Concepts of Privacy and Data Protection

In the advanced age, information assumes an important job in our day to day lives. It’s there in ways we sometimes even fail to notice. Taking the instance of online shopping, where after purchasing a product we need to provide the website with our name and address. This is a very direct way in which our data is being collected. Sometimes, data collection can be less visible. Take data brokers, for example. You’ve most likely never heard about them, however these organizations have some expertise in making highly detailed profiles of people for sponsors. Even a single profile can provide up to 1500 data points. This can incorporate an individual’s sexuality, browse history, political connection, and hospital records. In this document, we aim to investigate this discussion, focusing on the related however distinct concepts of privacy and data protection. This will help us to have a clear idea of how these issues vary and overlap; how both are influenced by the digital age.

The increase in computing power near the beginning of the 21st century has led to a cascading effect in terms of individual privacy getting compromised. With increased ability to deal with vast amounts of data, data brokers have a vast collection of in-depth profiles of people around the world. A particular firm by the name of Acxiom has even claimed to have in-depth data on 10% of the entire world’s population (Lopes, 2018). Most likely, this data is sold to advertisers who utilize it to find their target demographic layer and focus on delivering their products to them. Social Platforms such as Facebook provide us social connectivity for free in exchange for information about us. What brands do we like, which movies, books or events? All of this personal information is sold to advertisers once again. We may not even be aware of this and those of us who are aware of this fact, never read the “Terms of Service” whilst signing up on such a social network (Lopes, 2018).

Indeed, most of the problem seems to be in the realm of awareness. The more aware the citizen is about how his/her privacy is being compromised, the more inspired to take matters to the law. In certain recent cases, the government has succeeded in penalizing certain corporations for misusing data as we will see later on. By 2019, it is a well-known fact that any free internet-based product with a terms of service most likely uses our personal data. However, most of us do not seem to mind it! Is it not better that advertisers have our information and know which products to show to each of us? On the other side of the coin, there is an uneasy feeling that nothing about us is private anymore. Apart from brands, movies, events, books, etc our conversations, bank transaction history, location data is monitorable given leaps in technology over the last decade. In some countries, the process is also legalized (Lopes, 2018).

Hence, we need to ask ourselves the pertinent question. Is privacy dead or do we as citizens no longer desire it in a social context? A debatable point no doubt, but given the amount of data being latently collected and our nonchalance when signing up for any social platform, maybe we could argue it is not a social norm anymore. After all, this “gentle invasion of privacy” does not seems to affect us so negatively as we might expect. At this point we do not seem to be much concerned with our loss of individual privacy. Most people might think that in order to avail the services of a social platform such as Facebook or Twitter, it is fine for them to know about our personal details. But what about corporate entities which might use our personal data to cause harm? Do they exist and if so, are they legal? The bad news is that they do exist, and do affect our social image and career negatively. For example, Health networks such as PatientsLikeMe clearly states during the sign-up process “you should expect that every piece of information you submit (even if it is not currently displayed) may be shared with our partners and any member of PatientsLikeMe”. Soon, it came to light that even the private patient-to-patient conversations were being copied off the site by a media research firm called Nielsen and Co (Angwin, 2010).

Other unfortunate cases such as the one of Catherine Taylor are dime a dozen, falsely accused because of mistakes done by a predictive algorithm. This prediction of her being classified as a methamphetamine dealer was mistaken and it took her four years to get a job and even more to properly get all suspicions removed from her name (Mui, 2011). Payment histories are also sold off by firms to large corporations who might end up targeting individual citizens and charging them excessively. In Mui’s article it is mentioned: “The National Communications, Telecom and Utilities Exchange collects account information for 63 of that industry’s largest firms — although the group’s director won’t specify which ones. Members use the data to decide who to approve for new accounts and the size of a security deposit.” The article goes on to say, that the data could be positively use to re-evaluate credit score of the borrowers and bring them back into the financial mainstream. But the data could be used negatively and penalize them, leading to higher interest rates and/or higher fees. Coming back to services provided by Facebook and Google, are they worth it for the increased loss in online privacy? As mentioned earlier, using data to provide us better products or service is fine but what if our chat data is also passed on to other firms such as the on in the case of Nielsen and Co? This is the point where Facebook and Google must accept responsibility for their actions.

