Data Privacy: When to give and when not to give personal information

Personal data entails any data related to an identified or identifiable person. This includes information, such as name, date of birth, email address, phone number, address, physical characteristics, or location of an individual. 

Often, personal data is sought for commercial interests such as personalised services and targeted advertising, and to enable companies to conduct market research.  Governments may also require personal data in order to provide citizen services and achieve security functions. 

However, data could also be used for malicious intentions such as identity theft, fraud, illegal surveillance and tracking, which may cause harm to an individual. 

While it is an individual’s responsibility to protect their personal data, what do citizens know about what to give, when to give and when to deny access to their personal data?

Citizen Digital engaged Cyber expert Oscar Okwero and Advocate David Mwangi to share some best practices of data protection.

Watch the interview below

The global thirst for data

Due to digitisation of multiple activities and tasks, the global data volume is today estimated to be 149 zettabytes. The global thirst for data has led to the development of multiple data centres, which are responsible for storing, processing and transmitting the data we use. According to the World Economic Forum, there were 11,800 data centres globally as of April 2025 – most of which are located in developed countries.   

Today, with the right information, right technology and algorithm, companies can create simulations of individuals, and use the machines to predict future actions such as purchases, locations, changes in career or relationship status. 

According to a study published in 2019, there is a possibility of achieving 95% of the potential predictive accuracy for an individual using their social ties. This means that one’s social contacts are sufficient to predict their personal attributes. 

Experts also note that the consent system on most online sites is not sufficient, as most users barely understand what they consent to in multiple privacy terms and conditions. This is also made possible by long, tedious privacy policies, which most people proceed to accept without fully reading and understanding their meanings. It is predicted that reading most common privacy policies would take an individual nearly 250 hours – something that is impossible for most people. This leads many to share personal data on online platforms, without much control over how their data is used. 

Today, the world is experiencing a gold rush for data to equip data centres. This has scaled up due to changes in the innovation ecosystem, where AI, cloud, fintech, and e-commerce solutions are highly sought.