The terms data protection and data privacy are often used interchangeably, but there is an important difference between the two. Data privacy defines who has access to data, while data protection provides tools and policies to actually restrict access to the data. Compliance regulations help ensure that user’s privacy requests are carried out by companies, and companies are responsible to take measures to protect private user data.
Data protection is about protecting any information relating to an identified or identifiable natural (living) person, including names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other information such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered personal data.
The notion of data protection originates from the right to privacy and both are instrumental in preserving and promoting fundamental values and rights; and to exercise other rights and freedoms - such as free speech or the right to assembly.
Data protection has precise aims to ensure the fair processing (collection, use, storage) of personal data by both the public and private sectors.
In the EU, human dignity is recognised as an absolute fundamental right. On that end, privacy or the right to a private life, to be autonomous, in control of information about yourself, to be let alone, plays a pivotal role. Privacy is not only an individual right but also a social value.
Source: EDPS