The Challenges Faced by Personal Data Privacy Protection and the Risks of Data Breach.



With the continuous advancement of technology, people’s lives have undergone fundamental changes. Although the convenience brought by the information age is admirable, we must be aware of the potential problems. As Tim Berners-Lee, the inventor of the World Wide Web, said, “Our data is as much a part of us as our bodies. If it’s stolen or misused, it’s as if we’ve been physically harmed.” Personal information security is facing increasingly severe tests, and this issue affects everyone’s privacy and personal property security. In today’s society, users’ web browsing, socializing, and chatting are like footprints in the snow, clearly visible on the internet and easily exploited by criminals. Through this blog, I will demonstrate some of the challenges and risks faced by users’ privacy in the digital age. In addition, I will discuss the attempts of various companies and organizations and the challenges they face.

What is personal information in the information age?

In the past, people’s information was only in physical forms such as paper letters and photographs. However, with the changes of the times, everything in people’s lives has turned into digital forms. The stored information gradually goes beyond the control of users. In the information age, many traces of people’s information in real life are intentionally or unintentionally left online. Personally Identifiable Information (PII) refers to any data that could potentially identify a particular person. (Aarthi, 2022)

In addition, various types of information in daily life, such as conversations on social media platforms, browsing history, and personal photos on websites, constitute a user’s digital footprint on the internet. Just like a detective can determine a suspect’s height, shoe size, and walking habits through footprints, a digital footprint is a trace left by a user while using the internet.

This reminds me of a performance art piece by German artist Markus Kreutzer called “USB, Ich Geb Dir Meine Zeit” (USB, I Give You My Time), which was displayed on a wall in the center of Berlin in 2011. The design of the artwork was like an electronic bulletin board, using USB drives to allow passersby to upload and download files and communicate and share with people in the city. Markus Kreutzer’s artwork was an attempt to explore the social interaction and information sharing in the digital age, aiming to encourage people to participate in the interaction in the digital world through this form of performance art. However, due to security issues, the installation was ultimately dismantled by the German government in 2013. Apart from the absurd excuse that a protruding USB port could scratch passersby, the main reason for the dismantlement was concerns about information security, such as uploading malicious software to invade visitors’ privacy or spread viruses and malicious software.

Who wants “my information”?”

Hackers and cybercriminalsSteal personal data for illegal activitiesThe 2017 Equifax data breach where hackers stole personal information of over 140 million Americans, including Social Security numbers and driver’s license information.
Advertising and data analytics companiesTrack users’ online activity and behavior, collect personal data for targeted advertising and market analysisThe Facebook and Cambridge Analytica data scandal. In this scandal, Cambridge Analytica collected personal data of over 87 million Facebook users through a Facebook application.
Government and intelligence agenciesUse surveillance technology to investigate crime, terrorism, and national security, thereby obtaining user dataThe Prism program of the US National Security Agency (NSA) which was exposed by Edward Snowden. The program collected internet communication data from all over the world.
Data brokers and data trading platformsCollect data from various sources and sell it to other companies or organizations for profitAcxiom is a data broker company that collects and manages large amounts of data from multiple sources, including Social Security numbers, driver’s license information, and credit card information.

In summary, several types of groups and entities were mentioned, including hackers and cybercriminals, advertising and data analytics companies, government and intelligence agencies, and data brokers and data trading platforms. At first glance, their distribution and types can actually be summarized into specific categories, and they can be classified according to the degree of harm to individuals’ lives and data.

Groups and their objectives that pose significant threats to personal information, property, and life safety are as follows:

Firstly, hackers and cybercriminals: They may illegally invade personal accounts, steal personal identity information, and obtain personal data through extortion, blackmail, or phishing. For example, hackers may deceive individuals into entering their account passwords through phishing emails, thereby obtaining login credentials and accessing personal accounts to steal personal information (Wall, D. S., 2018).

