The misuse or disclosure of information about private individuals is brought about by privacy or data protection laws.
More than 80 countries and territories from around the world have adopted comprehensive data protection laws.
The European Union specifically holds the General Data Protection Regulation (GDPR) in force since May 25, 2018. Aside from this, there isn’t exactly a central federal level privacy law. Instead, there are several vertically-focused federal and consumer-centered privacy laws from the states.
The 16 common privacy provisions are listed below.
The right of access to personal information collected or shared
The right or the ability of individuals to determine what sort of information about themselves is collected and how that information is or will be used.
The right to rectification
The right or the ability of individuals to request for incorrect or outdated personal information be corrected and not deleted.
The right to deletion
The right or the ability of individuals to request the deletion of personal information under certain conditions.
The right to restriction of processing
The right or the ability of individuals to restrict the ability of a business to process his or her personal information.
The right to data portability
The right or the ability of individuals to request personal information be disclosed in a common file format.
The right to opt-out of the sale of personal information
The right or the ability of individuals to opt-out of the sale of personal information to third parties.
The right against solely automated decision making
A prohibition against a business making decisions about an individual without human input but based upon an automated process.
An individual’s private right of action
The right or the ability of individuals to seek civil damages from a business for violations of a statute.
Strict opt-in for the sale of personal information of an individual less than a certain age
A restriction placed on a business to treat individuals under a certain age with an opt-in default for the sale of their personal information.
Notice of transparency requirements
An obligation imposed on a business to provide notice to individuals in matters related to data practices, privacy operations, and/or privacy programs.
Data breach notification
An obligation imposed on a business to notify individuals and/or enforcement authorities about privacy or security breach.
Mandated risk assessment
An obligation imposed on a business to conduct formal risk assessments of privacy and/or security projects and procedures.
Prohibition on discrimination against a consumer for exercising a right
A prohibition against a business that treats individuals who exercise their consumer rights differently than individuals who do not exercise their rights.
Purpose limitation
A GDPR–style restrictive structure which prohibits collection of personal information except for a specific purpose.
Processing limitation
A GDPR-style restrictive structure which prohibits the processing of personal information except for a specific purpose.
Fiduciary duty
An obligation imposed on a business or controller to act in the best interest of an individual and exercise duties of care, loyalty, and confidentiality.