What Is Personal Data And Where Is it Stored?

Bybomber bot

In today‘s digital age, vast amounts of information are collected about us as we browse the web, use online services, and go about our daily lives. Much of this data can be used to identify us as individuals and reveal intimate details about our lives. This is what‘s known as "personal data".

As more and more of our activities have moved online and companies increasingly rely on big data, protecting our personal information has become a critical issue. In this article, we‘ll take an in-depth look at what exactly qualifies as personal data, where it‘s stored, the risks involved, and steps we can take to safeguard our digital privacy.

Defining Personal Data

At its core, personal data is any information that can be used to directly or indirectly identify a specific individual. This covers a wide range of data points, including:

  • Names and aliases
  • Home address
  • Email address
  • Phone number
  • Identification numbers (e.g. SSN, driver‘s license, passport)
  • Banking and financial information
  • Medical records
  • Biometric data (e.g. fingerprints, facial recognition, DNA)
  • Photos and videos
  • IP addresses and device IDs
  • Location data
  • Behavioral data (e.g. web browsing history, app usage)

Even data that doesn‘t explicitly name you can still be personal data if it can be combined with other information to pinpoint your identity. For example, your date of birth, gender, and ZIP code could be enough to identify you when aggregated together.

Personal data also encompasses the growing category of sensitive data – information that reveals intimate details and could enable discrimination if misused. This includes data about your:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data (if used for identification purposes)
  • Health data
  • Sex life or sexual orientation

Given the potential for harm if sensitive data falls into the wrong hands, it‘s afforded extra protections under laws like the EU‘s General Data Protection Regulation (GDPR).

How Personal Data Is Collected

Virtually every time you interact with a digital service, you‘re disclosing some amount of personal data. Sometimes you volunteer it directly, like when you fill out an online form with your name and email address. Other times it happens behind the scenes as the services you use track your behaviors and collect data from your devices.

Some of the main ways companies and other entities gather personal data include:

  • Web tracking technologies (e.g. cookies, tracking pixels)
  • Logging IP addresses of visitors
  • Account registration and profile information
  • Mailing list and newsletter signups
  • Ecommerce transaction data
  • Loyalty programs and customer surveys
  • Mobile apps collecting device and usage data
  • Social media activity (e.g. likes, comments, photos/videos)
  • Publicly available data scraped from websites and online profiles
  • Data acquired from third-party data brokers
  • Security cameras utilizing facial recognition
  • IoT devices and wearables gathering behavioral data
  • Information provided to government agencies (e.g. census data, voter rolls)

The list goes on and on. In our modern world, virtually every action we take can be tracked, quantified, and added to our digital profiles to build an incredibly revealing picture of our lives.

Where Personal Data Ends Up

So where does all of this personal data actually live? The short answer is that it resides in a complex web of databases and servers scattered around the globe. Let‘s look at some of the main places our information ends up.

Databases of Collectors

When a company or other organization collects personal data, they generally store it in databases and servers that they own and operate. For a major corporation like Google or Facebook, this data is housed in massive data centers that they‘ve built around the world.

Smaller organizations may store personal data on servers located on-premise or lease server space from a cloud provider like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform.

Cloud storage has made it easier than ever for companies of all sizes to collect and hoard vast amounts of personal data. With the rise of big data and machine learning, there‘s an insatiable hunger for data that can be used to train AI models and power all sorts of data-driven applications.

Government Databases

Of course, it‘s not just private companies collecting our personal data. Governments are another major harvester and keeper of citizen data.

Think of all the information you share with government agencies – tax returns, census data, voter registrations, driver‘s licenses, passports, social security numbers, birth certificates, marriage licenses, property records, criminal records, the list goes on.

Governments store all of this data in sprawling databases that many different agencies can access. In the US, this includes systems like the Department of Motor Vehicles (DMV) databases, the FBI‘s National Crime Information Center (NCIC), and the NSA‘s surveillance databases.

The amount of personal data governments possess is staggering. And in countries without strong privacy protections, this data can be ripe for abuse – enabling surveillance, political manipulation, and human rights violations.

Data Brokers

Another major category of personal data storehouses are data brokers. These are companies that specialize in collecting, aggregating, analyzing, and selling databases full of personal data.

