top of page
  • Writer's pictureShafinaz Shaikh

CyberSecurity: The Legal Aspect of the Digital World

‘Online’ is a word we all hear at least once a day. With Covid making irreversible impacts on our lifestyles, we can't escape the screens and the internet even if we wanted to. Amidst all this buzz about online shopping and transactions, we really need to step back and take a look at what sort of things we’ve been getting our hands into.

Humans as a society are on a long and impactful journey towards making life as easy as possible. We’ve all heard statements such as ‘alarm clocks and DVDs are all available on my phone now!’, but what we fail to pay attention to, is that humans are now also very much ‘available on my phone’. What I mean by this is while living our normal lives, we simultaneously live in a digital reality. Humans exist online as a collection of individual pieces of data. This data is also referred to as Personally Identifiable Information, or PII. As the name suggests, PII is data which can be used on its own or with other relevant data, all in order to identify an individual. These pieces of data may include non-sensitive information such as your zip code, gender, race and even sensitive information such as your full name, social security number, driver's license and even your medical records.

It’s natural to think ‘who has this data and what are they doing with it?’. It’s collected and analysed by some business who then share it with other companies. The ‘other companies’ use it in order to interact with their customers in a better and improved way. People might say this is harmless, but that is up for debate. With all our information being shared, any individual's right to privacy is more easily overthrown. Another reason for having less security is that digitally we are now capable of being in multiple places at once, thus increasing our chances of being at risk. These risks are as real off-line threats. Naturally, it’s easy to think ‘I’ll just stay offline’. But is that easy to implement? If you want to live life in the 21st century, I’d say it’s impossible. Another option might also be to just, not care. But will you be okay with knowing that there is someone lurking outside your windows, someone who knows who you are and what you do? I think it’s fair to assume, you won’t be. To put it simply, in today’s age one should be as concerned with their data privacy as they are with their real-life privacy. There’s no knowing when things might go wrong!

Now that we’ve established how important it is to be vigilant regarding data privacy, and how very real the threats are, let’s dive into all the barriers between them and an average internet user. Since PII and other forms of data are enough to cause some irreversible damage to a person, laws have been implemented in order to ensure how organisations and corporations handle your personal data.

The best place to start is the GDPR, or the General Data Protection Regulation as outlined by the European Union. The GDPR is a legal framework that sets out guidelines on how data (or PII) of individuals living in the European Union is collected and used. Since the guideline applies paying little mind to where sites are based, it should be regarded by all websites that draw in European users, regardless of if they explicitly market goods or services to EU residents. The GDPR orders that EU users be given various data disclosures, and that it notifies its users of any data breaches that may occur.

The GDPR also sets out a few consumer rights, such as the right to rectify, the right to be forgotten, and the right to civil actions. In simple words, the right to rectify means if someone wants the information making up their ‘digital self’ to be altered, organisations and businesses have to find that data and correct it so they are complying with the GDPR. The right to be forgotten allows an individual digital identity to be eradicated. In legal jargon, this is also known as the ‘right to erasure’. When personal data is left unprotected or misused, the GDPR gives the consumer the right to sue for damages.

Moving to the other end of the world, the US has laws such as HIPAA (that ensure the privacy of medical data), and state laws like the CCPA (California Consumer Privacy Act of 2018). The CCPA is similar to the GDPR in ways such as giving the consumers added rights regarding their personal data. The CCPA says that consumers have the right to know what personal data is being collected, analysed and shared by corporations. There are various other things listed in the CCPA such as the right to delete personal data and the assurance that customers who exercise their rights under the CCPA must not be penalized (with higher rates or lower service) as compared to those who do not.

To recapitulate, a digital world calls for digital security. As daunting as ‘allowing cookies’ and ‘what are they going to do with my data!’ might sound to some people, there is a sense of security in knowing that consumers don’t have to fight data protection battled themselves. Plenty of countries have implemented plenty of laws in order to ensure digital privacy and cybersecurity. So, to say the least, you can always sue if something goes wrong!

42 views0 comments

Recent Posts

See All


Post: Blog2_Post
bottom of page