28 January 2021

Data Protection Day: raising awareness and promoting privacy and data protection best practices

On the 28th of January we celebrate Data Protection Day (also called Privacy Day outside Europe), launched by the Council of Europe on 26 April 2006, to mark the date when the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) was opened for signature. 

While the new technologies enhanced the access and exchange of information, including personal and sensitive personal data, the need of protection to both manage and ensure availability increased. 

The current COVID-19 pandemic has generated even more questions and debates around the topic, following the use of contact-tracing and self-reporting apps, some recording and transmitting personal health information. In his speech delivered at the 'Digital Health 2020 - EU on the Move' Panel, as part of an event organised by the German Presidency of the Council of the European Union in Brussels, Belgium, Wojciech Wiewiórowski, the European Data Protection Supervisor, emphasized the need to improve the accessibility, effectiveness and sustainability of eHealth systems within the EU, in compliance with data protection laws.

First and foremost, we are not protecting data, we are protecting human beings described by this data and we should enable data to work for humankind and not harm people that can be identified by this data. [Wojciech Wiewiórowski, the European Data Protection Supervisor]

In the same framework, the General Data Protection Regulation (GDPR), put into effect on May 25, 2018, addresses privacy and security law, imposing obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. 

Data Protection at GEYC

  • Data Protection is one of the priorities of GEYC, implemented through our Data Protection Procedure. According to the relevant legislation, GEYC ensures the personal data it requires for all the activities is stored securely. 
  • Under the framework of the KA2 project Youth Workers 2.0, GEYC has introduced GEYC-ID, a unique identification number for the Community members, where all their data are stored, which offers increased security and control over their personal information. 
  • During #EDYS20, GEYC brought together Internet Governance stakeholders from across the globe in order to discuss best practices, future trends and identify key issues related to the topic, including data protection. Below you can read some of the speakers' comments.
The internet has grown up and it is important to pause and reflect on what is needed. It is an amazing resource, but multi-stakeholder governance can make it work even better and will help deliver its benefits to more people around the world more: security, responsibility, dialogue and safety. [Jean-Jacques SAHEL, Asia-Pacific Information policy lead at Google] 
Tech can be regulated and human rights are relevant also in the digital world. It is new, it is different, but we cannot let those to be violated. One example is GDPR. We do need more regulations, partnership with companies, government, and civil society, a cross-sectorial partnership rather than opposition. [Christopher WORMAN, Vice President, Alliances and Program Development at TechSoup] 
In the context of the ongoing COVID-19 pandemic, contact tracking apps have been viewed as a sound measure for containing the spread of the virus by identifying the infected individual’s circle. Research was done in SEE+ countries, such as Armenia, Bulgaria, Cyprus, Greece, North Macedonia, Russia, Turkey, Ukraine which have introduced various forms of tracking apps, and few other states are currently deliberating upon such measures. Together with the positive sides, the application has raised many questions in terms of human rights implications, in particular with regard to privacy and data protection. They have been done in a quick way, so we know rather little about them or how they could affect society in the future. How many people will download and use them, and how widely used do they have to be in order to be effective? What data will they collect, and who is it shared with? Are there risks that the information be used in the future for other purposes? Are there policies in place to prevent potential abuse? [Meri BAGHDASARYAN, Human Rights Attorney, LL.M Candidate at University of Pennsylvania Carey Law School] 

Further Resources