Data brokers scour both online and offline sources to build incredibly detailed profiles of individuals. This data comes from public records, web tracking, consumer surveys, purchase histories, loyalty cards, and hundreds of other sources.

The dossiers data brokers compile can include incredibly revealing information like your income level, marital status, number of children, credit score, medical conditions, political leanings, and religious affiliations.

All of this data is stored on the brokers‘ servers and clouds. It‘s then packaged up and sold to other businesses, advertisers, political campaigns, and in some cases, government agencies.

It‘s a massive and largely unregulated industry that traffics in the intimate personal details of millions of people. Acxiom, one of the largest brokers, is estimated to have data on 700 million consumers worldwide.

Blockchain and Distributed Storage

With the rise of blockchain technology, we‘re starting to see a new paradigm for storing personal data emerge. Blockchain-based identity solutions aim to give individuals more control over their personal data.

The basic idea is to store personal data in a decentralized way, spread out across distributed networks and encrypted so that only the individual has control over their data. This is a radical shift from centralized databases where a single entity controls the data.

Blockchain identity solutions are still in their infancy, but startups like Civic, uPort, and Sovrin are working to build decentralized identity platforms that could transform how personal data is handled in the future. The promise is to give people true data sovereignty and make personal data breaches a thing of the past.

Risks of the Personal Data Economy

While the mass collection of personal data powers all sorts of innovative technologies and personalized services, it also comes with serious risks and downsides. Here are some of the major dangers of all of this data ending up in so many places:

Data Breaches and Identity Theft

When organizations store massive troves of personal data, it makes them an irresistible target for hackers and criminals. In recent years, we‘ve seen breach after breach exposing the sensitive data of millions.

Some of the most infamous breaches include:

  • Yahoo breach impacting 3 billion accounts
  • Equifax breach exposing data of 147 million people
  • Marriott breach affecting 500 million guests
  • Uber breach involving data of 57 million users and drivers
  • Facebook breach hitting 530 million users

When this data leaks, it often ends up for sale on dark web marketplaces, enabling identity theft, account takeovers, and all sorts of fraud. According to Javelin Research, identity fraud losses hit $56 billion in 2020.

Surveillance and Tracking

Another risk of the mass warehousing of personal data is the potential for surveillance and tracking. When companies and governments have access to such revealing data about our lives, the opportunities for monitoring our activities and behaviors are endless.

We‘ve already seen many examples of how this data is used to track us, both online and off. The Cambridge Analytica scandal revealed how Facebook data was harvested to build psychological profiles of voters and target them with manipulative political ads.

Documents leaked by Edward Snowden showed the extent of NSA surveillance programs that tapped into the data streams of major tech companies to spy on citizens. And a 2019 investigation found that the US government was buying location data mined from mobile apps to track immigrants.

The ease of access to such granular personal data is a powerful tool in the hands of corporations and governments to watch the populace. And oftentimes, this surveillance occurs with little transparency or accountability.

Algorithmic Bias and Discrimination

As algorithms fueled by big data are used to make more and more decisions – in areas like hiring, lending, insurance, and criminal justice – there are mounting concerns about bias and discrimination.

Many of the data sets used to train AI models often reflect the deep inequities in our society. Historic data can embed patterns of discrimination into algorithms that are then scaled across populations.

For example, algorithms used to predict recidivism rates in the criminal justice system have been found to exhibit racial bias, flagging black defendants as higher risk. Hiring algorithms that analyze resumes, job history, and personality tests can reinforce gender biases in male-dominated fields.

As long as skewed data is being fed into these systems, they risk automating and perpetuating discrimination at a massive scale. Addressing algorithmic harms requires examining the personal data going into these models.

Protecting Personal Data

So what can be done to mitigate the risks and harms associated with the mass collection of personal data? Tackling these challenges will require action on multiple fronts.

Stronger Data Protection Laws

One key piece of the puzzle is passing and enforcing stronger data protection regulations. Laws like the GDPR in Europe and the CCPA in California are putting more limits on what personal data companies can collect and how they can use it.

The GDPR, for instance, requires companies to get explicit consent before collecting personal data, allows individuals to request copies of their data, and imposes hefty fines for violations. We need to see more legislation like this to give individuals real rights over their personal information.

Improved Cybersecurity

To prevent data breaches, organizations need to make major investments in cybersecurity. This means regularly auditing systems for vulnerabilities, encrypting sensitive data, limiting employee access, and having clear security protocols.

