What is privacy?
According to the RAE, privacy is defined as ‘the sphere of private life that one has the right to protect from any interference’.
This concept is becoming increasingly important in the digital age in which we live, where more and more aspects of our lives—professional, academic, leisure, etc.—are taking place online, with the consequent increase in the exposure of personal information and/or data on numerous platforms, websites and applications.
Protecting privacy helps to preserve data relating to individuals, regardless of its nature or type, and also prevents possible identity theft.
It is therefore important to consider privacy as a fundamental right, as this allows individuals to maintain autonomy, control and decision-making power over their personal information. But before analysing this issue, let us resolve a question. What is the difference between intimacy and privacy?
Are privacy and intimacy the same thing?
Although they may seem similar, intimacy and privacy are not the same thing.
The Universal Declaration of Human Rights, in Article 12, states that ‘no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour or reputation. Everyone has the right to the protection of the law against such interference or attacks.’
This document, adopted in 1948 by the UN General Assembly – one of the main bodies of the United Nations – serves to enshrine ‘inalienable rights that every person has as a human being, regardless of race, colour, religion, sex, language, political or other opinion, national or social origin, economic position, birth or any other condition’, as recognised by the organisation itself.
The right to privacy is enshrined in the Spanish Constitution, published in the Official State Gazette on 29 December 1978, Article 18.1 of which states that ‘the right to honour, personal and family privacy and personal image is guaranteed’.
However, the right to privacy ‘is much more recent than the right to intimacy and its emergence is directly caused by the great capacity of Information and Communication Technologies (ICT) to process large amounts of data about an individual and link it to other sources at a great distance to obtain a very detailed profile of that individual,’ as explained by Víctor Salgado in Telos magazine (in Spanish).
Privacy as a right recognised by the UN – Special Rapporteur on the right to privacy
Such is the importance that the UN attaches to privacy that in 2015 the Human Rights Council decided to create, in resolution A/HRC/RES/28/16, the position of Special Rapporteur on the right to privacy.
This is a figure whose mandate is, as the name suggests, to protect and promote the right to privacy. They carry out their duties through various mechanisms, such as reviewing laws on the interception of digital communications and the collection of personal data; determining which actions interfere with privacy without convincing justification; helping administrations to develop best practices; articulating responsibilities in the private sector; and contributing to making state laws compatible with different international human rights obligations.
Privacy as a fundamental right recognised in the EU
In 2000, the Charter of Fundamental Rights of the European Union was proclaimed and became binding in 2009 with the Treaty of Lisbon. This Charter reaffirms rights, freedoms and principles, as well as certain obligations that apply to EU Member States. Among others, Article 7 guarantees the right to privacy and Article 8 the right to the protection of personal data.
Privacy by design, fundamental at Telefónica
Privacy by design refers to the obligation of organisations to establish procedures in the design of products or services that take into account both privacy and security from the outset of any project and that consider business processes and best practices.
This privacy by design, one of Telefónica’s basic and strategic pillars, includes, among other issues, the legitimacy that allows the processing of personal data, the guarantee that this data is secure, that the customer knows what is being done with their information, that only the strictly necessary data is processed, and that the retention period is limited.
It should be remembered that any processing of personal data must respect the key principles of data protection, which are:
- Lawfulness, fairness and transparency, understood as meaning that there must be a basis that legitimises the use.
- Purpose limitation, limited to a specific use and not extending to other purposes.
- Data minimisation, ensuring that data is relevant, adequate and limited to the purpose for which it is to be used.
- Accuracy and updating of personal data.
- Retention period, determining retention periods so as not to exceed the time strictly necessary for the purposes of the processing.
- Integrity and security to protect data against potential risks to confidentiality, integrity and availability.
- Proactive responsibility, demonstrating that data controllers not only comply with these principles, but can also demonstrate such compliance.
