“Glossary of Key Privacy Terms”

Enhance your understanding of privacy concepts by reviewing a glossary of essential terms, offering clarity on technical jargon and foundational principles.

Comprehensive Privacy Glossary

This glossary combines all relevant privacy-related terms, including key concepts from Module 2: Evolution of Privacy Threats.

A

• Aggregate Consumer Information

Information about groups or categories of consumers with individual identities removed.

Example: Data used for demographic analysis.

• Anonymization (Anonymisation)

The process of rendering personal data anonymous.

Example: Stripping identifiers like names or addresses from datasets.

• Anonymized (Anonymised) Data

Data rendered untraceable to any individual.

Example: Aggregated statistics without personal identifiers.

B

• Biometric Data

Unique physical, biological, or behavioral characteristics used for identification.

Example: Fingerprints, facial recognition, or voice patterns.

• Business

Any legal entity engaged in operations for profit, collecting or processing personal data.

Example: Social media companies analyzing user data for targeted ads.

C

• Consent

Freely given, informed, and unambiguous agreement by a user to data processing.

Example: Clicking “I agree” to privacy terms on a website.

• Consumer

A natural person whose data is collected or processed.

Example: A user signing up for an online service.

• Contractor

A person or entity processing personal information on behalf of a business, under a written contract.

Example: A marketing consultant analyzing customer data.

D

• Data Breach

Unauthorized access, loss, or exposure of personal data due to security failures.

Example: The Equifax data breach compromising Social Security numbers.

• Data Controller

Entity responsible for determining the purpose and means of data processing.

Example: A company collecting customer data for marketing.

• Data Processor

Entity processing data on behalf of a data controller.

Example: A cloud storage provider handling encrypted files.

• Data Protection Authority

An independent authority monitoring compliance with privacy laws.

Example: The European Data Protection Board (EDPB).

• Data Subject

An individual whose data is collected or processed.

Example: A customer providing personal details for a subscription.

• Data Subject Rights

Rights granted to individuals regarding their personal data, such as access, correction, and deletion.

Example: The “right to be forgotten” under GDPR.

• Data Protection Impact Assessment

An analysis of risks to personal data before processing begins.

Example: Assessing the privacy risks of a new mobile app.

I

• International Data Transfer

Transfer of personal data to a foreign country or international organization.

Example: Sharing European customer data with a US-based cloud provider.

• International Organization

An entity established by agreements between multiple countries.

Example: The United Nations.

M

• Main Establishment

The primary location of a controller or processor in the EU for regulatory purposes.

Example: A company’s European headquarters.

O

• Opt In

A user’s explicit consent to data processing or marketing.

Example: Subscribing to a newsletter.

• Opt Out

A user’s refusal or withdrawal of consent to data processing.

Example: Declining cookies on a website.

P

• Personal Data

Any information relating to an identified or identifiable person.

Example: Name, email, or phone number.

• Pseudonymization

Replacing identifying information with pseudonyms to protect privacy.

Example: Masking names in a medical dataset with unique codes.

• Privacy Policy (Privacy Notice)

A document outlining how an organization collects, processes, and protects personal data.

Example: A company’s publicly available data usage statement.

R

• Recipient

Any entity to whom personal data is disclosed.

Example: A third-party analytics company.

• Representative

A locally established entity representing a data controller or processor.

Example: A legal representative for GDPR compliance.

S

• Sensitive Personal Information

Data requiring additional protection due to its nature.

Example: Health records, financial details, or biometric identifiers.

• Sharing

Disclosing or transferring personal data to third parties.

Example: An app sharing user data with advertisers.

T

• Third Party

An external entity authorized to process data by a controller or processor.

Example: Marketing firms using anonymized customer data.

• Transfer

Transmission of personal data between organizations or across borders.

Example: Sending data to a cloud server in another country.

Z

• Zero-Trust Architecture

A security model assuming no inherent trust in any user or system, enforcing strict verification.

Example: Continuous user authentication for access to company systems.

Source