Data privacy vs data security: differences and similarities explained

Graphic displaying technology symbols and the words Data Protection
(Image credit: Wright Studio / Shutterstock)

When it comes to choosing your next cybersecurity software, like one of the best VPN services, you may come across the concepts of data privacy and data security

These terms are often used interchangeably, but that's not strictly correct. In fact, even though they have some similarities, often overlap, and it's good practice to have both covered, they actually describe two very different aspects of your data protection. 

Here, we break down what data privacy and data security actually stand for, their main differences and similarities, as well as how tech like VPNs can help to boost the protection of both.  

What is data privacy? 

Data privacy, also known as information privacy, defines all the practices and policies concerning the correct handling, processing, storage, sharing and usage of personal information. 

In many democracies, privacy is actually a fundamental human right protected by the national constitution. Therefore, it's your right to have control over your personal information and know how your sensitive data will be used. 

Think about those privacy policies and terms and conditions you have to read and agree every time you share your data online - whether you're making a purchase or downloading a new app on your phone. Those are common practices to ensure your online privacy is protected. 

Even though lawmakers across the world have come to realize the need for stricter directives, privacy regulations differ from country to country. So far, the European Union’s General Data Protection Regulation (GDPR) seems to be the most rigorous in fact of protection. That's why many other nations are now modeling their privacy laws upon the GDPR.    

Closeup of smartphone message with blue button Read The Privacy Policy

(Image credit: Shutterstock)

What is data security?

On the other hand, data security refers to all the actions aimed to protect your data from unauthorized third-party access - like data breaches or cyber attacks - accidental loss and exploitation of that information. 

Security practices need to ensure the integrity of data at all times, meaning that personal information should be accurate, reliable, and always available to their owners. 

There are many techniques to ensure the security of your personal data. In many cases, it's the organization handling the information responsible to enact security measures - like enforcing internal policies and monitoring the network activities, for example. 

In other instances, you can implement some actions to take some agency back over your data. These can be simple practices to ensure your device's digital hygiene - like checking your smartphone for common signs of hacking, strengthening your account security with two-factor authentication, or using some security software like a good antivirus.  

artistic representation of a hacker

(Image credit: Shutterstock)

And data protection?

Now that you have understood what privacy and security stand for, you are probably wondering: where does data protection sit among the two, then?

Data protection actually includes both privacy and security. It refers to all the procedures that aim to safeguard your personal data. 

If security is designed to prevent your data from being compromised and privacy is thwarted to ensure your information will stay private, data protection guarantees that lost or exposed data can be restored if needed.  

Key differences and similarities

As you have probably noticed, it's not always so clear to delineate privacy from security. That's because at times those concepts actually overlap, while others they involve two very different courses of actions. 

For further clarification we spoke to data lawyer Nigel Jones - former head of the Google legal team in Europe and now co-founder of The Privacy Compliance Hub

Talking about the differences between the two concepts, he said: "Privacy and security are very different, both the worries and the things that you have to do to protect them are different.

"If I'm concerned about my data being destroyed, lost or corrupted, I'm worried about their security. While, from a privacy point of view, I'm worried about knowing where my data is, who's got access to it now, who it might be shared with, and knowing that I can get hold of it if I want to." 

Jones pointed out that there are other elements involved in privacy, too. Transparency and accountability are the two main pillars that support data privacy. 

"It's important to be transparent about what you do with my data, where it resides who you're sharing it with, how long you keep it for, what you do with it when it's not needed anymore. And then, you need to be accountable for it if I want it back," he said.  

Hands working on laptops touching diagram of chain and encrypted blocks

(Image credit: Shutterstock)

At the same time, there is a great extent of overlap between the two. In fact, data security is de facto a prerequisite to make sure that your information remains private. 

Let's take the encryption process as an example. This practice ensures data privacy as it scrambles it in a way that can be accessed and read just with the right key, keeping that information essentially private. Concomitantly, it also guarantees a degree of security as it prevents unauthorized third-parties from exploiting and compromising your data. 

How can a VPN help?

Short for Virtual Private Network, a VPN is a software that aims to protect users' data security in order to guarantee their anonymity and privacy online. As the name suggests, it creates a private network between your device and the site you are accessing online whilst encrypting your data in transit inside its VPN tunnel

There are many VPN services on the market and not everyone ensures your data privacy and security in the same way. 

A strict no-log policy - meaning that the provider never retains information on you and your activities, beside a few strictly linked with its functionality - is what you want when choosing the most private VPN.   

A secure VPN service will have top-notch security features to better protect your data against attackers - some of those include an effective kill switch, DNS leak protection and a perfect forward secrecy, for example. You should also look out for strong encryption protocols, like the newcomer WireGuard. Some providers like ExpressVPN have even developed their own - in this case, Lightway.

It is worth mentioning that a VPN cannot protect at 100% either your privacy or security. That's why you should consider using the service together with other software, like a Tor browser and antivirus software. Many providers, like Surfshark and Proton VPN, are even offering cybersecurity suites to help you boost your data protection with one subscription. Check out our best security bundles guide to know more. 

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to