In February 2021, Facebook settled a case filed in 2015 granting a total of $650 million to more than 1.5 million of its users (Lyons, 2021). Said case which turned into a class action lawsuit in 2018 could possibly grant each affected Facebook user at least $345 should they participate. The law in question is the Illinois Biometric Information Privacy Act requiring companies to get permission before collecting and using people’s biometric data, such as their digital “fingerprints” and “faceprints.” Users sued Facebook for its illegal use of photo tags and other biometric data for targeted ads and other purposes without their approval. Facebook later made facial recognition on the platform an opt-in only feature.
This case is one of the most visible examples of growing concern about digital privacy in recent years (Lipton, 2022). During the worldwide COVID-19 epidemic, suspicions of political meddling, racial injustice, and identity theft have brought personal privacy issues to the public’s awareness. For the first time since the beginning of the digital era, legislators are taking the need for comprehensive privacy laws more seriously. However, passing and enforcing such policy reforms are fraught with technological and political difficulties.
Privacy in today’s Digital Society
Fundamental to sufficiently securing our rights in different scenarios, we must understand what it is we are protecting — the nature of privacy as a digital right and the contexts of its application.
Privacy is a defining problem in today’s digital society where technologies affect every part of our lives, both as private citizens, consumers, and global netizens. The breadth of what privacy means has massively grown from the argument that privacy is the right to be left alone (Warren & Brandeis, 1890) or the concept of privacy as the selective restriction of access to oneself or one’s group (Altman, 1976). It now includes the integrity and safety of personal information across platforms/channels/contexts, the right to decide how personal data are used at various stages (Malhotra et al., 2004), and the ability to trade personal information for customized value offerings from marketers (Kraft et al., 2017). Indeed, privacy is definitely a complex and multi-faceted concept, the nature and value of which can be viewed from several unique perspectives.
As a human right, privacy is considered an essential aspect of human dignity and autonomy (UN, 1948) and that individuals have the right to control their personal information and to make decisions about how and when that information is shared. This includes the right to be free from surveillance, the right to limit access to personal information, and the right to maintain confidentiality in personal relationships. This right is inherent and inalienable, neither to be taken away from or given away by the possessor. Thus, privacy is not something that an individual can trade-off or monetize capriciously or even intentionally. While universal, the right to privacy is not absolute and is anchored on certain social and legal settings. (Flew, 2021).
As a legal right, privacy is recognized and protected by various national and international laws. In the United States, privacy is protected by several laws that prohibit unreasonable searches and seizures (Fourth Amendment | United States Constitution, n.d.), as well as additional protections for personal information (The Privacy Act of 1974; Electronic Communications Privacy Act of 1986).
Internationally, the European Union’s General Data Protection Regulation (GDPR) which provides a comprehensive framework for protecting personal data and privacy gives individuals the right to access and control their personal data, the right to be forgotten, and the right to have their data transferred to another entity (What Is GDPR, the EU’s New Data Protection Law? – GDPR.eu, 2018).
As a normative right, privacy is a social value that is recognized and upheld by societal norms and expectations even within digital environments where interpersonal ties are encouraged. Clearly, the ability of online environments such as social networking sites (SNS) to link individuals has always been a cornerstone of their design (boyd & Ellison, 2007) and laying out normative ideals are as important as detecting and preventing undesirable consequences (Masullo et al., 2022). Privacy in such platforms recognizes that individuals have a right to control their personal information and to limit access to that information. However, norms around privacy are shaped by cultural and social factors and may vary across different contexts and communities.
From a more pragmatic perspective, the scope of what falls within the confines of privacy can vary based on different contexts and respective sensitivities: technology platform or system, sector or industry, business model/practice, social domain, and the degree of intimacy of relationships (Nissenbaum, 2018).
As netizens, the right to privacy is one of our basic digital rights, in addition to free speech and access to information. Despite being a fundamental right protected by laws and upheld by society, privacy faces constant threat in the digital age. With the proliferation of connected devices and the increasing amount of data being generated and shared, the risks to our privacy are greater than ever before. Recent news reports about data privacy breaches and violations serve as a stark reminder of the dangers that we face.
