Data privacy day

<p>On 28 January 1981, in Strasbourg, a group of delegates from the Council of Europe put their signatures to a document with the unglamorous title Convention 108 — formally, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Computers were still room-sized curiosities to most people, the internet did not exist in any public form, and yet a handful of jurists had grasped something that would take the rest of the world another thirty years to feel in their bones: that the act of feeding a person’s details into a machine changes what those details are. Data Privacy Day, observed every 28 January, takes that signing as its anchor. It is a day about the quiet question of who holds your information, what they do with it, and whether you have any say in the matter.</p>
<h2 id="where-the-day-comes-from">Where the day comes from</h2><div class="ad-unit ad-in-article" aria-label="Advertisement">
<span class="ad-label">Advertisement</span>
<ins class="adsbygoogle" style="display:block;text-align:center"
data-ad-client="ca-pub-3726833845844946"
data-ad-slot="3291553914"
data-ad-format="auto"
data-full-width-responsive="true"></ins>
<script>(adsbygoogle = window.adsbygoogle || []).push({});</script>
</div>
<p>The observance was not invented by a marketing department. On 26 April 2006, the Committee of Ministers of the Council of Europe decided to launch a Data Protection Day, to be held each year on 28 January, the date Convention 108 had been opened for signature in 1981. The choice was deliberate. Rather than picking an empty slot on the calendar, the organisers tied the day to the first legally binding international treaty on data protection, giving the commemoration a genuine historical event to commemorate rather than a vague theme.</p>
<p>In Europe it remains “Data Protection Day”. When the observance crossed the Atlantic, North American organisations adopted the slightly snappier “Data Privacy Day”, and bodies such as the National Cyber Security Alliance took up the cause of running awareness campaigns around it. The two names point at the same 28 January, and the slight difference in wording is itself revealing: “protection” frames the matter as a duty owed to citizens, while “privacy” frames it as a right belonging to individuals. Both readings are true, and the day lives in the tension between them.</p>
<h2 id="a-history-written-in-treaties">A history written in treaties</h2>
<p>The story of data privacy is, unusually, a story told largely through legal instruments rather than battles or inventions. Convention 108 set out principles that now sound almost obvious — that personal data should be obtained fairly, stored for specified purposes, kept accurate, and not held longer than necessary — but in 1981 these were quietly radical commitments. The treaty was the first of its kind to bind nations rather than merely advise them.</p>
<p>The principles did not stand still. In 1995 the European Union adopted its Data Protection Directive, translating much of that early thinking into law across member states. The Directive in turn was superseded in 2018 by the General Data Protection Regulation, the GDPR, which gave individuals concrete rights — to see the data held about them, to correct it, to have it erased — and gave regulators the power to levy fines large enough to alter the behaviour of even the largest technology firms. Convention 108 itself was modernised, with an updated text known as Convention 108+ opened for signature in 2018 to address realities its drafters could only have guessed at: profiling, biometric identifiers, automated decision-making.</p>
<p>Across the Atlantic the picture was patchier. The United States built its protections sector by sector — medical records under one law, children’s online data under another — rather than through a single sweeping statute. California broke from that pattern with the California Consumer Privacy Act, which took effect in 2020 and gave residents rights closer to the European model. The result is a world in which your data may be treated very differently depending on which side of a border the server sits, a quiet fact with enormous consequences.</p>
<h2 id="why-it-matters">Why it matters</h2><div class="ad-unit ad-in-article" aria-label="Advertisement">
<span class="ad-label">Advertisement</span>
<ins class="adsbygoogle" style="display:block;text-align:center"
data-ad-client="ca-pub-3726833845844946"
data-ad-slot="3291553914"
data-ad-format="auto"
data-full-width-responsive="true"></ins>
<script>(adsbygoogle = window.adsbygoogle || []).push({});</script>
</div>
<p>The argument for taking this seriously is not abstract. Every smartphone is a sensor that knows where its owner sleeps, who they call, and which shops they linger in. Loyalty cards record what a household eats; fitness trackers record when a heart beats faster. Individually these are trivia. Aggregated and cross-referenced, they amount to a portrait more detailed than most people could paint of themselves, assembled by parties the subject has never met and cannot name.</p>
<p>The danger is not only theft, though breaches that expose millions of records have become grimly routine. The subtler danger is inference — the way a pattern of purchases can reveal a pregnancy, a medical condition, or a political leaning that the person never disclosed. Data Privacy Day exists to keep that asymmetry of knowledge in public view. When a single day each year is set aside to ask the question, it becomes harder for the collection of personal information to remain the invisible default that it would otherwise be.</p>
