By Dr Jose Tomas Llanos, Research Fellow in PACE (Privacy Aware Cloud Ecosystems) at UCL STEaPP
Data Protection Day (or Data Privacy Day outside Europe) is an international holiday held every year on 28 January. The declared purpose of this holiday is “to give everyone a chance to understand what personal data is collected and processed and why, and what our rights are with respect to this processing.” The date was not randomly chosen: it is the anniversary of the opening for signature, in 1981, of Council of Europe’s Convention 108 for the Protection of individuals with regard to automatic processing of personal data.
Convention 108 introduced the concept of ‘protection of personal data’, as well as important data protection principles that were later enshrined in the Data Protection Directive and included (in a somewhat more elaborate fashion) in the General Data Protection Regulation (GDPR): personal data must be obtained and processed fairly and lawfully (lawfulness and fairness); stored for specified and legitimate purposes and not used in a way incompatible with those purposes (purpose limitation); adequate, relevant and not excessive in relation to the purposes for which they are stored (i.e. data minimisation); accurate and, where necessary, kept up to date (accuracy); and preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored (storage limitation).