Have you ever scanned a QR code you do not familiar with? Have you always registered accounts on different websites? Have you ever found when your location is always actively on different applications?
QR code – convenient but not safe
In this world of rapid development of technology, electronic devices especially mobile phones become a necessity for every person. However, as people use mobile phones more frequently, more and more personal information is saved in them. Once mobile phones are lost, it is very likely that privacy will also be leaked. Of course, the functions of mobile phones have become more and more intelligent, and people can set passwords to prevent mobile phones from being opened too easily. But it cannot prevent people’s unconscious actions from leaking their privacy. I believe that everyone is familiar with QR codes, and there are many places where QR codes are needed in our daily life. Especially in China, during covid-19, in order to minimise physical interactions, almost any daily needs of a person can be done by a mobile phone. You can scan the payment code when paying for shopping, scan the QR code when paying for parking, and scan the QR code when registering information for nucleic acid. QR codes have become ubiquitous thing. However, as China opened up and the covid-19 period ended, people do not decrease the use of QR codes because it is so convenient. At this time, a big problem of leaking privacy appears.
The NSW government once because using the QR code to register information, causing data leakage. Some locations of sensitive organisations were revealed, including defence sites and domestic violence shelters (Tonkin, 2022). In China, there was a new report that a young man scan a QR code sent from his net friend. Unexpectedly, after scanning the QR code, his net friend said that the Trojan virus had been implanted into his mobile phone, and also sent photos in his mobile phone to prove, also using this to racketeer him.
There is much other news like this, but not only scanning these QR codes with viruses will leak privacy. Back in 2018, WeChat Pay launched the function of scanning code payment for parking automatically. “This artificial intelligence-based system has been rolled out across more than 1,000 car parks nationwide.” in 2018 China (Chen, 2018). It seems would be a very convenient function which helps people save time and also reduce the phenomenon of queuing for paying parking fees. However, as more and more car parks have opened the function of scanning QR codes to pay parking fees, consumers need to scan a new QR code every time when they go to a new place. Shopping malls are often the places where parking fees are most frequently required. I tested two shopping malls near me and their car parking fee-paying system. After scanning the QR codes, they both do not directly enter a payment interface but enter the mini program in the WeChat of the mall themselves. Then, they will ask for using your location or accepting to use your information. Every step of this is collecting your personal information.
Source: screenshot from WeChat mini program
Compared with some Western countries, their parking payment system seems to be safer but not as convenient as scanning a QR code. People should use VISA or MasterCard to pay which means they should carry their card with them, but as the mobile phone has more functions, people can also add bank cards to their phone wallet and use the NFC function to pay parking fees directly through mobile phones. In the UK, Hull’s Princes Quay car park used a QR code car parking payment (Lucas, 2021). I believe that in the future, this way will be more and more general because it decreases a large number of costs than other payment methods. So, the both scientific and technical corporation and costumers need to protect data and personal privacy.
Other actions that may reveal privacy (debatable)
After discussing QR codes will leak privacy, there are still many actions that accidentally leak privacy in our daily life. Sometimes you do not even realize it. For example, when you download a new application on your phone and then you open it the first time, it will ask you if you want to activate the GPS function. Some applications which have camera and audio recording functions may ask for acting the camera and microphone. If you do not activate them, you can not use the function completely of this application, but if you activate them, the application may monitor via your camera and microphone. It is actually a paradox, if you choose to use this application, it means you should put yourself into an environment where your privacy might be leaked. The other thing is that when you use some online shopping applications, like Amazon and Taobao. You will find that there is a function called “guess what you are looking for”, this function is collecting data based on what you buy and search on this application, some even collecting data when you search products on other applications or just mention some products when talking with your friends, related products will also be recommended to you when using the application. It seems very weird. Similarly, TikTok – a popular short video application all over the world, the short videos that you browse on your homepage are all pushed by collecting your data and combining the popularity of big data. Your preferences and what things you are more interested in will be captured by TikTok.
So, should these applications collect users’ data? When users first download the software, it will ask users to read a service agreement and click the accept then can use the software. I believe that few people can read every fine print of these software’s service agreements, most people just accept it. LePan (2021) in his article researches how long should users spend to read the terms of service agreements, it includes 21 popular online services, and it can be seen that the least one for reading is Instagram, it takes about 10 minutes to read, while the longest is Microsoft, it takes more than an hour to read. In today’s busy world, it is very difficult to take such a long time to read, but these service agreements stated how users’ information will be collected and used. So most applications are allowed to collect users’ data. How to regulate these platforms and how to protect our privacy becomes more and more important.
