To begin with, let’s face one truth: We are always living under the radar. The dream about having full privacy while being on the Internet is simply unreal. As Kerry (2018) stated in his article, “more and more data about each of us is being generated faster and faster from more and more devices, and we can’t keep up,” As the number of technological devices used in human life is increasing day by day, every bit of people’s identity is being exposed to another party, with or without the users’ conscience. It used to be scary to think about that. However, in recent years, that matter seemed to fade a bit, as we are getting used to having our data collected every day. Yet the fear does not stop there. A new, emerging problem regarding the matter of collecting personal data is existing in users’ minds right now, and that is more to do with the purpose of collecting those data. We now want to know what kind of information about us is being recorded and in case the recorded information is personal, what would it be needed for.
This article will explore contemporary concerns about the misuse of personal data, by firstly giving a modified definition of “personal data” in this context, then discussing some possible concerns, or “fears” that users are putting their minds to, with cases of (of course) the infamous Facebook and Cambridge Analytica scandal, as well as “deepfakes” problem. It will also look into the current laws protecting users’ privacy and whether they are effective or not.
Redefining “personal data”
Before diving into the world of problems with data misuse, perhaps we should have a look into what is defined as “personal” data, or information. According to the government’s Office of Australian Information Commissioner (OAIC), personal information is defined as “information or an opinion about an identified individual, or an individual who is reasonably identifiable”. However, this might be a little bit too broad in the digital context, as we do not often consider our opinions or sayings or online behavior as “personal”. The type of personal data that we would be concerned about if misused, would include sensitive information (race, sexual orientation, religion, health etc), credit card, and tax records. Nevertheless, in this case, I would like to include users’ basic identities, including our appearances, as part of personal data. The difference between the Internet and real-life environments is that we are not so willing to show our appearances on the Internet as much as we might be in practice. Our faces, together with almost anything that identifies us as who we are, are the things we would like to have privacy for the most, and hence are the possible subjects for unethical practices related to misusing data.
Another way to define personal data in this context is by looking into our attitude toward all information about us. It does not have to be technical. If we have some conversation with our friends about what we hate, that’s personal. And if any party uses that for their own purposes without our consent, it is just as negative as having our credit card stolen.
Misuse of personal data for unethical advertising
The most common concern that citizens of the Internet are wondering about is whether their data would be used by a third party to target back at them for unwanted purposes. Anyone who is familiar with current social media platforms is no stranger to experiencing some random advertisements related to a topic they have just talked to their friends about or seeing many advertisements about a product after that one time they google it. In one way, that is not so ethical. These experiences prove that there is a connection between the parties, specifically the platforms’ admins and third-party businesses and those businesses have access to the users’ information. Yet as mentioned at the beginning, this does not bother users as much because it is easy to scroll those ads away. But what if the interference goes too far? What if the “stolen’ information was used for something completely unrelated and for a more sensitive cause, such as politics?
The Facebook and Cambridge Analytica scandal has been in the past for almost 4 years now, but the effect of the case is significant, if not fundamental, on social media users’ conscience about how fragile the data protection is. Once the app developers allow a third party to keep track of our activities on the platforms, there is no guarantee about the limit of time and amount of information they could get from there. To quickly summarise the case, back in 2018, tech giant Facebook and data analytics firm Cambridge Analytica were accused of harvesting data of over 50 million Facebook users. Christopher, who worked with Cambridge University academics to obtain the data, admitted that the analytic firm exploited millions of users’ data through a personality test created by them (Cadwalladr and Harrison, 2018). While it was claimed for “academic use”, the personality tests allowed the company to get access to Facebook participants and let them take records of other personal information including friend circles, which then enabled them to get access and harvest such a large amount of data eventually. But the problem was not just about that. Users targeted by the companies were American voters and the purpose of the data collection was for the lobbying movement in the upcoming election. This could be considered to be a form of remote manipulation, and since the field was rather sensitive, it made the scandal so shocking to not only the victims, but almost anyone being active on Facebook.
