It could be argued that data protection and privacy are two interconnected, fundamental rights underpinning sustainable democracy across the European Union (EU).
Data protection relates to protecting any information relating to an identified or identifiable natural (living) person, including their name, date of birth, photograph and video footage, email addresses, telephone numbers, as well as IP addresses and communications content that is related to, or provided by, end-users of communications services.
Article 4(1) GDPR defines “personal data” as any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Article 9(1) GDPR defines “special categories of personal data” as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Privacy, or the right to a private life, relates to one’s right to respect for their private and family life, home and communications – it connotes living an autonomous life in which you are in control of information regarding yourself. Privacy may also be considered to be something more than a fundamental right: a social value.
The right to privacy is enshrined in the Universal Declaration of Human Rights, the European Convention for the Protection of Human Rights and Fundamental Freedoms, the EU Charter of Fundamental Rights, and the Constitution of the Republic of Cyprus (refer to Data Protection & Privacy: Legal Framework).