Concerns about Misuse of Personal Data

Figure 1. The middle-screen and before-playing advertising on Youtube, from  https://www.digitalinformationworld.com/2018/11/youtubes-adapting-two-back-to-back-ads-so-you-can-watch-videos-for-longer.html

Since the consistent issues between Internet companies and people’s privacy, Anna set up her Instagram account as a private account. But when she watching watch her favorite videos on YouTube, there are a series of advertisements about travel agencies keep popping up. She felt strange because she does not have a plan to travel. However she does have a long vacation in two months. Out of curiosity, she checked one of the travel agencies, found that there were cheap air tickets to her favorite city, Anna eventually bought the ticket even though she does not planed to travel initially.

 

Have you had this experience? This weird ads come to you like they have put 360°surveillance cameras in your home. But they are actually more powerful — Not only understand What are you doing now, but also ‘predict’ what you will do in the future.

 

Introduction:

 

This is an era of the internet, and Facebook has reduced the average separation of people from 6 to 3.57 (Bhagat. S, Burke. M, Diuk. C, etc., 2016), The distance has been shortened at an irresistible speed. Unlike in the past, if you want to obtain information or publish information in nowadays, only need to press a few buttons on your mobile phone, any task can be completed in a few seconds. The arrival of the information age has reduced the cost of communication and the difficulty of obtaining information. Everyone can become an influencer, or be influenced anytime. This new way helps people’s life become fast and more convenient. People seem to be able to do anything without leaving their homes. Shopping, eating, studying, working, entertainment, socializing, etc. But is there really a free dinner in the world? The convenience of people’s lives slowly reveals the price behind it— their personal information. Due to privacy and security issues, it gets more and more serious, this article will use several real-life cases to analyze users’ concerns about the misuse of personal information and introduce several existing solutions by explaining the reasons for the concerns and possible development.

Figure 2. The proportion of Americans’ trust in their personal data collectors.(2018), Rainie.

The chart above shows how much Americans trust their service providers, including cell phone manufacturers, cell phone service providers, credit card companies, email providers, business they work with, the federal government, and social media. Nearly half of people distrust social media and the federal government, believing that they have the potential to misuse their information, and about 30 percent of the remaining five items do not. Conversely, only twenty percent of the users are fully trust these institutions. We know from this, people want to protect their privacy, but is it a practical way to protect their data just by stop using these services?

 

Does everyone don’t want their personal data be used?

 

For some people, it is true that their lives have been negatively impacted by having to reveal their personal information because they have to.

 

Erica is a pregnant woman seeking public assistance. During the process of interview, she was asked many strange private questions by social workers, such as relationships, history of drug and alcohol abuse, and experiences of domestic violence and sexual assault. They thought Erica was asking for help because she was probably someone with a moral problem and they were helping her baby, but they didn’t even talk about feeding or anything about the baby. Another example is that in China and some western countries, homosexuals are not allowed to donate blood by law (Health Check Requirements for Blood Donors, 2012.7), which leads many cyberbullyers to abuse them with the reason that they cannot do much contribution to the world. More and more data that discriminates against these special groups are put into big data, which leads to different analysis output. This process increases social inequality, discrimination, and poor people seem unable to escape privacy violence. Precisely because people treat things differently in different emotions and situations(Khiara M. Bridges’ 2017), if they are in danger, sick, discriminated against, or marginalized, they will react dramatically differently from healthy people, and the network spread will simply magnify these problems and exacerbate people’s suffering.

 

And for someone, continuing to use the new service and posting their personal information can help make their lives happier.

For example, location technology can help couples bond each other, helping them to be more secure and less emotionally pressures; sharing photos and texts on social networking sites also brings friends closer together. Another example is targeted advertising. If you expose your needs to search engines or software, people can receive corresponding advertisements. For example, Google searches for a keyword, such as “fitness equipment”, or visits some shopping websites, then Soon you can receive corresponding product recommendations or advertisements. On the one hand, it promotes the income of advertisers, and on the other hand, it also facilitates people’s life. So privacy should not be completely protected from being shared, but what is shared and how it is shared should be more careful and cautious, this requires specific agencies to set the rules and regulations to limit the use of personal data.

