4.2 Protecting Personal Data and Privacy
Topic Activity
Privacy Under Pressure
Aim of the activity
To help adult learners recognize personal data risks, evaluate app/website permissions, and apply privacy-enhancing strategies (GDPR rights, VPN, private browsers, tracker blockers) in real-life scenarios.
Target Group
Duration
45–60 minutes
(Adaptable for online, in-person, or hybrid delivery)
Objective
To help adult learners recognize personal data risks, evaluate app/website permissions, and apply privacy-enhancing strategies (GDPR rights, VPN, private browsers, tracker blockers) in real-life scenarios.
Materials necessary to execute activity
Online / Hybrid:
Zoom / Google Meet / MS Teams
Shared collaboration tool (Padlet, Jamboard, Google Docs)
Stable internet and devices (PC/tablet/smartphone)
Example screenshots of app permission requests, cookie banners, and GDPR rights forms
In Person:
Laptops/tablets with internet access
Flipchart or whiteboard
Pens and sticky notes
Printed scenarios (app permission requests, cookie banners, oversharing posts, IoT device warnings)
Steps for implementation
1. Icebreaker – “Would You Share It?” (10 min)
Facilitator shows quick examples (e.g., travel plans on Facebook, app asking for microphone access, cookie pop-ups).
Learners raise hands (in person) or use reaction buttons (online) to indicate: “I would share/allow it” or “I would not.”
Brief discussion: Why or why not?
2. Group Task – “Privacy Under Pressure” (20 min)
Divide learners into small groups (3-5 people).
Each group gets a scenario:
Oversharing travel plans on social media
New app asking for excessive permissions
IoT device with weak security
Public Wi-Fi for online shopping
Task: Identify the risk, explain potential consequences, and suggest privacy-protection strategies.
Groups prepare a short response and present to the class.
3. Mini-Demo & Rights Awareness (15 min)
- Facilitator demonstrates:
How to adjust app permissions on a smartphone
Example of requesting data deletion under GDPR
Using a privacy browser (DuckDuckGo, Brave) or tracker blocker
- Learners discuss which of these they have tried and what seems useful.
4. Reflection – “My Privacy Action Plan” (10 min)
Each learner writes down or states:
One risk they realized they have in their own digital life.
One privacy-enhancing step they commit to applying (e.g., disable location tracking, use VPN, review app permissions).
Adaptation Tips
Online: Use breakout rooms for group tasks; scenarios shared via Google Docs/Padlet; group presentations via screen share.
In person: Distribute printed case scenarios; facilitator shows demos via projector.
Hybrid: Online participants collaborate with in-person groups via breakout rooms; presentations done both in person and on-screen.
Skills developed with the activity
By the end of the activity, learners will:
Define personal data and understand its sensitivity.
Identify risks of oversharing, excessive app permissions, and insecure connections.
Understand their GDPR rights and how to exercise them.
Commit to practical privacy-enhancing habits.
Methodology
- On-site
- Online
- Hybrid
Evaluation
Reflection – “My Privacy Action Plan” (10 min)
Each learner writes down or states:
One risk they realized they have in their own digital life.
One privacy-enhancing step they commit to applying (e.g., disable location tracking, use VPN, review app permissions).
Links & References
Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Education and Culture Executive Agency (EACEA). Neither the European Union nor EACEA can be held responsible for them.