Secondly, government agencies and intelligence organizations: In specific situations, government agencies and intelligence organizations may access, monitor, or obtain personal data, including telephone communications, internet activities, social media information, etc. For instance, government agencies may obtain personal communication records or social media account information when investigating criminal activities or threats to national security (Illustrations by Delcan & Company, 2019).

Data brokers and data trading platforms: Data brokers and data trading platforms may collect, organize, analyze, and sell personal data. For example, some data brokers may construct user profiles based on their activities and interests on social media, and sell this information to advertising companies or other third parties, thereby involving risks to personal privacy and data security (Acquisti, A., & Grossklags, J., 2018).

Lastly, there are advertising and data analytics companies: these companies may collect personal data to conduct targeted advertising and user profiling. For example, advertising companies may collect users’ internet search history, shopping records, and other information to conduct targeted advertising and push personalized ads, but this may involve risks to user privacy and data security. (Turow, J., 2017).

In summary, personal data has become a highly valuable resource that has attracted the attention of various stakeholders. Understanding these interests and motivations can help people better protect their personal privacy and security.

The Dilemma of Privacy Protection

1- Leakage of Personal Information:

For example, when a user enters their email, phone number, or birthday on a website with low security in their daily life, this creates a digital footprint, which is the user’s data leakage. Some fraudulent groups may use limited information to gain the trust of victims. For instance, criminals may send an email claiming that there is a package with the victim’s phone number (leaked information) and their friend sent a birthday gift (leaked information) that needs to be verified through a fake webpage that asks for bank information. Many victims fall for such tricks since the criminals use the user’s real information that was leaked in the past.

2- Difficulty in Controlling Personal Information:

Personal information is controlled by companies and organizations. For example, in the case of Facebook and Cambridge Analytica’s data leak, the user’s digital footprint was collected by a personal information collection application called “thisisyourdigitallife”. Although the software requires authorization to collect user information, it also collects data from the user’s friends. This was first discovered by a psychologist named Aleksandr Kogan. The user’s digital footprint, which is stored on cloud or local devices, can be easily accessed, and the user cannot stop or intervene.

3- Imperfect Privacy Protection Laws:

Referring to the typical example mentioned earlier, the Facebook Cambridge Analytica data leak incident. Cambridge Analytica used Facebook user data for political propaganda and election campaigns. Many users are unaware that their data is being collected and used, and they cannot control their digital footprint. Moreover, the laws and regulations are usually insufficient to prevent such behavior, resulting in digital footprint data being abused by commercial groups. As a result, many countries lack laws and regulations to regulate and intervene in this rapidly developing online society.

4- Conflict with Business Interests:

Many companies rely on collecting and analyzing data to provide personalized products and services. However, the business interests of these companies may conflict with individual privacy rights. As Alessandro Acquisti mentioned in his TED speech, the line between public and private has become blurred. Users are usually unaware of how their information is being used, and many companies, such as the aforementioned Cambridge Analytica, have seriously violated user privacy. However, companies will use legal loopholes to evade relevant laws and regulations due to their interests.

5- Political Information Monitoring:

Many countries collect user information in various ways to prevent potential national security risks and crimes. For example, the Prism program of the US National Security Agency (NSA) revealed by Edward Snowden. The program was intended to protect national security by accessing the servers of tech companies such as Google, Facebook, and Microsoft directly. The NSA collects user communication content, transmitted files, videos, and audio without user permission. The US government monitors its citizens in this way, but it is also a way to protect the public by detecting potential criminal activities through data screening.

Protecting privacy in the digital age

Although personal information in this era faces many challenges, there are still ways to protect personal information and restrain related interest groups. From individual users, legal aspects to corporate constraints.

Individuals: By enhancing personal information security awareness and consciously protecting their information in daily life.

1.Password protection: Set complex strong passwords and enable two-factor authentication for social media and other online accounts, and change passwords regularly. This can effectively prevent hacker attacks.

2.Daily precautions: Do not share personal data, as this will leave a digital footprint on the internet. For example, do not mention personal information such as door numbers, addresses, phone numbers, and bank account information when communicating with friends.

