Data Privacy Versus Data Security

How is data privacy different from data security?

blog pic
Privacy deals with protecting user identity and data against unauthorized use while security is about keeping it safe from unethical or illegal breaches. The simplest example of unauthorized use is mining user profile or data for business gains without explicit authorization by the user where the user clearly understands what is being done. On the other hand, examples of security breaches are plenty, the most common being hacking attacks.

While privacy inherently includes security as well, the reverse may not always be true. There are many apps that are highly secure against hacking attacks but do not ensure user privacy. Social media apps are the best example here because by definition they are meant to be ‘social’ and not private.

Online users are generally aware of security, but privacy is such a vast concept that it is interpreted in multiple ways by different websites and apps, leading to confusion in the user’s mind. Despite the General Data Protection Regulation (GDPR) by the European Union and ePrivacy initiatives by public and private agencies there, the adoption of privacy is filled with connotations not easy to comprehend.

In the sections below, let’s discuss privacy in more detail and security only in relevance to privacy.

What is privacy by default?

In simple words, privacy by default is keeping user identity, profile and data private without having the user to select any privacy settings or options.

Think of social media apps again. They expose user profile and posts by default (the opposite) unless one chooses the given privacy options. Further, since they mostly depend on advertising revenue, they continue user data mining internally for their advertisers even after the user has opted for privacy. This happens because their definition of privacy is between the end users and not with themselves. On the other hand, a privacy by default app will keep all user data private from other users, internally and from advertisers alike.

What is privacy by design?

Privacy by design is best understood in terms of the features offered by a website or app. In a nutshell, if all the features are so designed that privacy is maintained for the user at all times, it is privacy by design. This is an end-to-end design approach that includes the user inputs, backend server-side code, database storage of user data, cookies used and much more.

Any user data which is personally identifiable must be kept private internally and externally. Ideally, not even the backend teams should be able to identify the user or use their data for any purpose whatsoever.

What is meant by personally identifiable information?

A user’s personally identifiable information is at the core of privacy. Any data which can be used directly or indirectly to identify a person, individually or in combination with other user data, is termed as personally identifiable information.

If a website or app does not capture your name but takes your email id or mobile number, your identity may no longer remain private because the email id or mobile number can be used to determine who you are. Similarly, a lot of other data, such as your car registration, driving license, social security number, home or office address, location or other contact information, is enough to ‘trace’ you in the online world. Such data is typically used in conjunction with your other data in the same or different website or app for data mining purposes.

If you are a regular online user, check out the privacy policy of the websites and apps you use. For reference, see riddlock’s privacy policy here.

Does end-to-end encryption take care of privacy?

The answer is yes and no. Take the example of a chat messaging app. It will keep your messages encrypted between your and the recipient’s device and will decrypt them for display only in the two devices. This is more of a security feature than of privacy. This is because the fact that your mobile number is already captured by the app and resides in its database, your personally identifiable information is there and can be used for, say, advertising. However, if the mobile number is encrypted such that even the app provider cannot read it, then it becomes private. This is assuming no other personal information is being captured, directly through your input or indirectly using cookies and other methods.

How can you ensure both online privacy and security?

For privacy, use websites and apps that offer privacy by default and privacy by design. Go for those that provide total end-to-end privacy of your identity, data and social connects. If they don’t and you still need them, be conscious of your personal data being captured. Typically, paid privacy websites and apps do not use user data for advertising. For those which are free, there is a saying in the corporate world that ‘if you are not the customer, then you are the product’.

For security, avoid any website or app that does not keep user data encrypted at all times. Majority of the user data breaches each year occur on non-encrypted data.


Riddlock Total Privacy

Experience user, data and social privacy by default and by design - Go private.