On January 28, 2021, World Data Privacy Day celebrated its 40th anniversary. Data privacy day was symbolically created on April 26, 2006, by the Committee of Ministers of the Council of Europe. Unlike many other world days, the date of January 28 was not chosen at random. On January 28, 1981, Convention 108 or the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was opened for signature. The obvious aim of this day is to make all European citizens aware of the importance of protecting their own data.
Convention 108 at the origin of data protection
Convention 108 is unique and has no other international equivalent. It is the first binding international legal text to protect personal data. However, given the rapid expansion and predominance of digital technology in our professional and personal lives, the Council of Europe felt it necessary to modernize it. A few changes and updates later, Convention 108 was renamed “Convention 108+”. Today, it counts 55 States Parties and numerous observer countries. Although Convention 108 has not been as successful as had been hoped, it has at least had the merit of serving as a legal foundation for the international protection of personal and sensitive data.
What’s the difference between personal data and sensitive data?
According to the CNIL (Commission Nationale de l’Informatique et des Libertés), personal data is defined as “any information relating to an identified or identifiable individual”. And because it concerns individuals, they must retain control over it. In concrete terms, a natural person can be identified directly by his or her surname and first name, for example, and indirectly by a telephone number or a license plate number, but also by the cross-referencing of a set of data, such as a member of such and such an association and living at such and such an address. According to the CNIL, sensitive data includes data concerning racial or ethnic origin, or political, philosophical or religious opinions. It also includes data relating to trade union membership, health or sexual orientation. It may also include genetic or biometric data, or data relating to offences or criminal convictions. In all cases, their processing is prohibited in principle!
January 28, more than just a symbolic date
No, World Data Protection Day isn’t just symbolic when you consider the billions of files containing personal information circulating on the Internet, and more particularly on the Dark Net. At the end of February, the general public learned, among other things, of the leak of a medical database containing 2,500,000 French citizens, the purchase of millions of passwords associated with e-mail addresses and other obscure sales. These transactions, handled by criminal organizations, were worth billions of euros. Europol confirms that “last year saw an increase in the volume of compromised databases for sale on the Dark Web, both on general marketplaces and on forums specialized for this specific purpose”. The European agency also points out that “data is a valuable commodity that opens the door to other types of profitable crime”.
From personal data to biometric data
If the sale of personal data has attracted a lot of attention, the sale of biometric data has scandalized many people, such as whistleblower Edward Snowden. Very recently, the latter denounced Worldcoin’s “eyeball catalog”. The Worldcoin project led by two Artificial Intelligence experts, Sam Altman and Alex Blania, aims to create a cryptocurrency accessible to everyone, without a bank account and distributed equally within the framework of very common cryptocurrency donations in the world. sector. And to ensure that the user can reliably prove their identity without revealing everything about their life, the two experts created the Orb: an authentication system using biometric data. In short, the Orb (a sort of metal sphere weighing 2 and a half kilos) photographs the user’s eye and converts it into a digital code allowing us to know whether they are already registered or not. If this is not the case, the user then receives their share of cryptocurrency. How will Worldcoin use iris scans? The start-up’s experts assure that the scans of the first users have been deleted. Note that 130,000 people from several countries have already participated in the test phase. Snowden, for his part, insists via a tweet that the digital codes of the irises remain kept by the company and that this practice seriously endangers the protection of privacy. Let’s be clear: sharing the image of your retina for crypto is simply selling your data.
Whether we make a purchase online, connect to our favorite social network or check our bills or bank account online, our personal data becomes exploitable and vulnerable if we are not fully aware of it. At a time when Gafam are being called to order for their more than questionable practices, at a time of revelations of scandals such as Facebook-Cambridge Analytica, let’s adopt good usage practices which are not limited to installation of anti-spam or a firewall. World Data Protection Day simply reminds us that our personal information, whether sensitive or not, has value. In this sense, it is therefore essential to protect them as if our lives depended on it…
Béatrice Pech-Garcia