Phishing, as a common threat in the digital space, employs deceptive methods such as sending fake emails or creating imitation websites to steal users’ sensitive information. These attacks not only jeopardize cybersecurity but also infringe on individuals’ privacy. In Iran, despite legal advancements in data protection, challenges remain in combating phishing and safeguarding users’ privacy. The aim of this article is to examine the conflict between digital security and individual freedoms in the context of phishing and privacy rights in Iran. The research method is descriptive-analytical, based on documentary study. The findings indicate that although laws such as the Computer Crimes Act and related executive regulations exist, gaps in implementation and oversight increase users’ vulnerability to phishing attacks. Therefore, strengthening regulatory infrastructures, raising public awareness, and fostering cooperation between governmental and private institutions are essential for effective countermeasures against these threats. This study also highlights innovative approaches for balancing security and individual rights in the Iranian legal context.