<h2 id="how-it-is-marked">How it is marked</h2>
<p>This is an observance of seminars rather than street parties. Companies use the date to run training sessions for staff and to publish their privacy policies in plainer language. Universities host lectures on digital rights; schools fold lessons on digital citizenship into the week, teaching teenagers how to read an app’s permission requests before tapping “accept”. Regulators frequently time announcements to coincide with it — a new guidance document, a public consultation, a reminder of rights that already exist but go unused.</p>
<p>Advocacy groups publish checklists and toolkits, and security researchers take the opportunity to demonstrate, often theatrically, just how much can be deduced from data people give away freely. The collaborative, cross-border character of these efforts mirrors the subject itself: data flows do not respect frontiers, and neither, increasingly, do the campaigns meant to govern them.</p>
<p>The practical advice the day generates tends to be modest and repeatable: use a different password for every account, switch on a second factor of authentication, review which apps have been granted access to a phone’s location, contacts and microphone, and think twice before agreeing to terms no one reads. None of it is dramatic, and that is rather the point. The protection of personal data is less a single heroic act than a set of small habits, and a fixed day each year is a serviceable prompt to form them.</p>
<h2 id="variations-across-borders">Variations across borders</h2>
<p>The same date carries different weight depending on where it falls. In the European Union, where the GDPR gives the day legal teeth, 28 January often features statements from data protection authorities and supervisory bodies. In countries still drafting their first comprehensive privacy laws, the day functions more as an advocacy lever, used by campaigners to press for stronger legislation. By a quiet coincidence of the calendar, it shares 28 January with <a href="/specialdate/india-national-voters-day/">India’s National Voters’ Day</a>, and the pairing is apt: both observances concern the relationship between the individual and the large systems that record and act upon them, whether ballots or browsing histories.</p>
<p>The day’s awareness-raising purpose places it alongside other observances built on the same logic — that a fixed date in the calendar can force a difficult subject into the open. In that respect it has more in common with something like <a href="/specialdate/world-suicide-prevention-day/">World Suicide Prevention Day</a> than with a festival, sharing the conviction that visibility itself is a form of protection and that silence around a problem is rarely neutral.</p>
<h2 id="symbols-and-traditions">Symbols and traditions</h2>
<p>Because the day has no ancient ritual behind it, its visual language is improvised and largely digital: padlocks, keys, shields and the recurring slogan of “owning your privacy”. The padlock in particular has become shorthand for control, an icon borrowed from browser address bars and pressed into service on posters. The underlying message of much campaign material is that the individual should think of themselves not as a passive subject of data collection but as an active custodian of their own information — a guardian rather than a product.</p>
<h2 id="fun-facts">Fun facts</h2>
<ul>
<li>Convention 108 remains, more than four decades on, the only legally binding international treaty on data protection open to states outside Europe, and countries from Latin America to Africa have acceded to it.</li>
<li>The word “privacy” has no exact equivalent in some languages; German, for instance, leans on terms closer to “informational self-determination”, a phrase coined by its Federal Constitutional Court in a landmark 1983 ruling against a national census.</li>
<li>When the GDPR took effect in 2018, the largest possible fine was set at four per cent of a company’s <em>global</em> annual turnover — a figure deliberately scaled so that even the richest firms would feel it.</li>
<li>Many of the principles celebrated on this day predate computers entirely: the idea of a “right to be let alone” was argued in a famous 1890 Harvard Law Review article by Samuel Warren and Louis Brandeis, prompted partly by the new menace of the portable camera.</li>
</ul>
<h2 id="a-closing-reflection">A closing reflection</h2>
<p>There is an irony at the heart of Data Privacy Day that its founders could not have foreseen. The treaty it commemorates was written to protect people from being reduced to entries in a database, yet the systems that now hold us have grown so vast and so useful that few would willingly switch them off. The question the day really poses is not whether to participate in a data-saturated world — that choice is largely behind us — but on what terms. A signature in Strasbourg in 1981 insisted that those terms should be negotiable, that a person retains some claim over the information they shed simply by living. Each 28 January is a chance to test whether that claim still holds, or whether it has quietly lapsed while no one was reading the permissions.</p>
Advertisement
Related Content
Advertisement




