Topic 2

Data Privacy Concerns

The European Union (EU)and increasingly other government bodies and organizations across the worldis demanding that services include privacy controls. Municipalities are now requiring that any organization doing businesses in these countries abide with their privacy regulations.

As an example, the EU requires that service providers offer privacy by default, and data protection by design.  Further, they mandate that service providers collect the minimum amount of data needed for any particular service to function.

Moreover, businesses cannot transfer an individual’s data out of the EU unless they have obtained explicit consent and have put adequate safeguards in place to ensure the security of transfer. Plus, the providers must promptly notify citizens in the event of a breach.

Non-compliance carries heavy fines.

Snapshot of  Privacy Laws


Providers must give users the option for consent in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. It must be as easy to withdraw consent as it is to give it.

Data Erasure

The right to be forgotten empowers the user to request their personal data be erased, ceased to be used, and ceased to be shared, to apply to third parties, restricting them from using the data.



Users have the right to obtain confirmation about their personal data from the provider: how it is stored, where, and for what purpose. Upon request, the provider must provide a free electronic format of the users’ personal data.


Request Conditions

Providers can make a case that the data is in the the public interest.

Next Steps

Click each topic link below to continue the course.