Advancement of technology has changed the dynamics of human life resulting emergence of digital media. From learning to shopping and socialising, people have become more dependent on the data-driven culture in the contemporary era. The recent inventions in technology and their application in various business operations have raised questions on the effectiveness of privacy and data protection of each user. One of the most influential books, ‘The Right to Privacy’ argued on the fundamental human rights for the protection of humans properly is equivalent to the protection of the human body (Brandies & Warren, 1890). The Brandies & Warren, 1890relevance of the ideology can be found in the modern world to protect user privacy in the digital environment of new businesses. Privacy is a messy and complex subject and the value of privacy lies in access and control of user data by following ‘contextual integrity’ (Nissenbaum, 2009). This infers that individuals have complete rights regarding their data usage to make choices for what to consume and what should be avoided. The blog aims to portray the risk associated with stepping into a website and how ‘contextual integrity’ can be used as a means of user privacy. The blog argued that the websites are not safe place for users to socialise as it often experiences major data breach of collected user data that violates the privacy policies. The blog will highlight the LinkedIn data breach, followed by the effectiveness of government policies for data protection and the role of ‘contextual integrity’ theory in that matter.
LinkedIn Data Breach and a Qusetion to Data Protection
We all are aware of the LinkedIn application/website that we use professionally to socialise with people from our same domain. But, do you know in 2021, LinkedIn faced the biggest challenge? The reason was a data breach on LinkedIn that accessed the profile database and privacy information of around 700 million users (Braue, 2021). In this blog, I will explain how reputed websites sometimes lost control and create what you call according to Nissenbaum’s interpretation, a huge ‘mess’ for both the company and the users. In the LinkedIn data breach, an archive of 500 million users was leaked and those profiles were displayed on a popular hacker forum for sale (Cybernews, 2023). As a consequence, the user data is not safe with the websites and privacy is being violated to some extent. Users are getting more used to the current form of socialisation depending on data. Data breaches and misuse of data are introducing compromised consumer privacy and bringing a different level of stress to consumers (Labrecque et al., 2021). Here, the term ‘compromised consumer privacy’ refers to the extent to which the users are neglecting the importance of privacy in exchange for their needs for social exchange. Data breach on a website promotes blatant criminality of the offenders as they expose or exploit sensible personal information (Cross et al., 2021). Thus, the users become the primary victims of data breaches that affect the user information of names, professions, bank details, etc. that hamper privacy on a large scale. LinkedIn provide a virtual space to communicate and socialise with professionals from different industries. The website works as a professional community where people seek a job or learn about different industries through communication. But have you heard about the allegation and denial game of the LinkedIn 2021 data breach? Wait and let me tell that story to you! The reports of a ‘proven true’ LinkedIn data breach where 92% of users were exposed and their credentials including phone numbers, physical addresses, geolocation data, email addresses, inferred salary, password, etc. were set for sale on the dark web (Marks, 2021). Dark Web is an illegal form of the World Wide Web that carries out illegal online activities by anonymous users (CEOP, n.d.). Coming back to the story, LinkedIn denied the allegation of the data breach and reported that no private information of the LinkedIn users was exposed; rather than those data were collected from other websites (Mathews, 2021). Can you believe it? Moreover, do you know where the allegation and denial game lies? A Statista report confirmed the high rate of data breaches on LinkedIn with the breach of 700 million users, holding the 6th position in the domain of data breaches after data breaches of Cam4, Yahoo, Aadhaar, First American Financial Corporation, and Verifications.io (Petrosyan, 2022). Later, LinkedIn tried to create awareness among the users to maintain their privacy to prevent a data breach from the user end. In a blog post ‘8 Most Common Causes of Data Breach’, the mistakes by the users to contribute in the data breach were mentioned. The post referred to the mistakes of the user as ‘Human Error’ that include weak passwords and sharing them, not patching up the hardware and software timely, accessing random websites without checking their authenticity, sharing a lot of permission with the website, and not checking the recent configuration of the website (Coker, 2021). Although, LinkedIn informed about maintaining privacy from the perspective of users had a point which was to educate the users about the data breach and its preventive steps. But, it is also the responsibility of each website to provide a safe environment to the users minimising security vulnerabilities. The rise of digital platforms has been a blessing for humans and following our safety, we must follow three components of digital privacy. We must be concerned about the violation of privacy and take necessary steps whenever emergencies occur. We must be confident in our ability to protect privacy through learning the functionalities of different hardware and software to protect our privacy. Additionally, we must believe that there is no privacy in the digital world and data might get stolen at any moment and this idea will restrict us from sharing any credentials randomly.
Figure 1 Source: Statista
‘Contextual Integrity’: An Advanced Approach to Privacy
Governing Regulations for Data Privacy
The right to privacy is a form of freedom from arbitrary invasion by a third party. Do you know the right to privacy started in 1948 with the introduction of the Universal Declaration of Human Rights (UDHR) by the United General Assembly in Paris? The statement of article 12 of UDHR was “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks” (United Nations, n.d.). The article emphasized human practice for safety and security by following the norms of privacy. But privacy back then and privacy now are two different topics altogether due to the rise of digital media and technologies. Thus, the context, meaning, and practices of privacy have been changed. The rise of data has given birth to the rise of fraudulent activities such as data breaches, cybercrimes, the rise of the dark web, etc. Hence, to secure the privacy of users and reduce the threats to the fundamental human rights of privacy, different countries have taken initiatives to protect user data. To govern privacy, Europe has introduced a set of comprehensive laws, known as the ‘General Data Protection Regulation”, the Personal Information Protection Law (PIPL) of China, the Privacy Act of Australia, etc. The GDPR covers a set of principles both for the users and the service providers to be accountable for their actions and seek consent from the users (GDPR.EU, 2023). Alternately, China’s privacy law, PIPL is revolving around only data protection and not human rights as the digital economy of China is massive and mass data is used. Thus, China’s privacy law must focus on data protection rather than protecting human rights. Looking at Australian privacy rights focuses on a wide range of policies such as handling sensitive information of users after taking written or verbally expressed consent, direct approach to gathering personal information of the users, and not giving access to the user data to a third party for direct marketing activities (OAIC, n.d.a). Thus, the privacy policies of different nations differ from each other and protect the digital environment of digital culture.
