The two words are used as though they mean the same thing, and the confusion is not harmless, because it leads people to buy a lock for a door that was never the problem. Security is about keeping your data from those not authorized to have it, protecting it against theft, interception, and unauthorized access. Privacy is about controlling who is authorized in the first place, and what they may do with what they collect. A system can be flawlessly secure and still destroy your privacy, because the party collecting the data is doing so with your consent and protecting it well, so the exposure is not a breach, it is the design working as intended.
The clearest way to see the distinction is through a concrete case. A messaging service that encrypts every message in transit and at rest, that no attacker can read, is secure. If that same service records who you talk to, when, and how often, and mines or sells that record, it is not private, and no amount of encryption changes that, because the company is not an attacker to be defended against, it is the authorized recipient. Security answers the question, can someone who should not have this get it. Privacy answers a different question, should this have been collected at all, and who decides.
This matters because the tools for each are different, and reaching for a security tool to solve a privacy problem is a common and expensive mistake. Encryption, strong passwords, and two factor authentication are security measures, they protect data from unauthorized parties, and they do nothing about a service you authorized quietly harvesting everything you do within it. Privacy is addressed by other means, by not sharing the data, by choosing services that do not collect it, by minimizing what you expose, and by understanding what you agree to. A VPN, often sold as privacy, is a good illustration, it secures your traffic from your local network and hides it from your internet provider, and it hands all of that same visibility to the VPN operator instead, which is a change in who sees you, not an elimination of it.
The practical value of holding the two apart is that it makes you ask the right question about any tool or service, not only whether your data is safe from attackers, but also who you authorized to collect it, and whether you trust what they will do with it. A great deal of what is sold as privacy is really security, protecting you from strangers while leaving you fully visible to the company you handed everything to. Understanding that security guards the data while privacy governs the collection is the first distinction anyone serious about either has to make, because until you know which problem you are solving, you cannot tell whether the tool in your hand solves it.