Hopp til hovedinnhold
Go to front page
Back
Chapter 1 / Part 2 of 3 / Topic 3

How to Protect Your Data and Privacy

Imagine if someone pointed a surveillance camera into your bedroom window or published sensitive information about you in the newspaper. It’s clear that they’ve crossed a line. Privacy has always been important.
However, older laws haven’t kept up with the rapid digital transformation in the last decade. What about your online activity and your smartphone use? Shouldn’t your privacy be respected there as well?
Here, the lines get blurry. But that might be changing. Entities that exploit people’s data, compromising their privacy and security, are now facing more pushback from both lawmakers and individuals.
One key change happened in 2018, when the General Data Protection Regulation (GDPR) was enacted in the EU and EEA.
This law has granted us more robust rights. To protect yourself and your interests online, you can exercise these rights. There are also other steps you can take to stay safe online and hide some of your digital tracks. In this topic, we will go through both the rights you have and some basic techniques for digital self-defence.

Fact

What is privacy?

Everyone has a right to privacy. The Norwegian Constitution, for example, states that: “Everyone has the right to the respect of their privacy and family life, their home and their communication.” In short, this is what privacy means.
This fundamental right ensures that our private life should be respected and protected. When we talk about our “private life”, it includes:
  • Our mental life (bullying, gossip)
  • Our body (personal space or medical examinations)
  • Geographic (camera surveillance, peeping into a window)
  • Communication (breaking into email)
In addition, this includes protection of our personal data. What is considered personal data is very broad. It includes any data that can directly or indirectly identify you as an individual. It could be your name, location, even the way you walk, or how fast you type on a keyboard. All of this is protected under GDPR.
Privacy has a direct impact on a democratic society. Without the protection of our privacy, we simply cannot have a democracy, as lack of privacy can make us susceptible to manipulation. We need a private space where we can think freely, form our own opinions, and educate ourselves.
In the physical world, those with wealth often secure their privacy with large properties, security personnel, and surveillance cameras. This concept of privacy needs to be renegotiated in the digital world.
There are questions to be answered—for example, who should own the data and the infrastructure? How can we prevent too much information, data, and power from ending up in a few hands? These are political issues, and that’s why bodies like the EU have taken a proactive stance in this field.

What rights do I have?

You leave many digital traces that various organisations and businesses can access. A lot of this is considered personal data since it’s linked to you as a specific or identifiable person.
Misusing personal data can be intrusive and unpleasant, and in the worst case, lead to things like blackmail or identity theft. But even smaller breaches are not just possible, they’re quite common. For example, misuse of consent, which must be specific, given actively, and meet several other requirements to be valid.
Sometimes these breaches happen even when there’s no bad intention. For example, the ones asking for consent might not fully understand what valid consent involves.
Businesses that process personal data—collecting, viewing, storing, deleting or doing anything else with it—have several obligations. Among these obligations is precisely to understand the rules of consent and to have a legal basis for the processing (more on this in chapter 3). They can’t do whatever they please.
You, as an individual, on the other hand, have many rights.

Fact

GDPR gives you the right to…

  • Information: You should be informed about the purpose and basis of processing, who receives the data, any automatic processing, transfer of data out of the EU/EEA, and so on.
  • Access: As the person the data is about, you can ask for details on all the above, as well as request to see what personal data the data controller has on you.
  • Rectification: If the data is wrong, incomplete, or you’ve been mixed up with someone else, you can ask for corrections.
  • Deletion: Sometimes, but not always, you have the “right to be forgotten” and can request deletion.
  • Restriction: If you think the data is wrong, the data controller must check it and may have to limit or stop processing it.
  • Data portability: You can ask for certain data to be given to you so you can reuse it or transfer it to another service provider.
  • Objection: You can always object to direct marketing, and given your particular situation, you can in some cases also object to other processing (e.g. in the case of legitimate interest).
Here we are only scratching the surface. What these things mean—from basis of processing to legitimate interest—you will learn more about in chapter 3. You can also use the official website of the European Union to delve into the individual points and find out which specific laws, rules, and rights are connected to each of them.
It’s important to note that privacy isn’t an absolute right. It has to be balanced with other freedoms, like freedom of speech, and values such as life and health. We also have to take into account other rights, like the right to conduct economic and commercial activities.
For example, an insurance company will obviously need their customer’s name and address to sell home insurance. There are other situations where someone’s need to process personal data might outweigh an individual’s right to privacy. There are always exceptions to rules, and judgement calls are necessary.
It is still both legal and fully possible to process personal data, but it must occur within certain parameters, and on a defined basis, where the processing is proportionally weighed against the purpose.

Follow these principles to protect privacy

One can easily feel powerless when it comes to privacy. The fact that there is a risk that you as a private individual can be re-identified even from “anonymised” data is just one example.
Laws like the GDPR are there to help. They ensure data is only collected as necessary for a given purpose and that it isn’t used for anything else. But it’s challenging to make laws that keep up with technological advancements while also not hindering innovation.
Therefore, each of us must take steps to protect ourselves. The following principles can be helpful:
  • Be aware of your own data
  • Choose alternative services
  • Inform yourself broadly and be critical of sources
The most important thing is that you are aware of your personal data and privacy concerns, and act accordingly. Simple actions like installing browser extensions that delete cookies and limit tracking, using a password manager for unique, strong passwords, or using a VPN to partly hide your online activity can go a long way. We’ll delve into this more in the next chapter, on security.
Furthermore, you can avoid sharing more data than necessary with the big platforms by choosing alternative services. You could, for instance, choose other services for email and messaging than those owned by Google or Meta (Facebook). If you choose services with so-called end-to-end encryption, the actual content will not be visible to others, other than yourself and the recipient.
Similarly, you can choose alternative services—preferably so-called “open-source"—for your browser, search engine, and so on. A good rule of thumb is that if you’re paying for the service, it’s less likely that you are the product.
Finally, it’s important to know the difference between human and algorithmically selected information. We increasingly inform ourselves through digital platforms. It’s not just social media that selects content for each user using algorithms. When you search for something, you may get different results than someone else, based on your previous searches. Over time it might mean that your view of the world could start looking very different compared to your neighbour’s.
We don’t have access to the criterias these algorithms use to decide which search results we see on Google, what we’re recommended to watch or listen to on YouTube or Spotify, or what content we see on Instagram and TikTok—other than it being the content the algorithm believes will engage us the most. These digital profiles are then used for targeted advertising.
Therefore, it’s important to inform oneself broadly, seek alternative sources, and take steps like using privacy-oriented search engines and browsers to find the most neutral content possible.