top of page

Privacy License

What are your Privacy Consumer Rights?

Here is an educational compilation of Privacy rights you can exercise right now. (This is not legal advice and in legal proceedings, please contact a lawyer).

Right to Know

What falls under this right

You have the right to request that businesses disclose what personal information have been collected about you & why, how it is used, processed, retained and shared/sold (and to whom).

Exercising your rights

Read privacy policies and privacy notices from companies you interact with, to stay informed about your personal data. Often found on their websites, typically in the footer section, or provided when you sign up for a service. If the information isn't clear, contact the company directly and ask for clarity about their data practices.

Right to Access, Correct/Rectification & Deletion (Right to be Forgotten)

What falls under this right

 

  • Access - Ask companies to show you all personal data they have on you. The process of filing a request with companies to access personal data and supplementary information is called Data subject access request (DSAR).

  • Right to Data Portability - Further move, copy or transfer personal data from one service to another, in a safe and secure way, without affecting its usability. For example, if you want to change from one social media platform to another, you can take your data (like your posts and friends list) with you.

  • Correct/Rectify - Request businesses to correct, complete & update inaccurate or incomplete your personal data, held by them.

  • Delete - Ask companies to delete your data when it's no longer needed or have no good reason to keep your data.

Exercising your rights - Submitting these Data Subject Requests (DSRs):

Where to look

 

  • Look for company’s privacy center/portal or privacy policy on their website. It will contain email, online forms or designated portals, to file these written requests. Examples - Linkedin Privacy Portal (Privacy Center) or Email embedded in Robinhood's Privacy Policy to request DSRs.

  • Otherwise, email their Customer service & Privacy/Security team (Data Protection Officers or similar authorities)

What you might need: 

 

  • Proof of identity for verification, might be required

  • For correction/rectify - Provide identified incorrect data, alongside correct info. Some online services allow you to update your info directly in your user account settings.

  • For Access/delete - Remember, certain data could be under legal hold/business needs and may not satisfy the deletion standards, let businesses assess & notify you accordingly.

  • For Data portability - Request a copy of your data in a portable & accessible format.

  • Response Time: Businesses are required to respond to consumer requests within specific timeframes (usually within 45 days of receiving a request).

Right to Opt-Out of Data Sale, Object, Consent & Limit Use

What is covered

If you're uncomfortable with how a company is using your data, or if you think they don't really need the data, you can ask businesses to stop using them.  Some examples include -

 

  • Processing for direct marketing or sending you marketing emails.

  • Selling your personal information

  • Processing for purposes of scientific/historical research and statistics

Businesses that sell personal information must provide a clear and conspicuous link on their website titled “Do Not Sell My Personal Information,” allowing consumers to opt-out.

Consent should be collected, before a company can process their personal data & should be informed and specific to the purpose for which the personal data is being collected. You can further request correction, completion, updating, or erasure of your personal data for consenting. You can withdraw consent at any time, and upon such withdrawal, the business must stop processing your personal data within a reasonable time.

Exercising your rights

 

  • When cookie banners pop up on a site, asking for consent, with options like “Accept all cookies”, “Accept essential cookies” or “Reject all cookies” - Feel free to hit “Reject all cookies” if you don't want the website to track you.

  • Where applicable, Opt Out and Withdraw Consent - Including on your phone on how various apps have access to your data & phone settings.

  • Option to Hit unsubscribe in emails, texts or account settings & sign up for do not call list.

  • Contact companies via email (customer service or privacy teams), online forms, or designated privacy portals. Proof of identity for verification might be needed.

Rights in relation to Automated Decision Making and not to be Profiled by Machines

  • What is covered : You have the right to not be judged by automated systems or computer programs, protecting you against the risk that a potentially damaging decision is made without human intervention, in cases which can produce a legal or significant effect like getting a loan or a job.

  • Exercising your right : Contact the company and state that you want to opt-out of decisions made solely by automated processes. You can ask for a human review if you have been affected by an automated decision.

Special Protections for Minors

What is covered :

Parental consent is required for children's data handling.

  • Some laws requires parents or guardians to provide affirmative consent to opt in collection of personal data from a child under the age of 13. For consumers who are minors (under 16 years of age), businesses must obtain opt-in consent to sell their personal information. 

  • While other laws provides protection for Minors and Individuals with Disabilities: Parental or guardian consent is required for processing the data of children under 18 and individuals with disabilities. Additionally, behavioral monitoring or targeted advertising directed at children is prohibited. The Act protects against the processing of personal data that is likely to cause harm or detrimental effects, particularly in the case of children.

Right to non-discrimination

What is covered :

Ensures companies wouldn’t treat you unfairly or discriminate for exercising your privacy rights. This includes denying goods or services, charging different prices, providing a different level or quality of goods or services, or suggesting that the consumer will receive a different price or rate for goods or services.

If a Company doesn't comply

If you haven't received a response within a reasonable timeframe (usually one month), follow up with the company. It's possible your request was overlooked or not properly processed.

Follow up

1

Escalating Non-Compliance: If rights are not respected or companies refuse to comply with your request, you can escalate the issue with the national Data Protection Authority (DPA) or regulatory bodies in your region. The DPA has the power to investigate and enforce compliance.

Contact Data Protection Authorities

3

Contact the company’s privacy officer or file a formal complaint if your request is ignored. 

Internal Complaint

2

In extreme cases, where the DPA's intervention doesn't resolve the issue, you might consider taking legal action. It's advisable to seek legal advice before proceeding with this step.

Legal Action

4

Repurcussions for Companies

Non-compliance can lead to significant financial penalties (up to €20 million or 4% of annual global turnover for GDPR, $2,500 to $7,500 per violation for CCPA, up to 2.5 billion rupees for India's Act).

Fines and Penalties

Non-compliance can harm a company’s reputation and customer trust.

Reputational Damage

Companies may face legal proceedings and increased scrutiny from regulatory bodies.

Legal and Regulatory Actions

Certain privacy regulations can prohibit companies from operating in regions, where non-compliance is achieved.

Lost business

bottom of page