Source: Visual Capitalist
Regulation and Protection
In Digital Rights in Australia, Chapter 4 Government data matching and surveillance among authors’ core finding, one of these says: “Nearly half of our respondents were concerned about government violating their privacy”(Goggin et al., 2017, p.21). In another article Understanding Privacy at the Margins, Marwick and boyd (2018, p.1158) interviewed and observed countless young adults and teenagers, they found that when they choose to participate in social media and engage in online activities, they are knowing full well that their data and privacy information are being collected, “their actions are being monitored, and their online experiences are being algorithmically generated and personalize”. In Regulating Platforms, Terry Flew (2021, p.75) writes that “concerns about the potential for the loss of personal privacy online have been among the issues most frequently raised about the internet and digital media”. Thus it can be seen that platform regulation and how to protect users’ online privacy both become heated discussion questions. Different countries have their own methods and laws for regulation in this digital age. In Europe, they have General Data Protection Regulation (GDPR), which is “the toughest privacy and security law in the world”. If people decide to process data, they must follow the seven protection and accountability principles. They include the data that should be used legally and transparently, you must have a specific purpose for using these data. You must collect and use the data you absolutely necessary and use its accuracy. Personal identifying data should only be stored for as long as you use it and security, integrity and confidentiality must be guaranteed when processing data. People who use the data should take responsibility for the GDPR. (Wolford, 2022) If people violate the regulation, the fine will be a large number. For example, the famous Facebook and Cambridge Analytica data scandal. Cambridge Analytica collected millions of Facebook users’ data for political advertising without users’ consent. In 2018, the UK fines Facebook £500,000 because of the scandal. In a report, an information commissioner said that these contraventions were very serious, so they “imposed the maximum penalty under the previous legislation” and “the find would inevitably have been significantly higher under the GDPR”.(Waterson, 2018) Facebook has been fined hundreds of millions of dollars since the scandal for more than a decade and at the end of last year, BBC reported that Meta settles the Cambridge Analytica scandal case for 725 million dollars (McCallum, 2022). Europe has GDPR, so what do China and Australia have?
On 2021, November 1, The China Personal Information Protect Law (PIPL) came into force and it is the new data privacy law in China. It “targets personal information protection and addresses the problems with personal data leakage”(The China Personal Information Protection Law, n.d.). Similarly, PIPL will also have a large number of fines for violation of the regulation. But it is still in progress. In Australia, the Privacy Act is being used. It stipulates that Australia Government agencies and organisations with an annual income over $3 million have responsibilities under the Privacy Act. State or territory government agencies, public schools and some small business operations do not have responsibilities under the Privacy Act (OAIC, 2023). It seems more flexible than the GDPR and PIPL. To a certain extent, the Privacy Act is more humanised because it can restrict big companies to follow the regulation but at the same time can give some small business operations to develop. Of course, it is not ruled out that some people will take the opportunity to intentionally break the regulation. These regulations all have pros and cons, so they still need to be perfected.
Except for the regulation and laws from nations, what should users do to protect their privacy? First, when we share online, we should take care of using the GPS function and pay attention to what we post, especially photos because sometimes we may find, there is personal information in our selfies or sharing photos. Second, it is better to turn off the GPS function on your phones and tighten privacy settings for online accounts. Third, when you set a password for different accounts, it is better to avoid setting them as same as some important accounts, like bank card passwords. Last, do not connect to unfamiliar WiFi in public areas because the WiFi has low-security factors. It is very easy to leak privacy. (Masjedi, 2023) In conclusion, protecting users’ privacy online not only needs government regulation but also needs us to make efforts.
ATXN, City of Austin. (2009, November 17). Parking Pay Station [Video]. YouTube. https://www.youtube.com/watch?v=3o5zulc10Vo
Chen, C. (2018, December 20). WeChat Pay launches auto scan-and-pay for parking in China’s shopping malls. South China Morning Post. https://www.scmp.com/tech/apps-social/article/2178772/wechat-pay-launches-auto-scan-and-pay-parking-chinas-shopping-malls
Flew, T. (2021). Regulating platforms. Polity Press.
Goggin, G., Vromen, A., Weatherall, K., Martin, F., Adele, W., Sunman, L., & Bailo, F. (2017). Digital Rights in Australia.
LePan, N. (2021, January 25). Visualizing the Length of the Fine Print, for 14 Popular Apps. Visual Capitalist. https://www.visualcapitalist.com/terms-of-service-visualizing-the-length-of-internet-agreements/
Lucas, H. (2021, October 19). Princes Quay car park ditches barriers and switches to digital payment methods. HullLive. https://www.hulldailymail.co.uk/news/hull-east-yorkshire-news/hulls-princes-quay-car-park-6081609
Marwick, A. E., & boyd, D. (2018). Understanding Privacy at the Margins: Introduction. International Journal of Communication (Online), 1157–1165. https://link-gale-com.ezproxy.library.sydney.edu.au/apps/doc/A561120196/AONE?u=usyd&sid=bookmark-AONE&xid=3df64beb
Masjedi, Y (2023. February 4). How to Protect Your Privacy Online. https://www.aura.com/learn/how-to-protect-your-privacy-online
McCallum, S. (2022, December 23). Meta settles Cambridge Analytica scandal case for $725m. BBC News. https://www.bbc.com/news/technology-64075067
OAIC. (2023, March 23). Rights and responsibilities. OAIC. https://www.oaic.gov.au/privacy/privacy-legislation/the-privacy-act/rights-and-responsibilities
The China Personal Information Protection Law (PIPL). (n.d.). Deloitte China. https://www2.deloitte.com/cn/en/pages/risk/articles/personal-information-protection-law.html
Tonkin, C. (2022, February 17). NSW leaks QR code check-in data. Information Age. https://ia.acs.org.au/article/2022/nsw-leaks-qr-code-check-in-data.html
Waterson, J. (2018, October 25). UK fines Facebook £500,000 for failing to protect user data. The Guardian. https://www.theguardian.com/technology/2018/oct/25/facebook-fined-uk-privacy-access-user-data-cambridge-analytica
Wolford, B. (2022). What is GDPR, the EU’s new data protection law? GDPR.eu. https://gdpr.eu/what-is-gdpr/
Do you know these actions are actually revealing your privacy gradually? by Wenyi He is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.