 

 

What are the boundaries for judging misuse of private data?

 

Privacy is defined as ‘individual information that is protected from observation or interference by others’. But social networking (the Internet) makes it extremely complicated and difficult to achieve complete privacy, and countless people realize that they are constantly connected by the Internet. People try as much as possible to set their private information as visible to friends or individuals only, for avoiding unnecessary harassment. However, leaders of technology companies are still grabbing people’s activities on social networks to justify that “people don’t care about privacy at all”. This kind of self-interested people who steal the concept makes people gradually  distrusting the Internet. What is meant by privacy data abuse here? According to okta, a major cyber security firm, ‘Data misuse is the use of information in an unintended way. User agreements, company policies, data privacy laws and industry regulations all set conditions on how data is collected and used. Data misuse violates these requirements.’ (Sham, S. 2020), where we replace data with personal data, we can conclude that ‘personal data abuse’ means that the policies of using private information is not  transparent, the way they uses of personal data is without the knowledge and consent of their users, or they could even be unreasonable. Ways of collecting is also not open published. This is a violation of their own contractual provisions, general data privacy laws.

 

What’s not misuse of private data?

 

what’s not abuse, according to most apps’ terms of use, users’ data is used (Invisibly, 2021):

1. Personal data is aggregated and analyzed to provide users with more personalized advertisements.
2. Personal data is recorded and evaluated for research and development.
3. Personal data is sold to data brokerage companies.

 

They have specific criteria for how to handle users’ data, and only use personal data beyond the intentions is considered personal data misuse. In another hand, common data misuse is due to the following possibilities (Sham, S. 2020):

When operated by employees who lack good data processing skills, they copy confidential documents or data to their devices, when there is no security protection.

Inaccurate algorithms can lead to the collection of wrong information, leading to breaches.

Incorrect filing can allow the wrong user or team to access private files.

 

The data misuse incident that we should know：

Figure 3. The key players of Cambridge Analytica. https://hexus.net/business/news/legal/116348-eu-us-consider-facebook-investigation-data-misuse/

Facebook in 2016

In 2015, Aleksandr Kogan, a professor of psychology at the University of Cambridge, released a Facebook-based app “thisisyourdigitallife” that assess people’s personality. The data of 270,000 users was then handed over to third parties: Cambridge Analytica (the team behind Trump) and SCL, who, according to participant and reporter Christopher Wylie, spent millions of dollars in collecting Facebook data, The personal data then builds a data model of American voters and assigns personalized political ads for precise delivery. This means that Trump’s data operations team is likely to use this in the 2016 election. Among them, Cambridge Analytica helped build the data model, and Giles-Parscale, a digital marketing company, was responsible for the targeted online advertising. According to the Guardian, the database contains 2 million personal information matching documents in 11 states, and this incident has potential Of the 50 million possible personal data, almost 1/4 of them may be voters in the US election. That could indeed go a long way toward helping Trump’s success.

In addition, Trump’s Cambridge Analytica has also promoted negative publicity against Hillary Clinton through automated bots.

 

Twitter in 2020

In 2020, a small group of teenage hackers forced internal Twitter employees to provide administrative tools that would allow them to operate any account on Twitter, and the hackers took over several celebrity Twitter accounts, including Barack Obama, Jeff Bezos and Elon Musk, etc,. They then tweeted out the scam to collect money (bitcoin) from their followers, and after completing hundreds of thousands of dollars in profit, they were discovered and stopped by Twitter. The incident exposed the company’s management systems, and more than 1,500 full-time employees and contractors were able to change and operate any user’s account.

