5.8 Data Sharing and Privacy | Applications Of Computer Science | Computer Science 12

What is Data Privacy?

Data Privacy refers to the proper handling, processing, storage, and use of personal information. It ensures that individuals retain control over how their data is collected, used, and shared with third parties.

Data Security, by contrast, focuses on protecting data from unauthorized access using technical measures such as encryption and firewalls. The two concepts are related but distinct:

Aspect	Data Security	Data Privacy
Focus	Preventing unauthorized access	Controlling how data is used
Tools	Encryption, firewalls, 2FA	Consent forms, policies, anonymization
Governed by	Technical standards	Legal and ethical frameworks

Key Privacy Concepts

Before collecting personal data, organizations must obtain informed consent — the user must be fully aware of:

What data is being collected
The purpose of collection
Who the data will be shared with

Consent must be freely given, specific, and unambiguous.

Data Anonymization

Data Anonymization removes or modifies personally identifiable information (PII) from a dataset so that individuals cannot be identified. For example, replacing a patient's name and ID number with a random code before sharing medical records for research.

Pseudonymization

Pseudonymization replaces private identifiers with fake identifiers (pseudonyms). Unlike full anonymization, the original data can be re-identified using a separate key. It reduces privacy risk while maintaining data utility.

Purpose Limitation

Data should only be collected for specified, explicit, and legitimate purposes and must not be processed in ways incompatible with those purposes. This is a core principle of modern privacy law.

Data Scraping: Automated tools extract personal information from public profiles (e.g., social media) without explicit consent.
Third-Party Cookies: Advertisers track user behavior across multiple websites to build detailed profiles for targeted advertising.
Data Breaches: Unauthorized access to stored personal data due to weak security.
Re-identification Attacks: Combining anonymized datasets with other data to identify individuals.

Privacy Policies and Regulatory Frameworks

The GDPR is a comprehensive EU legal framework governing how personal data of individuals is collected, processed, and shared. Key principles include:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization — collect only what is necessary
Accuracy — keep data up to date
Storage limitation — do not retain data longer than needed
Integrity and confidentiality — protect data using appropriate security

Although an EU regulation, GDPR has influenced data protection laws globally and sets a benchmark for policy decisions.

Pakistan's Personal Data Protection Bill

Pakistan has been developing a Personal Data Protection Bill to regulate how organizations collect and process citizens' data, aligned with international standards.

Real-world data sharing involves conflicts between competing interests. Policy decisions must balance:

Stakeholder	Interest
Individual users	Privacy, control over personal data
Businesses	Data-driven insights, targeted advertising
Government	National security, law enforcement
Researchers	Access to large datasets for public benefit

A government wants to share patient records with researchers to improve disease treatment.

Privacy concern: Patients' sensitive health data could be exposed.
Public benefit: Research could save lives.
Acceptable compromise: Share only anonymized/pseudonymized data; require ethical approval; limit data access to authorized researchers; enforce data minimization.

A social media platform shares user behavioral data with advertisers.

Privacy concern: Users are tracked without meaningful consent.
Business interest: Revenue from targeted ads.
Policy decision: Require opt-in consent for data sharing; provide users with clear privacy controls; limit data retention periods.

Usability vs. Security Trade-offs

Stronger privacy and security measures often reduce usability:

Two-Factor Authentication (2FA): More secure but adds friction to login.
Strict Cookie Policies: Protect privacy but may break website functionality.
Data Minimization: Limits personalization features.
Private Browsing Mode: Prevents local storage of history and cookies, protecting users on shared computers, but does not hide activity from ISPs or websites.

Policy makers must weigh efficiency, cost, privacy, and ethics when recommending cybersecurity measures.

What is Data Privacy?

Data Security, by contrast, focuses on protecting data from unauthorized access using technical measures such as encryption and firewalls. The two concepts are related but distinct:

Aspect	Data Security	Data Privacy
Focus	Preventing unauthorized access	Controlling how data is used
Tools	Encryption, firewalls, 2FA	Consent forms, policies, anonymization
Governed by	Technical standards	Legal and ethical frameworks

Key Privacy Concepts

Before collecting personal data, organizations must obtain informed consent — the user must be fully aware of:

What data is being collected
The purpose of collection
Who the data will be shared with

Consent must be freely given, specific, and unambiguous.

Data Anonymization

Pseudonymization

Purpose Limitation

Data should only be collected for specified, explicit, and legitimate purposes and must not be processed in ways incompatible with those purposes. This is a core principle of modern privacy law.

Data Scraping: Automated tools extract personal information from public profiles (e.g., social media) without explicit consent.
Third-Party Cookies: Advertisers track user behavior across multiple websites to build detailed profiles for targeted advertising.
Data Breaches: Unauthorized access to stored personal data due to weak security.
Re-identification Attacks: Combining anonymized datasets with other data to identify individuals.

Privacy Policies and Regulatory Frameworks

The GDPR is a comprehensive EU legal framework governing how personal data of individuals is collected, processed, and shared. Key principles include:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization — collect only what is necessary
Accuracy — keep data up to date
Storage limitation — do not retain data longer than needed
Integrity and confidentiality — protect data using appropriate security

Although an EU regulation, GDPR has influenced data protection laws globally and sets a benchmark for policy decisions.

Pakistan's Personal Data Protection Bill

Pakistan has been developing a Personal Data Protection Bill to regulate how organizations collect and process citizens' data, aligned with international standards.

Real-world data sharing involves conflicts between competing interests. Policy decisions must balance:

Stakeholder	Interest
Individual users	Privacy, control over personal data
Businesses	Data-driven insights, targeted advertising
Government	National security, law enforcement
Researchers	Access to large datasets for public benefit

A government wants to share patient records with researchers to improve disease treatment.

Privacy concern: Patients' sensitive health data could be exposed.
Public benefit: Research could save lives.
Acceptable compromise: Share only anonymized/pseudonymized data; require ethical approval; limit data access to authorized researchers; enforce data minimization.

A social media platform shares user behavioral data with advertisers.

Privacy concern: Users are tracked without meaningful consent.
Business interest: Revenue from targeted ads.
Policy decision: Require opt-in consent for data sharing; provide users with clear privacy controls; limit data retention periods.

Usability vs. Security Trade-offs

Stronger privacy and security measures often reduce usability:

Two-Factor Authentication (2FA): More secure but adds friction to login.
Strict Cookie Policies: Protect privacy but may break website functionality.
Data Minimization: Limits personalization features.
Private Browsing Mode: Prevents local storage of history and cookies, protecting users on shared computers, but does not hide activity from ISPs or websites.

Policy makers must weigh efficiency, cost, privacy, and ethics when recommending cybersecurity measures.