Online privacy rights are a hot topic across most countries of the world, especially in the European Union, Canada, and the United States. Many laws have been passed as a result of campaigns for privacy rights protection occasioned by scandalous revelations of data breaches. Moreover, abuse of citizens’ privacy rights by internet companies and government agencies. The watershed was the revelations surrounding Cambridge Analytica’s manipulation of the data of millions of Americans to help Donald Trump win the US Presidential election. Another revelation that shocked people across the world was Edward Snowden’s revelation of massive data collection by the National Security Agency (NSA).
These coupled with the collection of online users’ data, storage and sale to advertising companies had prompted governments to respond with legislation that guarantees online internet users more rights and limits the ability of internet companies to collect and sell these data as they wish.
In the European Union, the most important law is the General Data Protection Regulation (GDPR). In the United States, there is hardly any federal regulation of the internet except a patchwork of laws. The states have taken more action toward online privacy rights protection. Foremost among these is California Consumer Privacy Act (CCPA). While these laws exist, the authorities hardly put in much effort to educate citizens about their online privacy rights under them. These laws grant wide-ranging online privacy rights consent.
General Data Protection Regulation (GDPR)
The GDPR applies to both public and private organizations operating in the European Union and those based in other countries outside of the European Union but offer product and services in the European Union such as Amazon, Google and Facebook etc. The consent rule requires that an organization request users’ consent before processing their data. Internet companies are required to obtain users’ consent before collecting, storing and sharing their data. To obtain users’ consent, the companies are to inform the person whose data is to be processed about the company or organization that is to process the data, their contact details and the contact details of the data protection officer where there is one. The company must also inform the internet user about the reason why the organization will use their personal data, how long the company or organization intends to keep the users’ personal data, and details of other companies that the data will be shared. The consent form will also include information about users’ data protection rights, access, complaint and withdrawal of consent. Similarly, consumers have a right to data portability. The right to request personal data generated when using an online service to be transferred directly to another company when this is technically possible. This right can be used to switch from one online service to another similar service.
California Consumer Privacy Act (CCPA)
Under the CCPA, internet users in California have a right to consent or withhold consent, a right to access their data, delete and sue companies for breach of data. Internet users have a right to request access to the personal data that a company has about them. They also have a right to get a copy of such data without charges in a format readily accessible. When an internet user requests a copy of their personal data, the organization holding such data has a month to reply and provide the requested data including information about how the data has been used or is being used.
Both the CCPA and GDPR grant internet users the right to consent, access and deletion private data. Internet users also have a right to withdraw their consent. Internet users who had previously consented to their data being collected and processed can withdraw their consent whenever they choose to withdraw their consent. To withdraw consent, the person involved will contact the company or organization holding the data, stating that he or she is withdrawing permission for the use of personal data. Users also have the right to object to receiving direct marketing messages.
In the same vein, users have a right to be forgotten. This means the right to request the deletion of one’s personal data collected by internet companies and online data collection and processing organizations. The GDPR and CCPA grant internet users in their jurisdiction these rights. The main difference is that the GDPR requires companies to obtain explicit consent before consumers hand over their data while the CCPA only requires that a privacy notice be made available.
When these personal data are no longer needed or are being used illegally, internet users can demand that they be deleted. They also have a right to sue. If a company obtained and stored incorrect data about a consumer or some information is missing, the user has a right to request that such information be corrected. In case of unauthorized access or data breach leading to the theft of personal data, the data controller is required by law to report the incident to the national data protection authority and consumers have to be directly informed if there are serious risks resulting from the breach.
Apart from these policies, you can always protect your online data with an added layer of protection using privacy apps like Hoody. It will help you protect your privacy and security. When using your browser with Hoody, each one of your tab and website gets a new IP, a new location and a unique set of Fingerprints, making tracking impossible. Hoody Phantom Browsing™ future-proof technology beats the most advanced and invasive tracking techniques.
In conclusion, recent legislations have enshrined privacy rights that give internet users more rights over their data and to decide how they are used. But unfortunately, most people don’t even know they have these rights because authorities aren’t doing enough to educate citizens about their rights. More needs to be done concerning enlightenment and advocacy.