Don't let big businesses strip you of your privacy rights! take control of your data Read more.

The new EU data protection law is being attacked by big business, who want your data for corporate surveillance.

Here’s what the law would mean for you, and why you need new data rights. Control your data The new law would help you decide who gets your data, what they can do with it and who they can give it to. You will be able to find out what's happening to your personal information more easily. You'll then be able to object to what's going on, have your personal information erased or get it back from businesses. Read more … All your data Lots of different types of information can be used to identify you or single you out – whether it is your web browsing logs, data from your apps or electronic travel cards. Even if these logs are not associated with your name, they tell a story about you. The Regulation needs to be broad enough to cover all the different sorts of information. Read more … Agree to what happens The Regulation will make sure you are properly informed about the information you are giving away and how it will be used. You will have the opportunity to give “explicit consent” to the use of your information – meaning companies just can't get away with vague or easy to misunderstand tick boxes. Read more … make the law enforceable When people who collect and use your information break privacy rules, there should be meaningful consequences. But at the moment the enforcement of data protection is too weak, meaning organisations don't take it seriously enough. Without the threat of tough financial sanctions (see Article 79), those who use your data will continue to flaunt the rules. Read more … TAKE CONTROL OF YOUR DATA

Don't let big businesses strip you of your privacy rights!

1. Control your data More information: Too often we do not control how our personal information will be used. It is not surprising that the majority of people do not trust those that collect and use their personal data. A Eurobarometer survey found that 70% of Europeans are concerned about companies using information for a purpose different to the one it was collected for. A study by TRUSTe in the UK found that 94% of people worry about their online privacy, and that consumers engage less with companies they do not trust – leading to lower purchases (29%), app downloads (68%) and sharing of information (86%) link. The Regulation would give you a number of rights to help you decide how your data is collected and used. For example, there are provisions to make sure you can find out how your information is being used (see Articles 14 and 15). Article 16 would give you a right to have inaccurate personal data relating to you rectified. The “right to erasure” (see Article 17) would allow you to have personal information deleted if you don't want it stored or used anymore. The “data portability” section (see Article 18) would allow you to get data back from a social network or other organisation – helping you switch to other services, for example. Article 19 offers rights to object to processing of personal information and Article 20 would allow you to find out about, and not be subjected to, profiling. ×

2. All your data More information: There are ways to try to 'anonymise' data sets, so that it seems the subjects of a study or dataset are not identifiable. The term 'pseudonymisation' is a way of describing a broad range of techniques for trying to make data identifiable only when combined with other data. But even if a company 'pseudonymises' information about a specific person (meaning “Mr. Smith's” name is separated from other information about him and this information is then saved in a separate database as record number “ABC123”) the information can still be used to make decisions targeted at Mr. Smith. Furthermore, data that is supposedly 'anonymous' or 'anonymised' can, in fact, be re-identified link. For example, researchers were able to identify people who participated in a large genomic study based on some of the participants’ genomes and other publicly accessible information link. As technology and techniques develop, re-identification from supposedly anonymised or pseudonymized datasets will become easier. A number of amendments to the Regulation would exclude 'pseudonymous' and 'anonymous' data from the law. We think the same standards should apply to all data that can be used to single people out. ×

3. Agree to what happens to your data More information: Consent is one of the six legal bases of processing. It is frequently abused, especially online, where collection is often based on vague or confusing language. Sometimes businesses say it is enough that someone's behaviour – for example signing up to a website – implies that they consent to the use of their data. To address this, the new Regulation would mean that consent must be 'informed, specific and explicit'. That would mean somebody has to make an active choice, ensuring people really know what data processing they are agreeing to. People want more control over how their data is used. For example, participants in a 2010 study by the UK think-tank Demos (“A People's Inquiry into Personal Information”, made a number of demands for more control, for example through greater transparency and more meaningful consent link. Some amendments would weaken what consent means, for instance by removing the word “explicit". ×