Currently, Facebook is valued at just under $140 billion. Google along with its parent company Alphabet is somewhere around the mark of $970 billion. The total worth of many countries in the world do not match up to these numbers. We need to wonder if we need to be afraid of these massive corporations. With the level of online penetration and financial capital that they have, it would not be a surprise if they decided to use their power to negative ends. A good case study in this regard is the Cambridge Analytica Scandal. Aleksandr Kogan, data scientist at Cambridge University, developed an application which he provided to Cambridge Analytica. Cambridge Analytica in turn arranged an informed consent process for research in which several hundred thousand Facebook users would agree to complete a survey only for academic use. However, Facebook’s design allowed this app not only to collect the personal information of people who agreed to take the survey, but also the personal information of all the people in those users’ Facebook social network. In this way Cambridge Analytica acquired data from millions of Facebook users. In fact, the SCL Group, which does the heavy-duty work for Cambridge Analytica, describes itself as being experts at psychological warfare and influence operations. The firm attempts to take their client’s message through to the target audience and bring them around to the preferred viewpoint (Chang, 2018). The most important requirement for this process was the data itself, which was provided by Facebook! Even though Facebook faced backlash in the ensuing case, not much harm was done to the company at large. Sure, maybe the stock value depreciated a little bit. In such a scenario, other smaller companies would go bankrupt but Facebook shook off the dust and walked away. Cambridge Analytica on the other hand, shut down in 2018! In another case, Google has admitted to firms being able to access data from email inboxes of their Gmail accounts. Although Google’s director of security, trust and privacy Suzanne Frey claimed that it was for user’s benefit (Cuthbertson, 2018)., it is quite difficult to hold accountable a nearing $1 trillion-dollar valued company if a third-party firm misuses the data. In such a case, the third part firm will go bankrupt but Google will remain unscathed (Cuthbertson, 2018).

By now, we have discussed the positive and negative aspects of data being in the hands of corporate giants. Positive aspects are that we avail the valuable services of their products such as social platforms (Facebook/Twitter), well managed email service (Gmail), online storage (Google Drive), etc. Negative aspects obviously largely deal with privacy of our personal data and to what end it’s being used. If used for advertisers to showcase specific products then all the better, but in case it’s used towards nefarious ends then we become scapegoats.

So, are we concerned about online privacy? From recent studies it seems that we are (Valentine, 2018). People are beginning to understand that invasion of online privacy can range from their credit card numbers being sold for a dollar to being stalked online by a killer (Sullivan, 2018). People might even know about the negative effects but find it mentally tiring to do anything other than tick the “Yes, I have read and agree with Terms of Service”. “Despite consumers’ apparent concern about online security, the survey results also revealed participants do very little to safeguard their information online, especially if doing so comes at the cost of convenience and time. In fact, 60 percent of them download apps without reading terms and conditions and close to one in five (17 percent) report that they’ll keep an app they like, even if it does breach their privacy by tracking their whereabouts” (Byer, 2018). Understandably, we have had certain progressions from a legislative perspective. Back in 2012, former President Barack Obama’s Consumer Bill of Privacy Rights was passed (Layton, 2018). In the last 5 years, the CEOs of Facebook and Google have had to attend conferences and face questioning by lawmakers (Wong, 2018 and Wakabayashi, 2018). No doubt these happened as a result of increase in citizen awareness about their online privacy. If privacy concerns are raised at the grassroot level which consists of citizens then the government is bound to spring into actions and call accountable the data providers.

Now, we should explore what is the awareness level in Canada and what the government is doing regarding the usage or rather the misuse of personal data. In Canada, surveys done indicate that citizens are educated about online privacy with a high percentage being recorded for almost all age groups. In Simpson’s article it is mentioned: “While a significant majority of all age groups are in favour of online privacy, support is strongest among Baby Boomers (95%) and Gen X’ers (92%), and slightly weaker among Millennials (88%).” It seems the older generation is more concerned about online privacy, but the people born in the early 2000s are not far behind. From another survey by Ipsos we see that a considerable percentage of Canadians are now aware of their personal details online being used for purposes they were not aware of. Hence, this led to them changing their social media behaviour or even stopped using such platforms. Around one in ten stopped using social platforms simply because they did not trust what their personal data was being used for. Such fears are not unwarranted as proved in the Sullivan’ s article. 85% percent of Canadians agreed that they were worried about their online privacy and security of personal information. Hence, citizen awareness clearly exists, but what is the government doing to address these concerns?

