Imagine that your online behavior is recorded throughout the day, would you still want to use the Internet? Some might answer: No!
In a survey conducted by the Australian Government in 2017, the results of a survey with Australians on privacy showed that Australians care a lot about privacy, especially online privacy (69%). The results of the survey by Aleis & Renaud (2017) showed that many participants said that “the internet makes life easier “access to everything”, “easier” and even “my privacy may be invaded, but I love it”. So what exactly is privacy? Warren and Brandeis (1890) first recognized the right of individuals to be “left alone” and to control information about their personalities. Nissenbaum (2010) noted that privacy involves denying others access to your information and the right to control how it is collected and used. Simply put, your personal information you can decide what to do with it, who can access it, and how it is regulated. Now, privacy is a complex concept that includes freedom from surveillance, home isolation, freedom from reputation protection, freedom from search and investigation, home isolation, etc (Solove, 2010).
However, do we really have the right to decide how our information is processed and collected?
Information breach scandal
The user data of 133 million Facebook users was found on a server that included the user’s unique Facebook ID, a unique number that can be used to associate and identify a user’s account, and that could be accessed by everyone without a password (Whittaker, 2019). Someone successfully matched the leaked user’s phone number with the ID, proving the authenticity of the breached data. In response to the scandal, a Facebook spokesperson stated that it was a system vulnerability that has been fixed. However, in 2021, Facebook was again mired in the same data breach scandal. The personal information of 5.33 million Facebook users was made public for free in a hacking forum (Holmes, 2021). This time the users’ data leak was more private and included a full range of personal information such as phone numbers, Facebook ID, names, birthdays, establishment, and even email addresses (Holmes, 2021).
If it is a common operation for platforms to collect user data in violation of the law. Have you ever thought that platforms can even modify your information outside of the platform? 2021 One user reported that his photos saved in an album were deleted by Douban for no reason, and he needed to manually recover them himself in the recycle bin (Fang, 2021). Douban is a social media platform in China that mainly provides users with a platform to discuss and share about books, movies, music, and so on. According to the analysis, Douban requires users to provide the platform with permission to read SD card contents and delete and modify contents in the SD card when downloading, and Douban is believed to have deleted users’ personal albums through this permission. Once the incident came out, many users said that not only Douban, but also the same behavior of secretly deleting users’ pictures had happened in other platforms.
Users’ personal privacy is exposed, misused, and even collected continuously without knowing when, users have no right to check these actions Even this situation is getting worse, according to the “2022 Data Self-Check Leak Analysis Report” released by Threat Hunter 2022 was exposed to more than 3,200 data leaks, nearly double the number of leaks in 2021, the leak industry involved in finance, e-commerce, logistics and so on.
Why are so many companies happy to step on the red line of the law even though they know that excessive collection of user privacy is against the law? The reason is big data, and in the era of big data, user data means profit.
Big Data refers to a large or complex data set that cannot be handled by traditional data processing applications, or simply a complex and large data set. Its main characteristics are 4V, Volume, Velocity, Variety, Value.
- Voulume: Obviously, it literally means a large amount, a huge volume of data, from terabytes (1024G) to ZB (10 billion terabytes).
- Velocity: The speed of data processing, the “1 second law” of big data, means that the data should be analyzed within seconds, otherwise it will lose its value.
- Variety: refers to the complexity of data types, including the text, video, audio and every move we read online everyday are recorded and analyzed by big data.
- Value: The high negotiable value of the data
Closer to our daily lives, when we refer to Big Data, we are referring more to the technology to quickly obtain and analyze valuable information. That’s why privacy and big data are inextricably linked. A common feature: guess your like, we often see it on many platforms. For example, if we look for or randomly browse products on a shopping platform, we may soon see many products that we have seen or related to under the “Guess You Like”. Even the ad space in other platforms will repeatedly pop up similar shopping ad recommendations. The precision and speed of ad delivery makes we think about how our information is known?
To govern the excessive prying and use of user data, the Data Security Law of the People’s Republic of China 2021 (2021 DSL) went into effect in June 2021, and platforms have updated their user agreements and privacy terms.
According to a survey conducted in 2021 by a joint research group of Guangming Daily and Wuhan University, they surveyed 1,036 users and found that 77.8% of users said they “rarely or never” read the privacy agreement, and that users generally do not pay much attention to the privacy agreement with the platform.
One study showed that a typical U.S. Internet user spends 244 hours a day reading the privacy policies of all websites (McDonald & Cranor, 2008 as cited by Ketchell, 2017). This statistic is still from the time in 2008 when smartphones were not as developed and not as many dazzling apps were invented as today, and reading privacy terms was already so difficult.
- Agree to continue, disagree to “byebye” if you want to use the platform, you can only choose to agree to all policies required by the platform.
A counterattack to protect privacy
On April 26, 2021, Apple launched its ATT policy (App Tracking Transparency), announcing that after users update iOS 14.5, a pop-up window will appear when users open an app asking “allow the app” to track your activity across other companies’ apps and websites? (Wamsley, 2021). Data show that 62% of users chose “Ask APP Not to Track” when they saw this pop-up (Leswing, 2021).
In addition, within the framework of the ATT policy, apple will turn off the Advertising Identifier (IDFA), which is the AD identifier that apple provides to track users and is the only way that apple officially allows ads to access user information so that they can use it to track data so that they can serve customized ads. In other words, when apple this policy is released, advertisers, even if they grab to the user’s data, can not get the user’s IDFA to locate specific users to place ads, which greatly reduces the accuracy of placing ads to users. This feature gives users a great deal of knowledge and control over how their personal data is handled.