Threats to Online Privacy: Knowing the E-nemy
Awareness of our vulnerabilities and the various threats and tactics that our “e-nemies” may launch would be instrumental in an effective defense against invasion of our privacy. We must get better acquainted with our attackers and the harm they can do within the current state of our digital environment with its affordances and limitations.
Data Collection. One of the biggest threats to privacy is the massive amount of data that is collected by tech companies and governments. Every time we use the internet, our data is being collected, from our search history to our location data. This data is often used for targeted advertising, but it can also be used to monitor our behavior and track our movements.
Data Breaches. Data breaches can also compromise our privacy. When companies store our personal data, they have a responsibility to keep it secure. However, when hackers gain access to these databases, they can steal our personal information, such as our names, addresses, and credit card details. This can lead to identity theft and financial loss.
The Equifax breach of 2017
Equifax is one of the largest credit reporting agencies in the United States, and the breach compromised the personal data of over 147 million Americans (Fruhlinger, 2020). The data included names, addresses, dates of birth, social security numbers, and credit card information. The breach occurred when hackers exploited a vulnerability in Equifax’s web application software. The vulnerability was a known issue, but Equifax failed to patch it, leaving the door open for the hackers. Equifax did not detect the breach for over two months, and by the time they did, the hackers had already stolen a massive amount of data.
The Equifax breach had significant implications for privacy and cybersecurity. The personal data that was stolen could be used for identity theft, fraud, and other malicious activities. The breach also raised questions about the responsibility of companies to protect personal data and the accountability of credit reporting agencies.
The Equifax breach was not an isolated incident. In recent years, there have been numerous data privacy breaches and violations that have put personal data at risk. These breaches have occurred in a range of sectors, from healthcare to social media.
Surveillance. Governments around the world are increasingly using surveillance technologies to monitor their citizens. This includes things like CCTV cameras, facial recognition technology, and data retention laws. While some argue that these measures are necessary for national security, they can also be used to violate our privacy and civil liberties.
Social Media. Social media platforms have become an integral part of our lives, but they also present a threat to our privacy. These platforms collect vast amounts of personal data, which can be used to target us with ads and manipulate our behavior. They can also be used to spread disinformation and to track our movements and interactions with others.
Facebook-Cambridge Analytica Scandal of 2018
Cambridge Analytica was a political consulting firm that worked on the 2016 US Presidential election campaign. The company used data harvested from Facebook to target political ads to individual users based on their interests and preferences (Flew, 2018).
The data was collected through a quiz app that was developed by a researcher at Cambridge University. The app collected not only the data of the user but also the data of their friends, without their consent. This allowed Cambridge Analytica to collect data on millions of users without their knowledge.
The scandal led to calls for greater regulation of social media companies and increased transparency about their data collection practices. It also highlighted the potential for data to be misused for political purposes and the need for greater awareness of the risks of data sharing.
Internet of Things. The Internet of Things (IoT) refers to the growing number of connected devices in our homes and workplaces. These devices, such as smart speakers and home security systems, collect data about us and our surroundings. While they can make our lives more convenient, they also present a risk to our privacy. Notice how our feeds somewhat magically contain ads or links about something we mentioned during a casual conversation or typed in during a quick online search.
Voice-Based Digital Assistants
Alexa, Siri, and Google Assistants are examples of voice-based digital assistants (VBDA) that are ubiquitously invading our living spaces. While they acquire a massive amount of personal information in order to deliver a tailored user experience, they also raise severe privacy concerns about the collection, use, and storage of users’ personal data (Vimalkumar et al., 2021).
