What Constitutes Personal Data & Who Wants It

The term “personal data” is not defined in the Data Protection Act 1998 (DPA), but the Information Commissioner’s Office (ICO) says it includes any information that can identify an individual. This can be a name, address, date of birth, telephone number or email address.

The ICO says personal data also includes “sensitive personal data”, which is information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health.

In order for information to be classed as personal data, it does not need to be given directly to the organisation by the individual. It could be collected from other sources, such as social media, or gathered indirectly through cookies on a website.

Organisations must have a “lawful basis” for processing personal data, which includes consent, contract, legal obligation, vital interests and legitimate interests.

If an organisation processes personal data without a lawful basis, or without the individual’s consent, they may be breaking the law.

Organisations must also ensure that personal data is:

– Accurately and carefully collected

– Kept up to date

– Processed in line with the individual’s rights

– Kept for no longer than is necessary

– Processed in a secure way

Individuals have the right to know what personal data is held about them, and to have that data erased or transferred to another organisation. They also have the right to object to their data being used for certain purposes, such as direct marketing.

Who wants your data?

We all know that our personal data is valuable. After all, it can be used to target ads, sell products, and even influence our behavior. But who is actually buying, selling, and bartering our personal data?

Most of the time, it’s businesses. They use our data to better target their ads and sell more products. But sometimes, governments and other organizations buy and sell our data as well.

Here are some of the most common buyers, sellers, and barterers of our personal data:

Advertising companies: Advertising companies are some of the biggest users of our personal data. They use it to target ads to us and sell more products.

Data brokers: Data brokers are companies that buy and sell data. They often get their data from social media companies, who sell it to make money.

Internet service providers: Internet service providers (ISPs) can sell our data to advertisers and other companies. In some countries, they are required to do this by law.

Government agencies: Government agencies can buy and sell our data for law enforcement and other purposes.

Hackers: Hackers can steal our personal data and sell it on the black market.

These are just some of the most common buyers, sellers, and barterers of our personal data. There are many others, including companies that we do business with, like banks and retailers.

It’s important to remember that our personal data is valuable. We should be careful about who we share it with. We should also be aware of who is buying, selling, and bartering our data.