4 February 2022

Data privacy – what you need to know

data privacy

Protecting your privacy online means being vigilant

For Data Protection Day recently we provided some tips around data security. In this article we consider data privacy. We look at legitimate use. And we consider some things you can do to ensure you only give away as much information as you feel comfortable with.

What’s ok and what’s not ok?

The reality is we’re tracked pretty much every time we go online.

In many instances we’re comfortable with organisations holding information about us and using that information when they communicate or transact with us – paying utilities bills or informing us about changes in services provided. Often, we’re happy to hear about a special offer from a company we’ve previously purchased from. At other times the communications we receive are inappropriate – the product or service is of no interest, or it’s pitched at the wrong age level, gender or not similar in any way with our previous purchase(s) from the company. Often, it’s just the sheer volume of ‘stuff’ we get that puts us off.

“I ordered tickets from that agency for a Shakespeare play. Now I receive emails about other events – horse racing, ice hockey, heavy rock concerts… I’m not interested.”

“I bought one thing in that shop and they asked me if they could email me the receipt. In the last six weeks they have emailed me every day with a special offer of some kind. Stuff I really don’t want.”

“Why do I have to ‘unsubscribe’ from something I never subscribed to in the first place?”

What’s ok and what’s not ok will vary from person to person.

Understanding ‘legitimate use’

In many instances it’s perfectly legitimate for an organisation to hold information about you –typically when you have an ongoing relationship with them. Your phone provider debits you every month, telling you by text or email a few days in advance. Not many people would object to this. Quite possibly when you signed up with them you opted into receiving special offers and other information by text or email. The regularity and nature of that additional contact will influence how you ultimately feel about the company.

Now, take the ‘can I send your receipt by email?’ scenario. You didn’t actively opt into anything and probably thought you would only ever get that receipt. Wrong. Your purchase indicates a ‘legitimate interest’, meaning you have effectively opted into an ongoing relationship – something that will very likely include receiving regular marketing communications.

Then there’s the legitimacy of processing – are they using your data for a legitimate reason? Some things such as contracts are fairly obvious, but is everything? Do they really need all that information to conduct the transaction(s) you’ve initiated?

There are limits. Keeping a customer’s data (and communicating with them) several years after they last bought something isn’t acceptable. Neither is continuing to communicate with them after they unsubscribed or opted out of marketing comms.

Taking more control

When you buy something, access a website or click ‘allow cookies’, consider what you’re allowing that organisation to do with your information.

Is this a one-time contact such as a job application? Will they be deleting the information you provided after this ‘transaction’ is complete? Do you mind if they ‘keep your data on file’?

Cookies are a biggie. Every time you click ‘allow cookies’ you’re effectively opening a digital letterbox inviting blasts of virtual junk mail, or as the sender may say, ‘related product information’. Often, it’s not a concern, sometimes it’s useful, but there are times when the adverts and pop-ups served become first, a distraction, and then, an irritation. The good news is you can easily clear the cookies on your PC and it’s worth doing this from time to time anyway.

Consider the issue of ‘consent’. Look at the small print. When you purchase or sign-up to something, what are you allowing them to do? What information are you allowing them to hold? Are you allowing them to pass your information on? Often when you sign-up for something you’ll be asked if you’d like ‘to hear from carefully selected/affiliated/likeminded organisations’. This means your details will be passed on to a third party. In some cases this won’t matter; the third party offers you may well be interested in. In other instances, you’ll wonder why on earth you’re hearing from them.

Generally, when signing up to something, you’ll be asked to opt-in. This, rightly, puts the onus on you to tick a box and initiate a relationship with that organisation. However, watch-out for pre-ticked boxes on an online form.

Think before you click. What are you agreeing to? Some sites will be explicit about what they’re going to use your data for, others won’t. Check that you’re only providing enough information for them to do what you need or want them to do. Read the privacy notice.

And of course, you have the option (and right) to unsubscribe from any business you no longer want to hear from. Look at their most recent email – there will likely be an ‘unsubscribe’ link. Use it and follow any prompts.


If you want to know what information an organisation holds on you, you have the right to know. Contact the organisation and ask them for it. Tell them why you want it. They are legally obliged to provide it within 30 days. If they don’t respond, or you’re not satisfied with their response, contact the Information Commissioner's Office, giving them as much detail as you can.

Your privacy is important. Every additional step you take – however seemingly small – to tighten the ring of privacy around you, is a step worth taking.

Blog tags
Simon Wooldridge, Content Writer, MHR

Simon Wooldridge

Simon is a content writer at MHR.

Back to previous