In June 2015, the Canadian Government passed the Digital Privacy Act (Library of Congress, 2017). Considerable amendments were done to specify what was valid consent for the collection, use, or disclosure of personal information. Also, several new definitions and exemptions regarding collection, usage and disclosure of personal information without consent, such as for business transactions were also written. Personally, I do believe that online privacy should be taken seriously. Governments of all nations needs to modify their laws to accommodate the fast-improving technology and hold major corporations accountable for their actions. Penalizing third-party firms for improper use of data is being done now. This was clear in the Cambridge Analytica Scandal. The next step would be to hold larger corporations accountable. After all, it is them who provide the data in the first place. Misuse of data stems from the availability of it. Large corporations such as Facebook and Google who have the power of data need to be responsible for it. Data being provided for the purpose of better service or better social experience is quite welcomed. But the corporations should scrutinize the third-party firms whom they provide data to. There should be a stringent process to filter out unscrupulous firms and also report them to the law.

In turn, if large data providing corporations are not willing to take up this responsibility of proper data usage then they should not be above the law. The CEOs must be called for public questioning. The Government should be above all and decide the penalty if and when these companies cross the line. The passing of GDPR in the European Union is a welcome change from the perspective of individual online privacy. Under this law, companies are required to delete most of their records. Till date, companies were free to save each and every information on their sites, mine through the data and utilize it in predictive models. With implementation of GDPR, these companies are not free to do that anymore and are free to collect only certain legal portions of their user data.

The Information Commissioners Office of United Kingdom is the authority responsible for registering data controllers, taking action on data protection and handling concerns and mishandling data. About GDPR they said, “You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR”. GDPR ultimately places legal obligations on a processor to maintain records of personal data and how it is processed, providing a much higher level of legal liability should the organisation be breached.

Regarding citizen awareness, it is improving everyday as shown in the articles from Simpson and Library of Congress. From the statistics it seems that the older generation are more aware and concerned about it. We need to educate the children about sharing just the right amount of personal information online. Parental control should be exercised. I do not believe a child of less than 13 years properly understands online privacy and all its rules. Parents need to step in and monitor the use of their social accounts and participation on online forums. Let us look towards the future of online privacy and what steps will be needed for it. Awareness is increasing every day, both at the individual and the level of legislature. At this point in time, large corporations are still not held completely held accountable for their actions and lack of filtering processes for their supply of data to third party firms. In the future, most likely this will change. Companies such as Facebook and Google are taking steps in this direction (Cimpanu, 2018 and Statt, 2018). The current youth (people born between 1990 to early 2000s) will eventually catch up with the older generation and be more careful about data sharing online. Hopefully, the Canadian Government will introduce education policies to educate the children on online etiquette and sharing of personal information.

Individuals are most affected to change their thoughts if it originates from inside their social network. Yet, almost certainly, change can emerge out of outside powers – claims, state lawyer commanders, controllers in the US and abroad, and the government officials from the two sides of the walkway and from over the lake that are progressively disparaging tech, occasionally in manners that go way, excessively far. State-level claims are especially significant because they avoid the messed up political procedure at the government level, and revelation in a claim is significant claiming it might offer pieces of information to individuals’ outlooks and goals, and that is the reason tech organizations are contending them energetically at this moment.

In conclusion, what can human rights protectors do to protect and strengthen data protection and privacy? A simple initial step is taking computerized safety efforts yourself. This can be as basic as utilizing encryption and obscurity devices, what’s more, encouraging your companions to do likewise. Human rights protectors can likewise advocate for option computerized plans of action, which aren’t founded on the extraction and closeout of information. Economic pressure on the existing model is already growing. For instance, in the course of the most recent couple of years, the quantity of clients utilizing AdBlock software universally has exploded. Evidence has been found that this is already pushing companies to have less invasive advertising tactics. Engaging in debates at the national and regional level is, obviously, critical. Where security insurances are feeble, human rights protectors need to effectively advocate for more grounded ones. Also, even where they are more grounded, we need to ensure the legislation is staying aware of new technological developments – like the Internet of Things.

