Read the latest from the Web Foundation

News and Blogs

International Data Protection Day: 5 steps governments and companies can take to respect and protect our privacy online

Web Foundation · January 28, 2021

For the web to live up to its full potential as a force for good, our online world must be safe and empowering for everyone. But right now, the web’s benefits come with too many risks — to our health, to our democracy, to our security, and to our privacy. This International Data Privacy and Data Protection Day, we’re calling on governments and companies to take action to build a web where our fundamental online privacy and data rights are respected and protected. 

The Contract for the Web, a global plan that lays out a shared vision for the web we want and provides a roadmap for the policies and actions we need to get there, sets out the steps governments and companies can — and must — take to restore trust in the web and safeguard its future. Principles 3 and 5 of the Contract outline how governments and companies can respect our right to privacy.  

To create a world where everyone can use the web freely, safely, and without fear, governments should:

1. Pass comprehensive data protection laws that hold companies accountable for how they collect and use people’s personal information.

2. Make sure those laws set out clear rights for individuals to control their personal data, including the rights of access, objection, rectification, data portability and redress.

3. Require companies to carry out regular data security and privacy impact assessments, demonstrating they’re handling people’s data in the right way.

4. Enforce the laws they pass, funding independent data protection authorities to hold companies accountable for complying with data protection and privacy laws.

5. Ensure their own practices are privacy-protective. For example, government demands for access to private communications and data should be necessary and proportionate, subject to due process and compliant with international human rights norms.

To build online trust so people are in control of their lives online and empowered with clear and meaningful choices around their data and privacy, companies should:

1. Create control panels where users can manage their data and privacy options in a quick and easily accessible place.

2. Give people the option to “port” their personal data from one service to another, in a machine-readable format.

3. Support research on how user interfaces and design patterns ⁠– like user consent agreements — influence the choices people make about their data.

4. Make it easy for people to report concerns about their data on the service, and actually address the concerns when raised in a timely way.

5. Experiment with other business models (besides targeted advertising) that strengthen data rights, respect privacy, and minimise data collection practices.

The Contract for the Web gives us a roadmap to a web where privacy is protected. Now, it’s up to governments and companies to take action.

By upholding the principles set out in the Contract, governments and companies can help ensure that everyone, everywhere is able to use the web to learn, earn, communicate and collaborate, free from the fear of data breaches and privacy violations.

Learn more about the Contract for the Web and join our fight for a safe and empowering web for everyone.

For more updates, follow us on Twitter at @webfoundation and sign up to receive our newsletter.

To receive a weekly news brief on the most important stories in tech, subscribe to The Web This Week.

Tim Berners-Lee, our co-founder, gave the web to the world for free, but fighting for it comes at a cost. Please support our work to build a safe, empowering web for everyone.

Your comment has been sent successfully.
  1. Jorge

    January 31, 2021

    Oh, it would be beyond sweet if governments around the world start applying this right now. But they barely care about that (most of them)... The web should be safe and private space, but it's not as of now. Which is sad


    Your comment has been sent successfully.