Data Privacy Day (also known as Privacy Day outside of Europe) is an international day celebrated every year on January 28th. The purpose of Data Privacy Day is to raise awareness about the importance of data privacy and to promote best practices for protecting personal information.

Data Privacy Day was created by the Council of Europe in 2006. The date, January 28th, was chosen to commemorate the anniversary of the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, commonly known as Convention 108. Convention 108 was the first legally binding international treaty on data protection and is considered a landmark document in the development of data privacy law.

Data Privacy Day is celebrated around the world in various ways. Governments, businesses, non-profit organizations, and individuals take part in events and activities to raise awareness about data privacy issues. This may include seminars, workshops, online campaigns, and public outreach initiatives.

Data Privacy Day is an important reminder that everyone has the right to control their personal information. In today's digital age, where our personal information is collected and stored by a vast array of organizations, it is more important than ever to be aware of our data privacy rights and to take steps to protect ourselves.

Key Messages of Data Privacy Day

• Understand your data privacy rights.
• Know how your personal information is being collected and used.
• Make informed choices about how you share your personal information.
• Protect your data from unauthorized access.

Take Action for Data Privacy

There are many things you can do to protect your data privacy. Here are a few tips:

• Read the privacy policies of organizations before you share your personal information with them.
• Be selective about the information you share online.
• Use strong passwords and protect your devices from malware.
• Be cautious about clicking on links or attachments in emails.
• Shred or recycle sensitive documents before discarding them.

By taking action to protect your data privacy, you can help to safeguard your personal information and maintain control over your digital life.

Cloudflare's Perspective

On this Data Privacy Day, Cloudflare reflected on the EU’s General Data Protection Regulation (GDPR) and its impact on protecting personal data. While the GDPR has been a global model for privacy protection, Cloudflare believes that there are some areas where the regulation has been applied in a way that may actually be detrimental to privacy.

Cloudflare believes that the GDPR’s focus on data localization can actually undermine cybersecurity. This is because data localization can limit the ability of organizations to use the most effective cybersecurity measures, which often rely on cross-border data transfers. For example, Cloudflare’s Bot Management product relies on data from around the world to identify and block malicious bots. If IP addresses were always considered personal data under the GDPR, it would make it much more difficult for Cloudflare to use this product to protect people’s data.

Cloudflare also believes that the GDPR’s definition of “personal data” is too broad. Under the GDPR, IP addresses are considered personal data if they can be linked to an individual. However, Cloudflare argues that this is not always the case. For example, many IP addresses are dynamic, meaning that they change with every new connection to the Internet. This makes it very difficult to link a dynamic IP address to an individual.

Cloudflare believes that the EU should adopt a more balanced approach to data privacy that takes into account the need for effective cybersecurity. This would mean clarifying that IP addresses should not be considered personal data when they cannot be linked to an individual. It would also mean exempting personal data that needs to be processed outside the EU for cybersecurity purposes from GDPR restrictions on international data transfers.

Today noyb released a study concluding Data Protection Authority (DPAs) are not effectively enforcing the General Data Protection Regulation (GDPR).