 

 

 

Prevention and management:

 

From a personal/small group perspective (Sham, S. 2020):

1. Implement identity and access management

Implement multi-factor authentication (MFA) to ensure that only trusted users can access your data, for example, increasing the complexity of your passwords. An extra layer of protection is new security.

2. Check what your data were used for. Activity logs allow you to track and help analysis if their use of your data is illegal.

3. Set up behavioural alerts and analytics.
4. Educate yourself about internet security, and be aware of the consequence of personal data being misused(Law, Finance, Personal or reputation results). For example, think twice when you click the links in email and avoid transferring money directly to the business’s account.
5. Establish clear processes around data access. Building identity and access management into your computer make your life easier.

 

From organizations and groups that use user data(AU gov, 2021):

1. Revise the privacy agreement material and write it out in a way that is understandable, easy to follow, and as engaging as their product
2. Increase transparency of data uses and related items
3. Compliance with the latest regulations.
4. Check if your business has an annual turnover of more than $3 million, if it has over the number, the business has complied with the Privacy Act.
5. Decide what information is set as personal (Any information that can be used to identify an individual, doesn’t matter if the information is true or what type it is). For example, name, signature, address, email, telephone number, data of birth, medical records, bank details, photos/videos and IP address, etc.
6. Learn how to protect personal information for the users (Australian Privacy Principle), and understand what responsibilities have to have complied.

 

As an indispensable advertisement(ACCC,2021), by 2020, more than 90% of advertisements were bought and sold through Google, and delivered with the auto-targeting, but Google’s monopoly in the advertising industry has led to new problems, such as the lack of competition in the entire industry, resulting in a decline in product quality. Therefore, it is extremely important to develop a strategy to help restore the health of the market and the sustainable development of society.

 

For impartial legislatures and oversight bodies:

Countries and states take different approaches to data privacy, so the government can give some prerogatives to professional legislatures so that they can limit and regulate the Internet service providers, i.e. how they use user information and transparency, etc. To ensure the sustainable development of the market and healthy market competition.

For example, the GDPR(Heshmaty, 2019), it includes measures for protecting personal data and limited the purpose of using data.- ’Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.’ and Australia’s ACCC (Australian Competition and Consumer Commission ) will also be a great option to use for the advertising regulation(ACCC,2021).

 

 

 

 

 

 

 

 

 

 

 

 

 

Reference:

1. ACCC.,(2021). Digital advertising service inquiry -Final report. https://www.accc.gov.au/publications/digital-advertising-services-inquiry-final-report

2. Bhagat, S., Burke, M., Diuk, C., Edunov, S.& Onurfiliz, I.,(2016). Three and a half degrees of separation. Meta Research. https://research.facebook.com/blog/2016/2/three-and-a-half-degrees-of-separation/

3. Bridges, K. M., (2017). The poverty of privacy rights. Palo Alto, CA: Stanford University Press.

4. Flew, Terry (2018) Platforms on trial. InterMedia, 46(2), pp. 24-29.

5. Heshmaty, A.,(2019). What is data misuse? https://www.infolaw.co.uk/newsletter/2019/11/what-is-data-misuse/

6. Invisibly.,(2021). Data misuse 7 examples. https://www.invisibly.com/learn-blog/data-misuse-7-examples

7. Liangziwei,(2018).The largest user data abuse exposure in Facebook history: used by Trump as a political marketing tool for the election. https://www.secrss.com/articles/1497

8. Marwick, A. E., & Boyd, D. (2018). Understanding Privacy at the Margins: Introduction.International journal of communication. https://link.gale.com/apps/doc/A561120196/AONE?u=usyd&sid=bookmark-AONE&xid=3df64beb

9. Shiavali, S.,(2021). 5 examples of malicious insider data and information misuse. https://www.proofpoint.com/us/blog/insider-threat-management/5-examples-malicious-insider-data-and-information-misuse

10. Sham, S. ,(2020). What Is Data Misuse? Okta. https://www.okta.com/au/blog/2020/06/data-misuse/