“In today’s digital world, personal data is as valuable as money”

What does data protection mean?

Data protection means protecting individuals in such an important and essential aspect of their lives as their private, personal and family lives, from the perspective of the use and processing of their personal data by any type of organisation, regardless of its size.

It responds to a fundamental, personal and non-transferable right enshrined in the Spanish constitution: privacy. This implies the obligation to preserve people’s identity, reputation and privacy; it means a guarantee of respect and security of personal data that third parties must observe when processing it. Privacy belongs to the category of personality rights, which means that protecting people’s dignity and guaranteeing respect for their private lives must be the basis for the protection of personal data.

Protecting data means that countries must have regulatory frameworks supplemented by a set of practical and sectoral provisions aimed at ensuring that a person’s personal data is not misused, without their authorisation or in a way that infringes on their rights and freedoms. The protection of personal data is a right granted to individuals so that they can know and control how third parties collect, use, store, share or delete their personal data and make their own decisions.

For an individual, having control over their data means deciding who can access their information, for what purpose, and for how long. This is part of respecting their fundamental rights.

Why is it important to protect data?

Personal data reveals key information about individuals: name, address, national identity number, financial situation, medical history, ideology, political opinion, trade union membership or sexuality.

If data is not protected, it could be used without the consent of the person to whom it belongs, which could cause significant harm affecting their personal life. Data can be used to steal someone’s identity and impersonate them by opening a bank account, taking out a loan, buying products online, changing email and social media passwords, contracting telephone services, or committing fraud or scams.

The unwanted processing of personal data also involves manipulating opinions or decisions, for example by displaying personalised fake news to influence voting in political campaigns; discrimination, such as offering more expensive insurance based on history; and profiling by insurance companies or targeted advertising that exploits emotions or insecurities.

In this context, it is important to note that the owners of personal data are the individuals themselves and never the organisations that process it.

In today’s digital world, personal data is as valuable as money

We currently live in a global, digitised and hyperconnected world, where every second an almost incalculable and ever-increasing volume of data travels through the network. At the end of the previous decade, personal data was referred to as the oil of the 21st century. Today, years later and well into the century, we no longer talk about oil but about petrol in the global economy. In today’s digital world, personal data is as valuable as money.

Almost everything a person does generates personal data: shopping, communicating, working, studying or entertaining themselves. But are you aware of who collects your data and how it will be processed? Technology has become integrated into people’s lives, into their normality, personal data is shared and actions are carried out using the network. This would never happen in analogue life and that is what we should reflect on.

What is done with the data requested from you?

Another interesting question is: what is the requested data used for? Is it really to provide the service that the person has requested?

The answer is no: in most cases, the data is used to create behavioural profiles, display personalised advertising, influence consumer or political decisions, sell the data to third parties without transparency and, ultimately, to feed artificial intelligence algorithms.

In many cases, problems associated with the lack of personal data protection have been reported, both in small organisations and large multinationals. This is the case with Facebook, which was the victim of massive data leaks.

The impact that Artificial Intelligence (AI) has had on people’s lives cannot be ignored, as it is taking the use of data to another level. We live in a world where algorithms predict behaviour, facial recognition systems are available, and tools create personalised content based on personal history.

Furthermore, every click, search, shared location or social media post leaves a trace that feeds AI, and although this data collection promises efficient and personalised services, it also poses ethical, social and legal risks that cannot be ignored. The power imbalance between users and large technology platforms is one of the major challenges to be addressed, as it undermines individuals’ ability to exercise the real control and empowerment granted to them by the European General Data Protection Regulation (GDPR).

What is the power of public policy and cooperation in addressing this challenge?

Today, experts say that privacy is power. We live in a global context where the use of personal data is key to democracy, social justice and personal freedom. Citizens, governments and businesses face an urgent challenge: finding a balance between innovation, security and respect for human rights.

In this digital world, protecting personal data has become a matter of urgency, as threats arise from the misuse of information and international data transfers have become commonplace. Global problems require global solutions. In this context, public policies and international cooperation are powerful tools for addressing the risks associated with the lack of personal data protection.

FIAP has always been committed to the protection of personal data. As an organisation that processes such data, it has developed and implemented procedures, internal rules and good practices that enable it to comply with the European Data Protection Regulation. In addition, FIAP undertakes projects in which data governance is a fundamental pillar, such as the EU-LAC Digital Alliance High-Level Policy Dialogues. In this project, FIAP has demonstrated its commitment to the protection of personal data through the ‘Data Governance’ component it leads.

The European General Data Protection Regulation as a reference

The strength of public policies lies in their ability to establish common standards, pass legislation, unify criteria and share best practices. In the specific case of the EU, the European General Data Protection Regulation harmonised the data protection laws of the 27 countries and is a benchmark for countries on other continents such as Latin America and Asia. In addition, the EU has approved its European Data Strategy to become a leader in the digital economy by creating a single market for data where open data is available and the exchange of information, research and innovation are encouraged.

Joint mechanisms between countries encourage alliances between data protection authorities to exercise coordinated surveillance, which leads to more effective action and prevents companies from moving their servers to more lax countries where they can avoid non-compliance.

This type of collaboration requires multinational companies to take on a greater degree of responsibility and commitment, as international cooperation raises the level of personal data protection.

Future challenges

The future of technology and the development of AI is positioned as one of the most impactful issues for humanity in the coming years and an unprecedented challenge in terms of data protection.

The advances that technology will bring will be related to our daily lives. Before long, we will have virtual assistants, we will see the automation of daily tasks such as managing personal finances, we will have appliances in our homes that will manage our shopping, such as smart refrigerators that will detect the products we need based on our consumption habits and order them online, coordinating the delivery of the goods, we will have more accurate medical diagnoses, early detection of diseases…

The future is uncertain and the challenges are vast. Technology will not only bring innovative solutions that improve people’s quality of life, it will also bring many risks that will make people more vulnerable: bias, discrimination and manipulation will increase. Technology will change the world and the way we see and understand it. The real challenge is to use it responsibly, ethically and for the common good. This requires robust legislation to ensure the protection of personal data.

The main challenge from the point of view of personal data protection is the harmonisation of laws at the international level. The European Union has a robust and rigorous model. However, other world powers such as China and the US prioritise their commercial interests, and there are still countries that do not have data protection laws or that have only recently introduced them and are yet to implement them.

Protecting personal data should never be an impediment to technological development. However, unregulated technological development can be an impediment to people’s lives and cause great harm to their personal and family privacy.

✍🏽Charo Heras, FIAP expert in Data Governance for the EU-LAC Digital Alliance Political Dialogues Project

The views and opinions expressed in this blog are the sole responsibility of the person who write them.