Digital Media 101: Digital Media Law and Ethics - Privacy and Data Protection GDPR CCPA Cookies informed consent

What It Is

Privacy and Data Protection refers to the set of practices, laws, and technologies designed to safeguard individuals' personal information and online activities. A key example is the General Data Protection Regulation (GDPR), a comprehensive EU law that sets standards for data collection, storage, and sharing. The GDPR matters because it has significantly impacted digital culture by forcing companies to prioritize user consent and transparency, influencing platform design, and shaping the digital economy by setting global data protection standards.

Key Terms & Concepts

• GDPR: A comprehensive EU law regulating data protection and privacy for individuals within the EU and beyond.
• CCPA (California Consumer Privacy Act): A US state law that grants California residents control over their personal data and requires businesses to disclose data collection practices.
• Cookies: Small text files stored on users' devices to track online behavior and preferences.
• Informed Consent: The process of obtaining users' explicit permission to collect, store, and share their personal data.
• Data Minimization: The principle of collecting and storing only the minimum amount of personal data necessary for a specific purpose.
• Data Anonymization: The process of removing identifiable information from personal data to protect users' privacy.
• Right to be Forgotten: The right to request the deletion of personal data from online platforms and services.
• Data Portability: The ability to transfer personal data from one service to another.
• Personal Data: Any information that can be used to identify an individual, such as name, email address, or IP address.
• Sensitive Data: Personal data that requires special protection, such as health information, financial data, or biometric data.
• Data Breach: The unauthorized disclosure, theft, or loss of personal data.
• Data Protection Officer (DPO): An individual responsible for ensuring an organization's compliance with data protection regulations.
• Privacy Policy: A document outlining an organization's data collection, storage, and sharing practices.
• Cookie Banner: A notification displayed to users when a website uses cookies, requiring them to consent to data collection.
• Opt-in/Opt-out: The choice to explicitly agree (opt-in) or decline (opt-out) to receive marketing communications or share personal data.

Common Misunderstandings

• Misunderstanding: Cookies are only used for tracking online behavior.
• Correction: Cookies can be used for various purposes, including authentication, personalization, and analytics.
• Misunderstanding: The GDPR only applies to EU residents.
• Correction: The GDPR applies to any organization that collects, stores, or shares personal data of EU residents, regardless of their location.
• Misunderstanding: Data anonymization completely protects users' privacy.
• Correction: Data anonymization can reduce the risk of data breaches, but it is not foolproof, and identifiable information can still be linked to individuals.

Quick Application / Identification

Scenario: A social media platform displays a cookie banner with a pre-checked box for users to consent to data collection. Identify the concept being applied.

Answer: Informed Consent. Explanation: The platform is requiring users to explicitly agree to data collection, which is a key principle of informed consent.

Scenario: A user requests the deletion of their personal data from a website, citing the Right to be Forgotten. Identify the concept being applied.

Answer: Right to be Forgotten. Explanation: The user is exercising their right to request the deletion of personal data, as outlined in the GDPR.

Scenario: A company collects and stores sensitive data, such as health information, without explicit user consent. Identify the concept being violated.

Answer: Data Minimization. Explanation: The company is collecting and storing more data than necessary, which is a violation of the data minimization principle.

Last?Minute Revision

• GDPR stands for General Data Protection Regulation.
• CCPA stands for California Consumer Privacy Act.
• Cookies are small text files stored on users' devices to track online behavior.
• Informed consent requires explicit user permission to collect, store, and share personal data.
• Data minimization is the principle of collecting and storing only the minimum amount of personal data necessary.
• The Right to be Forgotten grants users the right to request the deletion of personal data.
• Data portability allows users to transfer personal data from one service to another.
• Personal data includes any information that can be used to identify an individual.
• Sensitive data requires special protection, such as health information or financial data.
• Data breaches occur when personal data is disclosed, stolen, or lost without authorization.
• Data protection officers (DPOs) ensure organizations comply with data protection regulations.
• Privacy policies outline an organization's data collection, storage, and sharing practices.
• Opt-in requires explicit user agreement, while opt-out requires explicit user decline.
• The GDPR applies to any organization that collects, stores, or shares personal data of EU residents.
• Data anonymization can reduce the risk of data breaches, but it is not foolproof.
• The CCPA grants California residents control over their personal data and requires businesses to disclose data collection practices.
• Cookies can be used for various purposes, including authentication, personalization, and analytics.
• Data anonymization is not a substitute for proper data protection measures.
• The GDPR has extraterritorial effect, applying to any organization that collects, stores, or shares personal data of EU residents.