Why we need data protection laws

Have you ever used the internet? Do you own a smartphone? Do you wear a fitness tracker? Do you use a GPS app in your car?

You’ve most likely answered ‘yes’ to at least one of these questions and this means you have been sharing personal data. Think about it. How quickly do we scroll through the terms and conditions to create an online account? How often do we input our credit card details trusting that the website we use will protect our personal information? Our motivation is the convenience the online world provides.


Sharing data does bring benefits but it is not without risks. Consider one of the most recent large-scale data breaches that caused major panic where hackers collected personal details of roughly 500 million guests of the Marriott hotel chain.

New strategies to betray a digital user’s trust are invented each day and it’s getting pretty scary.

What is data protection?

Data is becoming more and more valuable.

The skills and opportunities to retrieve different types of personal data are evolving extremely quickly with vast amounts of personal data being shared and transferred around the globe instantaneously. This unauthorised and careless processing of data is making it increasingly difficult for people to maintain control of their personal information and it is causing great harm to persona and to companies.

This is where data protection comes in.

Data protection refers to the practices, safeguards, and rules to protect your personal information and ensure you remain in control of it. Simply put, you should be able to decide whether or not you want to share your information, including who has access to it, for how long, for what reason, and more.

Why do we need data protection laws?

The purpose of personal data protection isn’t just to protect a person’s data, but to protect the fundamental rights and freedoms of the person related to that data.

That’s not to say that protecting personal data is a guarantee to ensure that a person’s rights and freedoms aren’t being violated. For example, incorrect processing of personal data, might bring about a situation where a person is overlooked for a job opportunity or, even worse, loses current job.

Not complying with personal data protection regulations can lead to even harsher situations, where for example, it’s possible to extract money from a person’s bank account or even manipulating health information.

Data protection regulations are necessary to ensure fair and consumer friendly commerce and the provision of services. Personal data shouldn’t be sold freely which gives people greater control over who makes them offers and what kind of offers they make.

If personal data is leaked, it can cause companies significant damage to their reputation and also bring along penalties, which is why it’s important to comply with the personal data protection regulations.

To ensure that personal data is secure, it’s important to know what data is being processed and why. All of this is possible through a thorough data protection audit, which identifies data flow and whether the data protection regulations are being followed. The results give a clear overview of the procedures and possible data leaks, which can then be stopped.

There are two main reasons that governments should pursue comprehensive data protection regulations:

  • Laws need to be updated to address today’s reality. People have been sharing more and more of their personal information online, and in many ways it has become a ‘necessary evil’ if you are going to communicate in this society. Although privacy rules exist in many countries and remain important to help protect people’s information and human rights, they have not been adapted to suit the challenges of today’s connected world.

  • Corporate regulation is not working to protect our data. Companies and other organizations around the world that collect people’s data have long advocated for regulation of privacy and data protection through self- or co-regulation frameworks that offer them greater flexibility. However, despite several attempts, we have yet to see examples of this type of regulation that are positive for users’ rights or, for business as a whole.

Where do we go from here?

Privacy and data protection battles have already begun. Powerful special interest groups from Google to Facebook will be meeting in the U.S Congress this year to respond to the new GDPR (European General Data Privacy Regulation) in an effort to dismiss similar regulations to protect U.S. consumers - including the new California Privacy Law before it takes effect in 2020. It seems that although the promises for greater protection from these groups has been made, the reality is the industry’s goal is to keep the data status quo as is.