In our everyday lives, the terms “data protection”, “data security” and “privacy” are often used in the same sentence and sometimes even as synonyms for each other. Although these terms often stand for equally desirable concepts, a strict distinction should be made between them.
Here, the concepts of “privacy” and “data protection” in particular are strongly intertwined in terms of content, while “data security” tends to impact both and has significant implications for either of them.
Definitions
In order to be able to discuss the differences and the resulting implications, all three terms must first be defined.
Privacy
Commonly, privacy is described as the ability of an individual or group to shield themselves or information about themselves from others and thereby selectively express themselves. Etymologically, the word derives from the Latin “privatus”, which in turn can be interpreted as “separated from the public” or even “belonging to oneself”. [1]
The term thus provides its own definition at the same time: Privacy refers to the personal space (sphere) that separates ourselves from our environment. It therefore refers to one’s own, most intimate self, in which a person perceives the free development of personality, undisturbed by external influences. [2]
Privacy plays such a central role in today’s (rather individualistic) world that it is a fundamental human right in all modern, liberal democracies. One’s “private life” is also part of the Charter of Fundamental Rights of the European Union [3]
Data Protection
Especially because “Data Protection” is a rather broad and relatively recent term, there are different ways of looking at it depending on time, place and context. In general, however, it can be considered as the protection of personal information or privacy (see above). The term describes the interplay of information gathering, societal norms and expectations, and their legal and political implications. [4, 5, 6]
A right to informational self-determination is also often assigned to data protection. It describes the fundamental authority to decide which information about one’s own person is available to others (and above all to whom!) at what time. The term is closely related to the concept of digital self-determination.
Data Security
Information or data security refers to concepts and measures for the transmission, processing and storage of information of all kinds. In terms of data security, attention is directed to the confidentiality, availability or integrity of the information. [5, 6]
In the use of the term, data security is ambiguous in the sense that the interpretation is on a spectrum between expected content of data or behaviour of systems and functional security, i.e. integrity and tamper-resistance, of information. [5, 6, 7]
What does this mean in practice?
Depending on time, place, context and milieu, both the interpretations and the importance of separating one’s self from everything external change. Today, privacy is a fundamentally contested concept, especially in the digital world, but also in the “analogue” world. [8, 9]
This is exactly where data protection comes in. If we can decide for ourselves who gets what information about us and when, and what can and may be done with it, then data protection describes the basic framework conditions that are needed to be able to preserve privacy. It makes no difference whether this is done through applicable laws or through personal measures. [10]
Data security is a fundamental assumption, without which data protection cannot be ensured and privacy cannot be guaranteed. Only if information can be transmitted, processed and stored securely and with one’s own consent, without unauthorised third parties having access to it or being able to manipulate this data, can one’s own self-determined fulfilment be secured. [10]
In a nutshell, then, it can be summarised as follows: Privacy describes the separation of the most intimate personality from the outside world. Data protection describes concepts and ways to actually keep this information secret from others (or to pass on only certain data to certain actors). Data security lays the foundation for these procedures to function securely and feasibly. [8, 9]
Sources
- The Online Etymology Dictionary (2020): privacy (n.). URL: https://www.etymonline.com/word/privacy
- JuraForum (2022): Schutz der Privatsphäre – Definition, Rechte & im Internet. URL: https://www.juraforum.de/lexikon/schutz-der-privatsphaere
- European Comission (2007): EU Charter of Fundamental Rights. Art. 7. Respect for private and family life. URL: https://fra.europa.eu/en/eu-charter/article/7-respect-private-and-family-life
- Michael, M. and Michael, K. (2023): Uberveillance and the social implications of microchip implants : emerging technologies.
- Siriu, S. (2022): Unterschied zwischen Datenschutz und Datensicherheit. URL: https://www.haufe.de/compliance/management-praxis/datensicherheit/unterschied-zwischen-datenschutz-und-datensicherheit_230130_483954.html
- Datenschutzexperte: Datenschutz vs. Datensicherheit. Accessed 01.02.2023. URL: https://www.datenschutzexperte.de/datenschutz-vs-datensicherheit/
- Eckert, C. (2012): IT-Sicherheit. Konzepte – Verfahren – Protokolle, ISBN 978-3-486-70687-1
- Datenschutz.ORG (2022): Datenschutz im Internet: Privatsphäre als höchstes Gut bewahren. URL: https://www.datenschutz.org/datenschutz-im-internet/
- Bubek, S. (2018): Datenschutz und Privatsphäre – wozu eigentlich?. URL: https://www.giga.de/extra/sicherheit/news/datenschutz-und-privatssphaere-wozu-eigentlich/
- Sandmann, L. (2022): Datenschutz vs. Datensicherheit – der Unterschied. URL: https://www.heise.de/tipps-tricks/Datenschutz-vs-Datensicherheit-der-Unterschied-7158523.html
Jan is co-founder of ViOffice. He is responsible for the technical implementation and maintenance of the software. His interests lie in particular in the areas of security, data protection and encryption.
In addition to his studies in economics, later in applied statistics and his subsequent doctorate, he has years of experience in software development, open source and server administration.