Today, all European data protection authorities mark Data Protection Day, a day which has now been highlighted in our annual privacy calendar for the past four years.

This particular day recalls the signature date of the European Convention for the Protection of Individuals with regards to the Automatic Processing of Personal Data, way back in 1981. The Convention was the first legally binding international instrument in the field of data protection.

Each person's reasonable expectation to privacy is a core concept deriving from the European Union's Privacy Directive which is also this office's guiding principle.

The initiative of the Data Protection Day was spearheaded by the Council of Europe, with the full support of the European Commission, and called on European data protection authorities to raise awareness on data protection by informing citizens on their privacy rights and make them aware about the value of their personal data.

The uphill task is to get the message across and make citizens, particularly from a young age, aware of the inherent risks that one may be exposed to when providing personal information on the net.

The ever-increasing online social networking has blurred the boundaries of what can be considered private. We are living in an unprecedented era where it has become customary to routinely share personal information online. For instance, the most renowned social networking site Facebook claims to have hit more than 350 million users worldwide. A segment of these users are certainly young people who have little or no knowledge about the potential risks and vulnerabilities they may be susceptible to. It is very likely that only a fraction of all users have ever read the terms and conditions to which they sign agreement with.

There have been countless incidents around the globe, primarily caused by third party access to freely available personal information, which have led to identity thefts, fraud, rejection of job applications and dismissal of employees from the workplace. But then, one can justifiably ask: How can your office safeguard the privacy rights of social networking sites' users in case of infringement? This is no straightforward task. Legal and technical considerations have to be factored in the evaluation of the case.

In the first instance, this office has no jurisdiction over a social networking site operator based outside the perimeters of our shores; such as the giant social networking site Facebook, which operations are located in the United States. In the local sphere, an individual who suffers an alleged violation of privacy rights caused by the posting of personal information (including a photograph) by another user has to resort to the channels provided by the site's operator to report the person who posted the information. Action will be taken accordingly by the operator.

However, the domestic legislation applies in case where the user extends the activities beyond the scope of purely personal or household activities. This may be the case where an individual uses the social networking platform to advance political, commercial or charitable goals.

The changes in the privacy settings, introduced by Facebook a couple of weeks ago, have attracted international criticism. Critics have claimed that the changes nudged users towards sharing updates with the wider web and made them traceable via search engines.

Readers are strongly urged to read carefully the privacy policy statements to reach an informed consent when accepting terms and conditions. Users are also urged to do away with public profiles since these may be accessed by everyone. Personal data is better protected within the precincts of a closed user group.

The digital age has revolutionised the way personal data is processed. More stringent technical and organisational security measures need to be implemented for the prevention of unlawful forms of access and use of the data.

Everyone has to be proactive in the drive to maximise identity security since a breach of privacy may result in permanent damages that cannot be financially compensated.

Mr Deguara is the head of the technical unit in the Office of the Data Protection Commissioner. This is the first in a series of articles focusing on issues related to the role of technology in data protection.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.