Know your rights. The right to be informed. Empower yourself by knowing what is happening to your data.

Your personal information is valuable, and safeguarding it is crucial. Loss, misuse, or hacking can impact your identity, financial stability, and plans. Thankfully, there are laws and tools to help you prevent mishandling and breaches. We strongly encourage you to use these resources and get control over your data.

Prevention starts with your right to know how your personal data is collected and used.

What it is

The right to information (article 13 – GDPR) empowers you to know what personal data is collected about you, why, who is collecting data, how long it will be stored, with whom they will share the data, and how you can file a complaint if your right is disregarded.

When an organization uses your personal data, they must provide detailed information about:

• Why they need your data and what type they collect.
• How they will use and manage your data.
• The duration for which your data will be kept.
• If they share it with third parties, they must specify who these parties are and the reasons for sharing.
• If your data will be transferred to another country, the purpose, and the recipient.
• If your data will be used for automated decision-making or profiling (analyzing or predicting aspects like your work performance, economic situation, health, personal preferences, and interests).
• Contact details for the organization.
• Information on how and where to file a complaint.

Organizations typically present this information in privacy policies, which you are asked to

agree to. If they want to use your data for a different purpose than what you initially agreed to,such as sharing it for advertising when you have a loyalty card with an online shop, they must inform you, and you have the right torefuse.

Example story

Eliza is gearing up for a hiking adventure in Italy. To make arrangements, she creates accounts on various global and local websites to book accommodation, plane tickets, and unique experiences. The website she uses to rent a bike and equipment for hiking wants to share her details with partner sports shops, which may send her offers and promotions. To do that legally, they have to get her consent first. Post-trip, Eliza takes charge of her privacy. She asks them to delete all the information they have on her (the right to be forgotten), ensuring her data isn't left hanging on websites she no longer uses.

How to discover companies you don't know that have your data.

Many people tend to forget the apps or websites they use just once. Thus, their personal data stays on these online accounts, or is shared with third parties, ending in more places than one could imagine. If you want a quick overview of all the companies holding your data, try out Digital Identity Protection. Find out more here.

If you're uninformed about your data:

If you've read a privacy policy and have questions or concerns, don't hesitate to contact the company. Clearly express your worry about the proper handling of your personal information. Provide details and explain the situation or seek better understanding.

What to Expect:

Expect a response from the organization within a month. If their answer doesn’t satisfy you, consider exercising any of your other rights—withdraw consent, object to processing, or request erasure. Whatever you choose, prioritize safety.

The US. The data collected by most products people use daily is not closely regulated, since no federal privacy laws oversee many companies—unless a specific state has its own privacy law. In many states, companies can use, share, or sell any data they gather about you without informing you. It's important to note that if a company shares your data, even sensitive information like your health or location, with third parties (such as data brokers), they can sell or share it without giving you a heads-up.

Today just three states in the US—California (CCPA and CPRA), Virginia (VCDPA), and Colorado (ColoPA)—have laws that really look out for consumers' privacy. These laws give you some notice and a say in controlling how your data is used. Remember, these rules apply only to people living in these states, no matter where the company is located.

Considering this, it's extra important to take steps to control and manage your data, using digital identity protection tools to keep it safe.

Sources: European Commission, noyb.eu, Data Protection Laws and Regulations USA 2023