VBDAs, powered by cutting-edge AI technologies, have emerged as a significant trend in consumer electronics goods in recent years (Kowalski, 2020). The conversational interface is one of the most fundamental advantages of a digital assistant. Natural language interaction is more intuitive and easy to use than hand-keypad input-based online and mobile interfaces (Zhong & Yang, 2018). Though they were designed to be a voice-based, AI-driven, interactive feature that would allow consumers to use their smartphones in new ways, digital assistants such as Siri, Alexa, and Google Assistant are now being integrated into consumer devices such as speakers, vehicles, TVs, and wearables (Fowler, 2018).
Shielding our Privacy from Online Threats
Finally, we must figure out what is in our power to do in order to specifically safeguard our privacy and minimize our exposure to potential breaches that could undermine our freedom from interference and intrusion.
In practice, the ability to achieve privacy often requires the privilege to make choices and create structures that make such freedoms possible (Marwick & Boyd, 2018). People claiming to deeply care about privacy fail to act accordingly, referred to as the privacy paradox (Francis and Francis, 2017; cited in Flew, 2021). Since policy reforms and tighter regulations are still far from being passed, moreso enforced, digital citizens must take on a more active stance in safeguarding their own privacy.
A comprehensive survey on privacy issues on social networking sites (SNS) proposes six (6) practical tips on self-protection (Bhattacharya et al., 2022).
Password Strength and Secrecy. Users are often reminded to create strong alphanumeric passwords with special characters, using upper and lower cases combined in various ways. Names, nicknames, dates of birth, and other similar identifying details must be avoided to prevent hackers from guessing the password based on information publicly available on SNS. Keeping one’s password confidential is also crucial as disclosure with even just one other person could result in a potential breach, intentional or not.
Phishing attackers develop a duplicate website that looks just like the genuine website and steal the user’s credentials. As such, double-check the site’s address before log-in. Also, regularly remove viruses and malware from computers and change passwords to avoid risks in case existing credentials are potentially compromised.
Privacy and Security Settings. Every site contains security and privacy options to safeguard the site and its users from security threats. However, 80% of users are unaware of such features and continue engaging online using the default privacy setting which are usually very basic. Investigate the security features offered by the service, taking note when necessary software needs to be installed to enable appropriate features that limit content sharing with others on the platform. Since sites often revise security features with each update, users must regularly check their privacy settings.
Personal Information. A user’s information shared on SNS is not guaranteed to be confidential. According to findings, 94% of users posted private content on the site without adopting appropriate privacy options. Thus, do not share confidential information on the site unless absolutely necessary.
Location Data. Several SNS allow users to communicate their current location through third-party applications. This location data shared by users on social media may be utilized by the site or sold to third-party organizers for profit. GPS location data leakage may expose users to potential assault from adversaries who can exploit this knowledge . For your own safety, avoid disclosing real-time location on the platform to avoid such danger.
Third-party applications. SNS supports a vast number of third-party apps and have no control over such because these are hosted by third parties. The use of such applications will raise privacy and security concerns. When a user installs such apps, their information is shared with these apps, and they have no control over that information. To safeguard your privacy and security, avoid utilizing such applications without prior vetting.
Timely Software Updates. A site constantly revises its functionality with each release. Periodically update your software to ensure that the most recent version is operating, including your gadget’s operating system, web browser, antivirus, and all other software. Always use genuine software and patches to maintain system integrity.
Digital platforms, as well as their user communities, have ample cause to be skeptical about government regulation of online material, particularly regarding privacy. At the same time, a regulating authority with credibility and muscle is necessary. As we have learned from the failures of self-regulation and co-regulation in various fields, the application of rules and principles will be ineffective in the absence of both ethical change on the part of regulated entities and “a fundamental cultural change in the way business values are seen in government, by regulators, in the courts, in the community and in business itself” (Braithwaite, 2013; cited in Flew, 2018). While we aspire for reforms that will radically transform the digital landscape into a safe and nourishing environment, we must take up arms now and protect what we hold sacred away from prying eyes.