3.Device protection: Use firewall and antivirus software when using smart devices. Firewalls can control and block unauthorized access and filter traffic that threatens device security. Antivirus software can prevent malware from infecting a user’s smart device.

Legal: Understanding personal information laws can help internet users understand local protection of personal information.

Each country and region has corresponding laws and regulations to protect personal information security, and Europe has the General Data Protection Regulation (GDPR), which mostly covers the standards for companies collecting user information. It specifies specific requirements for collection, use, and processing. Overall, laws and regulations on digital footprints and user protection cover: personal data protection, data security guarantee, transparency in data processing, and protection of data privacy rights. Digital privacy laws in different countries and regions have certain differences, but they all focus on protecting personal data security and privacy, maintaining user rights and freedoms, and strengthening corporate responsibilities and obligations to ensure privacy in the digital age is protected.

Enterprises: Enterprises hold a large amount of user data, so their actions and industry norms are the front line of protecting user privacy. According to the Privacy Framework provided by the Federal Trade Commission (FTC) in the United States, detailed guidance is provided for companies to protect privacy in the digital age.

Data collection standards and usage norms: Companies should follow the principles of legality, fairness, and transparency, clearly inform users of the purpose of using their data, and only collect and use user data after obtaining user consent.

Access and modification rights of data: Companies should provide users with a way to access, modify, and delete their own data, ensuring that users have control over their own information.

Data security guarantee and data protection responsibility: Companies should bear the responsibility of protecting user data, so they need to use technical and management measures to protect user security, prevent data misuse, tampering, and other risks.

There are also important privacy policies: Companies should formulate and publish privacy policies, clearly informing users of data usage restrictions and privacy policies.


In conclusion, personal data privacy protection is a critical issue that affects everyone’s privacy and personal property security. The challenges associated with protecting personal data are significant, and include the widespread use of the internet and digital devices, the lack of transparency and control over personal data, and the complexity of data protection laws and regulations. The risks associated with data breaches are severe and can have far-reaching consequences. It is essential for individuals, organizations, and governments to take appropriate measures to protect personal data and prevent data breaches.

Furthermore, as individuals continue to rely more heavily on the internet and digital devices for daily activities, their digital footprint continues to grow larger. This digital footprint is the trail of data that individuals leave behind as they interact with technology, including their online activity, social media posts, and location data. This information can be used to build a profile of an individual’s interests, habits, and behaviors, which can be valuable to advertisers, data brokers, and other third-party entities.

Therefore, it is important for individuals to take steps to protect their digital footprint and personal data. This includes being cautious about sharing personal information online, using strong passwords and two-factor authentication, and regularly reviewing and adjusting privacy settings on social media and other online accounts. It is also important for organizations to implement strong data protection policies and comply with data protection laws and regulations to protect their customers’ personal data.

In summary, personal data privacy protection is an ongoing concern that requires a collective effort from individuals, organizations, and governments. By taking appropriate measures to protect personal data and being mindful of their digital footprint, individuals can help safeguard their privacy and personal property security in the digital age.


Aarthi. (2022, July 19). Personally Identifiable Information (PII) – A beginner’s guide. Atatus Blog – For DevOps Engineers, Web App Developers and Server Admins.

Bernard, T. S., Hsu, T., Perlroth, N., & Lieber, R. (2017, September 7). Equifax says cyberattack May have affected 143 million in the U.s. The New York Times.

FTC issues final commission report on protecting consumer privacy. (2012, March 26). Federal Trade Commission.

Graham-Harrison, E., & Cadwalladr, C. (2018, March 17). Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian.

Greenwald, G. (2013, June 6). NSA collecting phone records of millions of Verizon customers daily. The Guardian.

How to protect your privacy online. (2021, May 13). Consumer Advice.

Privacy in the age of big data: recognizing threats, defending your rights, and protecting your family. (2014). Choice (Chicago, Ill.)52(02), 52-0887-52–0887.

Video, W. (2013, November 5). Presentation video on why privacy matters from Alessandro acquisti at TED. University Webinars.

Be the first to comment

Leave a Reply