WE SHARE so much of ourselves on social media: On Facebook, Twitter, and Instagram, we post selfies, groupies, and pictures of our pets and what we have eaten. We preen online, as we used to preen in front of the mirror before, this time posting our lives on social media, and waiting for the approval of our followers in our virtual world.

Many of the information we share is peculiar to us: My name and face, at the very least, belong only to me. Yet when I share it online, or when someone asks it of me -- for example, a supermarket promo girl asking for my name and contact number to join a marketing prom -- do I give them the right to use this information without my consent? When I give my name -- or write it down in a mall's logbook in exchange for entrance into the shopping cente -- do I give it away?

Data is the new oil, it is often said, in an ever-shrinking world where computers harvest all information about humans and use that knowledge, not only to predict and influence their behavior but also to judge and classify them based on those predictions.

One example of this is the profiling being done by the Chinese government on the Uighurs, a Muslim minority in China. A German media outlet reported that in one case, a man was detained for "growing a beard" and "having too many children."

We are being tracked, every day, without our knowing it-yet often with our permission. "Please click yes to allow us to collect data to personalize your customer experience" is a marketing euphemism for "we are profiling you." If the app is a shopping app, it means they'll send you marketing offers and promotional materials based on the products you buy on the app.

If it's a fraud detection app, it means they'll be checking your name against a database of terrorists and criminals all over the world. And, yes; if you're a terrorist and have GPS turned on in your smartphone, they'll probably have taken note of your location and will be sharing that with the local police.

Do we have a choice? Can we control how others handle our personal data, once we've shared it with them? Can we actually say no?

Yes, yes, and yes. The Data Privacy Act of 2012 requires those who process information to observe certain rights of data subjects or those from whom the personal information is being collected. When data is collected and/or processed either by government entities or private companies, data subjects -- you and me -- have the right to know who handles it, how, and why.

The Data Privacy Act, enacted in 2012, was meant to promote the unhampered flow of information by protecting personal data and its source, the data subjects. This year, as a raging pandemic forces us to go online more and more, and to give up more of our personal information for the sake of public safety, we need to know more about our rights to the personal data that we are giving up, or are being taken from us.

This column will be an ongoing conversation on data privacy -- on the law, on our rights and obligations-as we experience it in our day-to-day lives. Join me.


Dana Batnag heads the policy and risk management section in the data privacy office of a private company. She may be contacted at yourdataprotectionofficer@protonmail.com.