The worst thing was not just there. In defense of the actions that tech giants had taken, they tend to throw the problem back to the users. Marwick and Boyd (2018) stated “The tech industry often frames its products as a give-and-take between people willingly sharing personal information in exchange for benefits. Although there are plenty of people who approach specific services with a mindset that they are intentionally choosing to do so–for instance, providing an e-mail address in exchange for a coupon–a great deal of information is not collected from truly informed and consenting individuals.” In other words, users are willing to give away some of their information and to some extent, it is never an excuse for tech companies to go further with the information they are holding, not without the users’ consent. In addition, such an attitude of the tech companies toward the issue of personal data exploitation really makes us put some questions about the transparency and integrity between the platform developers and the users.
Deepfakes – when our faces are a type of personal information
One more emerging issue to be discussed is deepfakes, although it may initially seem irrelevant to data misuse. As mentioned above, in the digital world where any information about us could be brought anywhere, our faces are what we would like to “protect” the most. Therefore, we cannot exclude any possible threats that users would have to experience if their faces were used for unethical or even illegal purposes. Westerlund’s (2019) case study where she reviewed the technology of deepfakes, shed some light on potential drawbacks of said technology. In basic terms, deepfakes is a technological feature where one person’s face is put on another person’s body and the effect is hyper-realistic. Deepfakes are “difficult to detect, as they use real footage, can have authentic-sounding audio, and are optimized to spread on social media quickly”, which would make the audience think that the video is real and unedited (Westerlund, 2019). Because of this characteristic about deepfakes, it becomes a tool for creators with bad intentions to create some drama with it. The most obvious purposes could be deepfake pornography and fake news. But while fake news is more of a problem with celebrities and public figures, deepfake pornography is a much more dangerous thing to us Internet users, because anyone could easily be a victim.
But what does that have anything to do with misuse of data? In reality, there has been cases of people becoming victims of deepfakes porn because their faces were shown on the Internet. In 2021, a broadcaster in UK realized her face from old photos on Facebook deepfaked to naked bodies all over porn websites, and it affected her a lot (Hao, 2021). Notably, the photos that she recognized were non-intimate, and more importantly, some of them were deleted from Facebook. The fact that the perpetrator was able to get access to those photos and use them for porn showed how scary it could be to even show your face on social media, even if you delete them afterward. Moreover, deepfakes are not adopted and used by tech companies (yet) but rather by “hobbyists”, who would often do so for porn-related content. Hence, it might be harder to track back to the origin of the deepfaked videos once it got spread on the Internet, and there is no actual party or company to blame for this.
Obviously, it is not like we are not backed up by the laws on the matter of deepfakes. The current defamation law does cover the area of deepfaked videos. But the scope of impact is bigger than that. It does not only have to do with the possible damages that victims will have to go thorugh, but more to do with rising concerns about Internet regulation and protection against deepfaked porn. Social media platforms used to be the place where people shared photos and moments and now we are scared to do so. A future with deepfakes being banned from pornography purpose is visible, however, short-term protections against those behaviours are needed and the question of whether we are getting now seems to remain unanswered
What about the law?
With the emergence of possible negativities towards the leakage and misuse of personal data, there is no doubt that the governments have to update their laws and policies to catch up with all those issues. However, Kerry (2018) argued that keeping up with privacy laws nowadays is a very difficult job, as the number of data privacy breaches is increasing, and even the line between what is public and what is private online is becoming blurry, there is a need for another approach towards this matter. Tech companies have been an ally with so many other businesses and it is high time they became an ally with the government online security bodies now. It has come to a time where we should all be honest and transparent to each other about the use of our data, because that might be the best way for users to continue using the Internet fearlessly. Let’s hope that day will come soon.
References:
Cadwalladr, C & Harrison, E. (2018). Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election
Hao, K. (2021). Deepfake porn is ruining women’s lives. Now the law may finally ban it. https://www.technologyreview.com/2021/02/12/1018222/deepfake-revenge-porn-coming-ban/
Kerry, C (2018). Why protecting privacy is a losing game today—and how to change the game. https://www.brookings.edu/research/why-protecting-privacy-is-a-losing-game-today-and-how-to-change-the-game/
Marwick, A. & Boyd, d. (2019) ‘Understanding Privacy at the Margins: Introduction’, International Journal of Communication, pp. 1157-1165
Westerlund, M. (2019). https://www.researchgate.net/publication/337644519_The_Emergence_of_Deepfake_Technology_A_Review