European Union – GDPR
On April 14, 2016, the EU adopted the EU General Data Protection Regulation, which was officially implemented on May 25, 2018 to replace the EU Data Protection Directive issued in 1995. The main changes are:
- Expanded the scope of the trial: from within the EU to apply to data controllers and processors within the EU, as long as the data involves the EU territory are subject to the regulation of this provision.
- Increased powers: giving users, in addition to their original rights, seven rights: the right to data portability, the right to be forgotten, the right to restrict data processing, the right to be informed, the right to access, the right to rectification, and the right to refuse.
- Increased penalties: The GDPR increases the penalty criteria, which can be as high as €20 million or 4% of global revenues for the previous fiscal year if a major breach is determined to have occurred over time.
- Permission conditions: the company needs the user to make a clear and affirmative action in a free situation before the personal information of the cell phone, otherwise it can have the right to withdraw the consent.
China – PIPL
China’s Personal Information Protection Law (PIPL) officially takes effect on November 1, 2021, and the PIPL will form one of the three basic laws designed to protect data within China, along with the Data Security Law and the Cybersecurity Law(Blesch,2023). It provides detailed explanations and instructions on types of personal data, how information is handled, handling of situations outside of China, privacy rights, departure of personal information, entrusting units to handle information, obligations, penalties, etc.
Australian – Privacy Act
Australia enacted the Privacy Act in 1988, which governs the way personal information is stored, used and disclosed by cell phones, and on November 28, 2022, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 was passed. The Bill was passed on November 28, 2022. The regulation has significantly increased the penalty for privacy violations, from a maximum fine of A$2.22 million to the higher of A$50 million or three times the profit made from the infringement of personal information or 30% of the turnover during the relevant period.
Users’ personal privacy and digital rights are receiving serious persecution and in a silent situation, it is difficult for users to understand the extent of privacy violations and to protect their personal rights, but more and more company policies and legal provisions are constantly improving and protecting users’ personal information, the road to personal privacy protection still requires long-term efforts of many parties.
Aleisa, N., & Renaud, K. (2017). Yes, I know this IOT device might invade my privacy, but I love it anyway! A study of Saudi Arabian perceptions. Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security. https://doi.org/10.5220/0006233701980205
Blesch, W. (2023, February 18). China’s draft Personal information protection law (PIPL). TermsFeed. Retrieved April 14, 2023, from https://www.termsfeed.com/blog/pipl/#Information_Processing
Data Security Law of the People’s Republic of China. The National People’s Congress of the. People’s Republic of China. (n.d.). Retrieved April 14, 2023, from http://www.npc.gov.cn/englishnpc/c23934/202112/1abd8829788946ecab270e469b13c39c.shtml
Fang, S. (2021, October 27). Douban App delete the user’s cell phone album pictures? The response said it can not read, is investigating. Retrieved April 16, 2023, from https://new.qq.com/rain/a/20211027A08M6F00
Holmes, A. (2021, April 4). 533 million facebook users’ phone numbers and personal data have been leaked online. Business Insider. Retrieved April 6, 2023, from https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
Joint Research Group of Guangming Daily and Wuhan University. (2021, August 19). A ” certificate of rights” for security or a “free door” for stealing information. . Retrieved April 12, 2023, from https://epaper.gmw.cn/gmrb/html/2021-08/19/nw.D110000gmrb_20210819_1-07.htm
Ketchell , M. (2022, September 13). Nobody reads privacy policies – here’s how to fix that. The Conversation. Retrieved April 13, 2023, from https://theconversation.com/nobody-reads-privacy-policies-heres-how-to-fix-that-81932
Leswing, K. (2021, November 13). Apple’s ad privacy change impact shows the power it wields over other industries. CNBC. Retrieved April 13, 2023, from https://www.cnbc.com/2021/11/13/apples-privacy-changes-show-the-power-it-holds-over-other-industries.html
Nissenbaum, H. F. (2010). Privacy in context: Technology, policy, and the integrity of Social Life. Stanford law Books.
Oaic. (2017). Australian community attitudes to privacy survey 2017. OAIC. Retrieved April 8, 2023, from https://www.oaic.gov.au/engage-with-us/research-and-training-resources/research/australian-community-attitudes-to-privacy-survey/australian-community-attitudes-to-privacy-survey-2023
Oaic. Privacy legislation amendment (enforcement and other measures) act 2022. Retrieved April 14, 2023, from https://www.legislation.gov.au/Details/C2022A00083
Solove, D. J. (2010). Understanding privacy. Harvard University Press.
The person in charge of Cyberspace Administration of China (CAC) answered reporters’ questions on the decision to make administrative penalties related to network security review in accordance with the law for DIDI Global Co Ltd – Office of the Central Cyberspace Affairs Commission (2021, July 21)..Cyberspace Administration of China.Retrieved April 7, 2023, from http://www.cac.gov.cn/2022-07/21/c_1660021534364976.htm
Threat Hunter Releases 2022 Data Asset Breach Analysis Report (2023, March 6). Retrieved April 12, 2023, from http://www.anquan419.com/news/18/1918.html
Wamsley, L. (2021, April 26). Apple rolls out major new privacy protections for iPhones and iPads. NPR. Retrieved April 10, 2023, from https://www.npr.org/2021/04/26/990943261/apple-rolls-out-major-new-privacy-protections-for-iphones-and-ipads
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220. https://doi.org/10.2307/1321160
What is GDPR, the EU’s new Data Protection Law? GDPR.eu. (2022, May 26). Retrieved April 15, 2023, from https://gdpr.eu/what-is-gdpr/
Whittaker, Z. (2019, September 5). A huge database of Facebook users’ phone numbers found online. TechCrunch. Retrieved April 5, 2023, from https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/