, you might consider using a trusted password manager with a good track record.
4) Be extra choosy while picking a browser
Your web browser is pretty much your gateway to the web. Therefore, it makes sense to use a browser that doesn’t track your every move and offers a relatively higher degree of privacy. Brave browser, for example, promises to keep you safe from privacy-invasive ads and trackers. It blocks any third-party data storage while preventing browser fingerprinting.
5) Secure your browser
Even if you are using a more popular but less privacy-friendly browser like Google Chrome, you will still want to walk that extra mile to keep your browsing habits private. The obvious first step to that would be to keep advertisers out of your browser to the extent practically possible.
The same goes for third-party cookies — you want to avoid them as much as you can. Check out these useful guides on how to block cookies in Chrome, Firefox, Safari, and Edge.
6) Limit all app permissions
We have already discussed how some shady app developers stealthily gain access to your personal data through their apps. Limiting all app (or website) permissions to an absolute minimum is the only way to ensure complete personal data protection.
Consider disabling all possible sources of analytics and tracking. Go through each and every app individually, if necessary, to know which apps have access to what kind of data, files, or services. Remove all unnecessary permissions. Maybe your guitar tuning app doesn’t really need to access your contacts, after all!
7) Never click on suspicious links
Yeah, it may sound too obvious, but some people still make that mistake and end up compromising their online privacy. Never click on any suspicious links, pictures, banners, pop-ups, or email links that you don’t have a reason to trust.
8) Use social media wisely
Just because you can share every mundane detail of your life on social media doesn’t mean you have to. And even if you do, carefully consider who can access your relentless stream of status updates, memes, and photos.
Even if you use social networking platforms scarcely, it is still a good idea to periodically check your privacy settings.
9) Passwordless authentication
Another great security option is passwordless authentication. This removes the need for a password and instead uses biometric identification — like a thumbprint — to verify credentials. It also makes use of cryptography, with the private key being unlocked after the verification. HYPR is one such platform that offers passwordless authentication.
10) Only use secure Wi-Fi connections
Granted, it is convenient to use the free Wi-Fi at your local Starbucks. On the flip side, however, there is no guarantee who is tracking and interpreting the internet traffic on that network.
So, the rule of thumb is that if you’re on a public Wi-Fi network, avoid conveying any private information. Browsing websites is fine — specifically, websites that do not require you to enter any password or personally identifiable info. However, using online banking or entering your credit card info to buy stuff online is not.
11) Beware of phishing scams
Understand and learn how phishing scams works and how to spot one upfront. Grow familiar with how malicious actors use social engineering and other tricks to lure unsuspecting victims. Once you get to know the tricks of these con artists, it becomes way much easier to avoid them.
Digital privacy in crypto
So far, 2021 has been the most active year for cryptocurrency hacks. Hackers stole nearly $3.2 billion. However, 2022 is a close second, on the verge of breaking that record with $3 billion already stolen. Some of these hacks and exploits stemmed from smart contract failures. However, others were avoidable and a result of negligence, such as leaving one’s private keys on cloud services.
Digital privacy is of the utmost importance in the world of cryptocurrency. Without strong privacy protection in place, individuals risk having their personal information and financial transactions exposed to potential hackers and fraudsters, which could result in the loss of their cryptocurrency.
Personal data protection is especially important in the cryptocurrency world. This is even more relevant for figures and entities with a public face, as this likely makes them a target for exploitation. Large businesses and public faces become the object of attacks, as seen with the Wintermute exploitation.
Wintermute, a prominent crypto market maker based in the United Kingdom, lost approximately $162 million after its DeFi operations were hacked in September. This hack was not caused by a smart contract vulnerability, but by the use of a vulnerable private key to attack the platform, which was either leaked or brute-forced.
Cryptocurrency was created with digital privacy at the forefront, it’s what drives the innovation of the space. The proliferation of zero knowledge technology and decentralized identities shows that personal data protection is a digital right.
Always stay updated and vigilant
Ensuring and improving your data privacy is not a finite process. It requires constant vigilance for as long as you keep on using the internet. However, if you stick to these simple tips we have shared above, they’ll eventually become your second habit.
Also, scams and con artists are always evolving. So, it makes sense to keep yourself updated on the latest trends and events related to cybersecurity.
< Previous In Series | Crypto Security | Next In Series >
Frequently asked questions
What is data privacy?
Data privacy describes the practices meant to ensure that the data shared online by an individual is only used for its intended purpose.
Why is data privacy important?
Data privacy is important because you don’t want your sensitive personal information falling into wrong hands.
How does blockchain support data privacy?
Blockchain transactions enable users to control their data through public and private keys, thus allowing them to own it.
Is the TikTok data privacy settlement real?
Yes, it is real.
How much is the payout for TikTok settlement?
How can I protect my privacy online?
Please refer to the section above called “10 tips to protect your data privacy.”
In line with the Trust Project guidelines, the educational content on this website is offered in good faith and for general information purposes only. BeInCrypto prioritizes providing high-quality information, taking the time to research and create informative content for readers. While partners may reward the company with commissions for placements in articles, these commissions do not influence the unbiased, honest, and helpful content creation process. Any action taken by the reader based on this information is strictly at their own risk.