- Altman, I. (1976, March). A Conceptual Analysis. Environment and Behavior, 8(1), 7–29. https://doi.org/10.1177/001391657600800102
- Bhattacharya, M., Roy, S., Chattopadhyay, S., Das, A. K., & Shetty, S. (2022, October 17). A comprehensive survey on online social networks security and privacy issues: Threats, machine learning‐based solutions, and open challenges. SECURITY AND PRIVACY, 6(1). https://doi.org/10.1002/spy2.275
- boyd, D. M., & Ellison, N. B. (2007, October). Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication, 13(1), 210–230. https://doi.org/10.1111/j.1083-6101.2007.00393.x
- Confessore, N. (2018, April 4). Cambridge Analytica and Facebook: The Scandal and the Fallout So Far. The New York Times.
- Flew, T. (2018, July). Platforms on Trial. InterMEDIA, 46(2), 24–29.
- Fourth Amendment | United States Constitution. (n.d.). Encyclopedia Britannica. https://www.britannica.com/topic/Fourth-Amendment
- Fowler, G. A. (2018, November 21). I live with Alexa, Google Assistant and Siri. Here’s which one you should pick. The Washington Post. Retrieved April 8, 2023, from https://www.washingtonpost.com/technology/2018/11/21/i-live-with-alexa-google-assistant-siri-heres-which-you-should-pick/
- Fruhlinger, J. (2020, February 13). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO Online. Retrieved April 16, 2023, from https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
- Kowalski, R. (2020, January 10). The Emerging Tech That Is Shaping the Industry. The Emerging Tech That Is Shaping the Industry. Retrieved April 8, 2023, from https://www.ces.tech/articles/2020/the-emerging-tech-that-is-shaping-the-industry.aspx
- Krafft, M., Arden, C. M., & Verhoef, P. C. (2017, August). Permission Marketing and Privacy Concerns — Why Do Customers (Not) Grant Permissions? Journal of Interactive Marketing, 39, 39–54. https://doi.org/10.1016/j.intmar.2017.03.001
- Lipton, J. D. (2022). Our Data, Ourselves: A Personal Guide to Digital Privacy (1st ed.). University of California Press. https://doi.org/10.2307/j.ctv2ks6v2p
- Lyons, K. (2021, February 28). Judge approves $650 million Facebook privacy settlement over facial recognition feature. The Verge.
- Masullo, G. M., Wilner, T., & Stroud, N. J. (2022). What Social Media Could Be: Normative Frameworks for Evaluating Digital Public Spaces. Social Media + Society, 8(4), 1–11. https://doi.org/10.1177/20563051221130447
- Privacy Act of 1974. (2014, June 17). Office of Privacy and Civil Liberties | Privacy Act of 1974. https://www.justice.gov/opcl/privacy-act-1974
- Scarpi, D., Pizzi, G., & Matta, S. (2022, May 31). Digital technologies and privacy: State of the art and research directions. Psychology & Marketing, 39(9), 1697–1697. https://doi.org/10.1002/mar.21692
- Universal Declaration of Human Rights. (1948, December 10). United Nations. Retrieved April 2, 2023, from https://www.un.org/en/about-us/universal-declaration-of-human-rights
- Vimalkumar, M., Sharma, S. K., Singh, J. B., & Dwivedi, Y. K. (2021, July). ‘Okay google, what about my privacy?’: User’s privacy perceptions and acceptance of voice based digital assistants. Computers in Human Behavior, 120, 106763. https://doi.org/10.1016/j.chb.2021.106763
- Warren, S. D., & Brandeis, L. D. (1890, December 15). The Right to Privacy. Harvard Law Review, 4(5), 193–220. https://doi.org/10.2307/1321160
- What is GDPR, the EU’s new data protection law? – GDPR.eu. (2018, November 7). GDPR.eu. https://gdpr.eu/what-is-gdpr/
- Zhong, B., & Yang, F. (2018, October). How We Watch TV Tomorrow? International Journal of Asian Business and Information Management, 9(4), 48–63. https://doi.org/10.4018/ijabim.2018100104