Governments also have a role to play in setting minimum security standards, especially for critical industries that are frequent targets of hackers. The 2021 Colonial Pipeline ransomware attack that led to gas shortages across the US Southeast highlighted the need for stronger cybersecurity regulations.

Privacy-Enhancing Technologies

Individuals can take advantage of various privacy-enhancing technologies to protect their personal data. End-to-end encryption in messaging apps like Signal can prevent snooping on sensitive communications.

Virtual private networks (VPNs) can help mask IP addresses and web browsing activities from internet service providers and other intermediaries. Privacy-focused operating systems like Tails can leave less of a data trail on personal devices.

While not a complete solution, these tools can help shrink one‘s personal data footprint and make mass surveillance more difficult and costly.

Data Literacy and Digital Hygiene

Finally, as individuals, we need to practice good digital hygiene and be more mindful of the data we share. This means doing things like:

  • Using strong, unique passwords
  • Being wary of phishing attempts
  • Avoiding oversharing sensitive info on social media
  • Reading privacy policies before agreeing to them
  • Turning off app location tracking
  • Clearing browser cookies regularly

When enough people start incorporating these little acts of resistance into daily life, it can hinder the data collection efforts of the Googles and Facebooks of the world. Building greater data literacy can empower more people to take their privacy into their own hands.

The Future of Personal Data

The debate over personal data and privacy is one of the defining issues of our time. The digital breadcrumbs we leave behind as we navigate the online world are incredibly valuable to all sorts of entities.

On one side are the tech giants, data brokers, advertisers, and government agencies that see personal data as a goldmine to be collected and exploited. On the other are privacy advocates fighting for the right of individuals to control their information and go about their lives without being constantly surveilled and analyzed.

How we navigate this issue in the coming years will shape the future of the internet, the digital economy, and our democracies. Will we live in a world of ever more expansive data collection and surveillance? Or can we create a world with real personal data sovereignty, where privacy isn‘t just an afterthought?

These are complex challenges without easy answers. But what‘s clear is that we can‘t continue down the path of unbridled mass data collection without guardrails. As the data deluge accelerates, we need a new paradigm for how companies, governments, and individuals approach personal data.

The stakes couldn‘t be higher. Our digital footprints reveal so much about the most intimate parts of our lives. It‘s time we had an honest public reckoning about where all of that data is going and how it can be used against us. The future of privacy starts with shining a light on the hidden flows of personal data.

Similar Posts

How to Stop Email Tracking in Gmail – Disable Images by Default

Bybomber bot

Email tracking is one of those things most people have experienced, even if they didn‘t realize it was happening. You know those marketing emails that seem to know exactly when you opened them and whether you clicked through? That‘s email tracking in action. As a full-stack developer who has worked on email marketing campaigns, I‘ve…

I‘ll never bring my phone on an international flight again. Neither should you.

Bybomber bot

As a software developer, my phone and laptop are the tools of my trade. They contain sensitive data, proprietary code, and access to critical infrastructure. So when I was recently detained at the border and forced to unlock my phone, I felt not only violated but fearful for my company‘s security. It was a wake-up…

White Pages Removal – Remove Your Information from Spokeo Search, MyLife, People Finder

Bybomber bot

In today‘s digital age, protecting your personal information and privacy online is more important than ever. You may be surprised to learn that there is a massive industry of "data brokers" – companies that collect, aggregate, analyze and sell the personal data of millions of people. Data brokers scrape together information from public records, social…

What Is Digital Privacy? A Beginner‘s Guide to Protecting Your Personal Information Online

Bybomber bot

In the digital age, our lives are increasingly lived online. We work, learn, shop, bank, and socialize on the internet, leaving a vast trail of personal data in our wake. According to a report by cybersecurity company Surfshark, the average US internet user has their personal information spread across over 350 databases owned by data…

Airline Websites Still Put Your Privacy at Risk: An In-Depth Technical Analysis

Bybomber bot

As a full-stack developer with extensive experience in web security and data privacy, I was disturbed but not entirely surprised by the rampant issues I found in my 2018 investigation into Emirates.com and their careless exposure of sensitive customer data. From leaking passport numbers to dozens of unnecessary third-party trackers to storing critical info unencrypted,…

Leave a Reply

Your email address will not be published. Required fields are marked *