Is Privacy Dead?

July 19, 2018

We all heard the quote by Pete Cashmore, CEO of Mashable “Privacy is dead, and social media hold the smoking gun.” And yes, data mining is a reality we live with, on a daily basis, when we shop, post comments on social networks, or simply when we allow geolocation while surfing on the Web. The main thing for us, as Internet users, is often to continue shopping, posting, and surfing on the Web. Maybe our concern would be slightly different if we thought of the information we make publicly available by blindly pressing the “OK” button on privacy policies. As the recent Cambridge Analytica scandal showed, any company interested in getting a peek into our personal lives, interests, and political opinions can find that information on social media. Here below is a short list of the many ways private businesses leverage information on social media:

Most businesses are interested in learning about their customers to tailor experience.
NGOs and politicians are interested in seeing users’ reactions to a particular message – social media give them sample groups, with precise and differentiated demographics, on a large scale, and with no cost.
Credit cards companies take a look at their prospects’ social circles to assess solvency. According to Rob Garcia, senior director of product strategy at The Lending Club, a peer-to-peer lending company: “We notice that good credit people invite good credit people; bad invite bad.”[1] (Better have the right kind of friends on Facebook…)
There are private firms whose mission is precisely to monitor and analyze social activity on the behalf of their clients. A recent example of such a case was disclosed as Motherboard magazine exposed that British oil and gas companies hired a private firm to track activists’ online activity and use it to discredit them and justify banning their protests.
Lastly, there are private security firms that created software to scrape information from the Web, and more specifically from social media, to prevent security threats. Those software are likely to be used within the framework of government agencies, border control or police forces.

So where should the line be drawn by private businesses leveraging information on social media? What’s legitimate and what’s not? If an online dating business wanted to dig into your love life history, would it be ok? Legal? While the Internet tends to be intrusive, that’s not what concerns lawmakers and privacy experts. Indeed, if the users agreed to make their private information publicly available, there is not much to do – except for raising awareness to the fact that other settings exist that better protect users’ privacy. For example, on LinkedIn or Facebook, users can change their privacy settings so that only acknowledged friends can see their information. What’s more concerning is what’s done with the information gleaned on the Internet after users give it away.The Times reported back in 2012:

“Unlike credit reporting agencies, which are required to let you see the composite picture of you they’ve created with the data they mine and organize, data companies keep their vast virtual warehouses under lock and key”

While many experts promote higher transparency in terms telling the public about the information data brokers collect, how they collect it, whom they share it with and how it is used, regulations are still quite uneven. In the US,

“federal authorities say current laws may not be equipped to handle the rapid expansion of an industry whose players often collect and sell sensitive financial and health information yet are nearly invisible to the public”.

However, things might change in the European Union with the General Data Protection Regulation (GDRP), which became applicable in May 2018, and compels any company with a Web presence in the European Union to disclose data mining processes. As explained in an excellent article published in Tech Crunch:

“The regulation is generally intended to strengthen Internet users’ control over their personal information. It focuses on transparency — making sure people know how and why data will flow if they choose to click ‘I agree’. The regulation also includes supersized fines for major data violations and became something of an existential threat to ad tech processes that rely on pervasive background harvesting of users’ personal data.”

While the GDPR is applicable in the European Union only, it sets a high standard for states looking at ways to protect privacy. And with this in mind, it seems that privacy is not dead yet – it might even experience a revival.