University of Valencia logo Logo Privacy and Digital Transformation Chair Microsoft-UV Logo del portal

The challenge of protecting the privacy of personal data in the face of the infinite circulation of data on the internet

  • May 19th, 2022
Protecting the privacy of personal data

The scale of online data traffic in the world exceeds all imaginable. The challenge is to control their privacy and thus guarantee a fundamental right.

Billions and billions of data circulate worldwide. Its volume is immeasurable. For example, according to a report of World Economic Forum, signed by Igor Tulchinsky, in 2021 the volume of data created, captured and copied on the planet totalled 79 Zetabittes (ZB). That's 79 followed by 21 zeros or, also, 79x10²¹. 

To get an idea, 1 ZB is equivalent to one billion Terabytes (TB). At home we can have a 5TB external hard drive and it will usually hold all our data. Well, how much would fit in 79 billion (TB) or, in other words, 79 ZB. That's a lot of information. 

However, the volume of data flowing around the world is expected to grow to 97 ZB this year and 181 ZB in 2025.

Much of this data contains sensitive information about us. This is information that we would not want to be shared or used without our consent. However, respect for individuals in the processing of personal data is a fundamental right, protected by Article 18.4 of the Spanish Constitution and Article 8, paragraph 1, of the Charter of Fundamental Rights of the European Union.

In other words, it is the duty of European and national institutions to ensure the protection of our personal data. Which is not easy.

In May of this year, the Irish Council for Civil Liberties (ICCL) published a report on real-time offers of our data from companies like Google to other firms that seek and pay for data such as our location, online activity, behaviour, among others. Well, according to this report, in Spain, on a daily basis, our data is offered 426 times a day, for example, to marketing companies.    

EU authorities have taken note of what the continent and the world are facing. Among the European agencies dedicated to data protection, at least two of them should be highlighted. 

The first is the European Data Protection Board (EDPB). It became operational in 2018, following the General Data Protection Regulation (GDPR). It is probably the most relevant European legal framework on data protection. 

His job is to ensure the implementation of the General Data Protection Regulation (GDPR) and the European Data Protection Directive in the area of law enforcement. To this end, it publishes guidelines on the interpretation to be given to these rules. It also issues binding rulings on this matter to provide guidance to national data protection institutions.

The second is the European Union Agency for Cybersecurity (ENISA). As its name suggests, its task is to contribute to the EU's cyber security policy and to improve the reliability of Information and Communication Technology (ICT) products, services and processes with cyber security certification schemes.

Both agencies are active and share their news through their websites (EDPB and ENISA) or social networks such as Twitter (EDPB and ENISA).

In our country, the Spanish Data Protection Agency (AEPD) is responsible for ensuring the protection of our personal data. Its website informs that any citizen, free of charge, can take action against the responsible for the processing of personal data to protect the "rights of access, rectification, opposition, erasure ('right to be forgotten'), limitation of processing, portability and not to be subject to individualised decisions".

While it is true that there is still a lot of ground to be covered on data protection, a few days ago we saw some of the road ahead. Indeed, the Spanish Data Protection Agency (AEPD) sanctioned Google LLC for "transferring data to third parties without legitimation and obstructing the right to erasure", known as the right to be forgotten. As a result, Google LLC will have to pay a fine of €10 million.