1. What is personal data?
  2. What are the types of personal data?
  3. So, what kind of data are companies allowed to use? Why do they want us to sign those agreements so much?
  4. Can I use apps and services without agreeing to anything?
  5. We share plenty of personal data online. Can someone use it legally?
  6. What do I do if my data is leaked?
  7. How can I protect my data from being stolen?

What is personal data?

This term applies to any information related to a specific individual or, in legal terms, a subject of personal data. Your full name, phone number, email, address, photo, and passport data – this is all your personal data. But it’s not that simple: an email or phone number on its own isn’t really personal data if it’s not clear whose they are. It’s a whole other thing, though, if they’re found in a database next to the name of their owner.

What are the types of personal data?

There are four categories of personal data: general, special, biometric, and other. The first category is the simplest – it includes all the basic info like your name, official address, place of employment, phone, and email.

Credit: freeslab /

Credit: freeslab /

What is all this “special data” business?

Special data is different in that it’s usually restricted. It can only be found out from the person themself, or by making an official query to a hospital, the police, or the court. Most often, people aren’t obligated to provide that data to anyone. This category usually includes things like your racial and ethnic identity, political, religious, and philosophical views, as well as health conditions, details of your personal life, and legal history.

What is biometric data? Is it just fingerprints?

It’s more than that. Biometric data encompasses the unique physiological and biological characteristics of a person. This is the kind of information used to determine someone’s identity. It includes photos, fingerprints, and blood type. But not all of this data is biometric by default. It’s only considered such if it’s stored with the purpose of personal identification. For instance, if a company installs a facial recognition system at the entrance to its facilities, the photographs of its employees become biometric data – as it’s now used to identify the staff. Your profile picture on social media, on the other hand, doesn’t fall under the same concept.

Credit: freeslab /

Credit: freeslab /

And what about “other data,” then?

This term encompasses everything that can’t be fit into the other categories. This is, for example, your membership in certain social groups, or corporate data. “Other data” is hard to differentiate from special data. But the main difference is this: special data characterizes you as a person and we often prefer to keep it private. Other data, on the other hand, is just additional information – and can often change, too.

So, what kind of data are companies allowed to use? Why do they want us to sign those agreements so much?

Businesses can only use the data that you’ve made accessible of your own volition. The rest is forbidden. There is no doubt that personal data can be of enormous commercial value. You can use it in personalized advertising, to develop new products, and to pass it on to third parties. That’s why it’s important for companies to gain your consent. Personal data usage agreements allow them to store, process, transfer, and share this data – in other words, to profit from it.

Credit: freeslab /

Credit: freeslab /

Can I use apps and services without agreeing to anything?

In a rare few cases – yes, but most often not. Businesses can’t use your data without consent, but they also can’t provide services without it, either for technical or logical reasons. Therefore, refusing to share your data means being refused services. Even if you were to try and enforce a company to do that, it would be very difficult.

We share plenty of personal data online – our birthdays, photos, geotags, and so on. Are companies legally allowed to use it?

By default – no, they can’t, unless it’s the kind of data that you personally allowed to be used by any party. In Russian law, the relevant amendments were introduced in late 2020. But it’s important to make sure that the data you publish online doesn’t fall under such conditions. And for that, you must read any agreement you decide to sign.

Credit: freeslab /

Credit: freeslab /

What do I do if my data is leaked? Do I delete everything? Change my phone and email?

In some legal systems, you are within your rights to request that all this data is deleted and that anyone who has gained access to it must cease its usage. But in terms of physical security, you’d be wise to change all your most important passwords, especially those associated with your phone number or email. If someone calls you on the phone, you can threaten them with litigation directly – this often helps rid yourself of annoying calls.

How can I protect my data from being stolen? Should I just avoid signing up to anything and delete all my social media?

Full data security can only be achieved by completely restricting your personal data and refusing to share it. Even the existing legal mechanisms aren’t 100% reliable. You can increase your level of security by carefully taking note of every legal notice you agree to, as well as who you make that agreement with; the more reliable and well-known they are, the less likely it is that your data will be shared or leaked. The law can help you restore justice once an infraction has been made – but there is no law that can’t be broken.