At last, if we want things to progress, human rights protectors need to make these issues open and relatable by being progressively innovative about the way we describe them. When people are made aware on how data protection and privacy affect them on a daily basis, they can be more inclined to discuss these concepts.

References

• Angwin, J., & Stecklow, S. (2010, October 12). ‘Scrapers’ Dig Deep for Data on Web. Retrieved June 23, 2019, from https://www.wsj.com/articles/SB10001424052748703358504575544381288117888
• Byer, B. (2018, June 20). Internet Users Worry About Online Privacy but Feel Powerless to Do Much About It. Retrieved June 23, 2019, from https://www.entrepreneur.com/article/314524
• Chang, A. (2018, May 02). The Facebook and Cambridge Analytica scandal, explained with a simple diagram. Retrieved June 23, 2019, from https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-cambridge-analytica-trump-diagram
• Cimpanu, C. (2018, October 08). Google sets new rules for third-party apps to access Gmail data. Retrieved June 23, 2019, from https://www.zdnet.com/article/google-sets-new-rules-for-third-party-apps-to-access-gmail-data/
• Cuthbertson, A. (2018, September 26). Google admits giving hundreds of firms access to your Gmail inbox. Retrieved June 23, 2019, from https://www.independent.co.uk/life-style/gadgets-and-tech/news/google-gmail-data-sharing-email-inbox-privacy-scandal-a8548941.html
• Layton, R. (2018, October 29). A look at the growing consensus on online privacy legislation: What’s missing? Retrieved June 23, 2019, from http://www.aei.org/publication/a-look-at-the-growing-consensus-on-online-privacy-legislation-whats-missing/
• Library of Congress. (2017, December 01). Online Privacy Law: Canada. Retrieved June 23, 2019, from https://www.loc.gov/law/help/online-privacy-law/2017/canada.php
• Lopes, J. (2018, December 03). Privacy and Data Protection. Retrieved June 23, 2019, from http://blog.joaquimlopes.com/.
• Mui, Y. Q. (2011, July 16). Little-known firms tracking data used in credit scores. Retrieved June 23, 2019, from https://www.washingtonpost.com/business/economy/little-known-firms-tracking-data-used-in-credit-scores/2011/05/24/gIQAXHcWII_print.html?noredirect=on
• Simpson, S. (2018, April 10). Four in Ten (39%) Canadians Changed Their Social Media Behaviour (28%) or Stopped Using some Platforms (11%) Over Data Privacy Concerns. Retrieved June 23, 2019, from https://www.ipsos.com/en-ca/news-polls/Global-News-Data-Privacy-and-Social-Media-Poll-April-2018
• Simpson, S. (2018, April 5). Nine in Ten Canadians (92%) Believe in Right to Privacy Online. Retrieved June 23, 2019, from https://www.ipsos.com/en-ca/news-polls/guaranteed-removals-online-privacy-poll-April-2018
• Statt, N. (2018, July 31). Facebook shuts off access to user data for hundreds of thousands of apps. Retrieved June 23, 2019, from https://www.theverge.com/2018/7/31/17637244/facebook-apps-api-access-shut-off-missed-review-deadline
• Sullivan, B. (2000, November 17). Online privacy fears are real. Retrieved June 23, 2019, from http://www.nbcnews.com/id/3078835/t/online-privacy-fears-are-real/#.XRAIj_mSmi5
• Valentine, O. (2018, April 03). 1 in 4 Deeply Concerned About Online Privacy. Retrieved from https://blog.globalwebindex.com/chart-of-the-day/1-in-4-deeply-concerned-online-privacy/
• Wakabayashi, D., & Kang, C. (2018, December 12). Google’s Pichai Faces Privacy and Bias Questions in Congress. Retrieved June 23, 2019, from https://www.nytimes.com/2018/12/11/technology/google-pichai-house-committee-hearing.html
• Wong, J. C. (2018, April 11). Mark Zuckerberg faces tough questions in two-day congressional testimony – as it happened. Retrieved June 23, 2019, from https://www.theguardian.com/technology/live/2018/apr/11/mark-zuckerberg-testimony-live-updates-house-congress-cambridge-analytica