Data Privacy Laws vs Effectiveness
Looking into reality, the effectiveness of data protection laws is questionable. If the slogan “data is the new oil” is the new mindset of the digital economy, then the breach of data can be a disaster for the privacy of our so-called digital society. Neto et al. (2021) showed the records of the data breach that went to 22 billion from 4 billion within one year. This hike in the invasion of users’ privacy can be viewed as the irresponsibility of strong regulatory bodies across the world. From the context of Australian companies like Optus, Canva, Medibank, etc., these brands became major victims of disastrous data breaches. If the data protection law regulations are so efficient and well-designed, then what is the problem with that? The reason can be linked with the “Contextual Integrity” theory as it contextualizes the alignment of the evolution of technology and privacy policies. It infers that the reliability of pre-existing laws must be revised to protect user privacy and make the digital environment a safe place. “The Consumer Data Rights” act is designed to empower consumers by giving them choice and control over data (OAIC, n.d.b). Therefore, the laws must be improvised with the revolution of technology to follow the fundamental human right of privacy more effectively.
Figure 2 Source: The Guardian
So, now you know that websites are not safe places for users to socialise. You also know the reason, right? Still, I am repeating it once more! Websites often experience a major data breach of collected user data that violates privacy policies. LinkedIn has gathered the personal information of users and the controversy in the data breach of LinkedIn has created challenges for the users. It is our responsibility to maintain privacy in the digital era by following digital privacy regulations. The value of “Contextual Integrity” can be found in rectifying existing policies for a better arrangement of privacy policies. Moreover, the government of different countries has taken initiative to value fundamental human rights by protecting the privacy of user data. Although, the lack of improvisation of existing laws can be the primary reason for the data breach. Therefore, each law of data protection should be analysed in the context of the contemporary situation to protect privacy more efficiently.
Brandies, L., & Warren, S. (1890). The right to privacy. Harvard law review, 4(5), 193-220.
Braue, D. (2021). The LinkedIn data breach that wasn’t. Information Age. https://ia.acs.org.au/article/2021/the-linkedin-data-breach-that-wasn-t.html
CEOP. (n.d.). The Dark Web: what is it and why do people use it?. https://www.thinkuknow.co.uk/professionals/our-views/the-dark-web
Coker, M. (2021). 8 Most Common Causes of Data Breach. LinkedIn. https://www.linkedin.com/pulse/8-most-common-causes-data-breach-matthew-coker/
Cross, C., Parker, M., & Sansom, D. (2019). Media discourses surrounding ‘non-ideal’victims: The case of the Ashley Madison data breach. International Review of Victimology, 25(1), 53-69. DOI: 10.1177/0269758017752410
Cybernews. (2023). Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof. https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/
GDPR.EU. (2023). What is GDPR, the EU’s new data protection law?. https://gdpr.eu/what-is-gdpr/
Joshi, D. (2020). Privacy Theory 101: Privacy as Contextual Integrity. CENTRE FOR LAW & POLICY RESEARCH. https://clpr.org.in/blog/privacy-theory-101-privacy-as-contextual-integrity/
Labrecque, L. I., Markos, E., Swani, K., & Peña, P. (2021). When data security goes wrong: Examining the impact of stress, social contract violation, and data type on consumer coping responses following a data breach. Journal of Business Research, 135, 559-571. https://doi.org/10.1016/j.jbusres.2021.06.054
Marks, G. (2021). A LinkedIn ‘Breach’ Exposes 92% Of Users—And Other Small Business Tech News. Forbes. https://www.forbes.com/sites/quickerbettertech/2021/07/05/a-linkedin-breach-exposes-92-of-usersand-other-small-business-tech-news/?sh=2ed9f5465b33
Mathews, L. (2021). Details On 700 Million LinkedIn Users For Sale On Notorious Hacking Forum. Forbes. https://www.forbes.com/sites/leemathews/2021/06/29/details-on-700-million-linkedin-users-for-sale-on-notorious-hacking-forum/?sh=45f1728934a4
Neto, N. N., Madnick, S., Paula, A. M. G. D., & Borges, N. M. (2021). Developing a global data breach database and the challenges encountered. Journal of Data and Information Quality (JDIQ), 13(1), 1-33.
Nissenbaum, H. Critical Survey of Predominant Approaches to Privacy. Privacy in Context: Technology, Policy, and the Integrity of Social Life (pp. 67-103). Stanford University Press.
OAIC. (n.d.a). Use and disclosure of personal information. https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/use-and-disclosure-of-personal-information
OAIC. (n.d.b). Consumer Data Right. https://www.oaic.gov.au/consumer-data-right
O’Neill, E. (2022). Contextual integrity as a general conceptual tool for evaluating technological change. Philosophy & Technology, 35(3).
Petrosyan, A. (2022). Cyber crime: all-time biggest online data breaches 2022. Statista. https://www.statista.com/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
United Nations. (n.d). Universal Declaration of Human Rights. https://www.un.org/en/about-us/universal-declaration-of-human-rights