Is it even possible to protect personal data today?
Welcome to the "case of Wolt"...
It started as a screenshot of a message, turned into a conflict on social media that seems to be more judgmental, and ended with a serious question that is taken a little lightly - are we aware of who we share personal data with and is it possible to protect against abuse once the exchange has taken place? First of all, this really happened. The delivery company confirmed that there was misuse of the user's personal data and that, due to the breach of contract, the delivery person was given a notice of termination. Therefore, it is not a marketing trick, although the development of the situation has drawn attention both to Wolt and to the rather sensitive issue of personal data protection. The system will react - in the coming days, an extraordinary inspection will be conducted to determine how the abuse occurred and whether it is an isolated case or if there are more.
The Personal Data Protection Act has been in effect since August 22, 2019, but three years later, concerns apparently still exist. To begin with, a few things are crucial to point out here:
Personal data includes name and identification number, location data, identifiers in electronic communication networks, or one or more features of physical, physiological, genetic, mental, economic, cultural, and social identity.
A personal data breach is a breach of personal data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access of personal data that has been transmitted, stored, or otherwise processed.
Personal data must be processed in a way that ensures adequate protection of personal data, including protection against unauthorized or illegal processing, as well as against accidental loss, destruction, or damage by applying appropriate technical, organizational, and personnel measures.
Protecting personal data in the digital environment is an even greater challenge, and special attention should be paid to this segment. The law states that the operator is obliged to ensure, through the constant application of appropriate technical, organizational, and personnel measures, that only those personal data that are necessary for the achievement of each individual purpose of processing are always processed, as well as that, if there is a risk of endangering the rights and freedom of a person, in particular using new technologies, perform an assessment of the impact of the intended processing actions on the protection of personal data before starting the processing.
If we talk about this particular case, on Wolt's site, the terms of business for users are clearly emphasized, just like the Privacy statement, and these documents explain in detail the purposes of data use, as well as the rights of the users themselves.
However, while legal coverage of such issues is crucial, educating the person whose data is being used may be even more important. Do we really know what data we're giving up, to whom, and when? Do we understand how they can be misused and what constitutes misuse of personal data? Are we aware of how to protect ourselves, and if abuse occurs, who can we turn to?
Comments on social networks regarding the "Wolt case" prove that the answer to the previously asked questions is mostly "no." A certain number of women are on the side of the girl whose phone number was used for something that no longer falls under the category of "providing a service." However, it seems that there are many more who are not on her side because they believe she was overreacting, seeking attention, and could have handled it differently. The comments that we should really be pondering concern the future of courtship and male-female relationships.
Unfortunately, this type of data abuse is not isolated - users have discovered similar situations with couriers or craftsmen, but since these are not reputable companies or brands, these cases went unnoticed.
Protecting personal data is a two-way street. While giving consent for its use and processing concerns us, the individuals to whom the data refers, it is up to the handlers and processors not to abuse or use it for undisclosed purposes that violate the agreement. For instance, if we agreed to provide a contact phone number or email address to receive a discount on a product or service, that data should be used solely for those purposes. Therefore, any subsequent contact for another reason would constitute misuse of data.
Of course, there is always room for irregularities, especially on the Internet. If you believe your personal data has been misused and you feel uncomfortable about it, the first step is to contact the operator, followed by the Commissioner for Information of Public Importance and Protection of Personal Data, who has the authority to oversee the law's implementation through inspection supervision. Before taking these steps, it's crucial to educate yourself about your rights.
Personal data is the most valuable asset we own, yet we often treat it casually. Consider this: would you casually share your payment card data as you do with your phone number, email address, or unique national ID number? Until we as a society change how we view personal data, privacy, and the right to choose whom, when, and what to communicate, such situations will persist - often stemming from ignorance masked behind "good intentions."
Opinions about this and every subsequent case will likely remain divided, but the choice of how we react is always ours - whether we are observers or actors.
For Marketing mreža website text written by: Ivana Tomić, Smartpoint Adria Brand Specialist
Photo: Unsplash