Privacy is the right of an individual to control their personal data.

• Data collection should be restricted
• Data owners have responsibility
• Data processes have to ensure privacy and data integrity
• Data should be deleted permanently

USA PATRIOT Act

The Act was established in 2001 after the 9/11 Terrorist Attacks. It gave more powers to law enforcement regarding monitoring electronic communication.

• Wiretapping: Previously you would have to obtain warrants for only one circuit at a time, after proving that it was used by the subject you are monitoring. Now you are able to obtain one warrant for all communications from and to that person.
• ISPs have to provide government with large amount of data if needed

EU General Data Protection Regulation

In 2016 a new comprehensive law regarding protection of personal information was passed.

GDPR (General Data Protection Regulation) went into effect in 2018 and replaces older data protection laws in the EU.

It applies to all organizations that collect data from the EU or process information on behalf of someone who does it. So even companies not based in the EU have to follow this law.

We will see if and how the EU enforces this law.

Key Rules:

• If a serious data breach occurs, organizations have to inform authorities within 24 hours
• Each EU member state has to create a centralized data protection authority
• Individuals have the right to know what and why data of theirs is being processed
• The “right to be forgotten” requires companies to delete your data if it’s no longer needed

Pseudonymization