The expansion of the internet opens up opportunities for many things in our daily lives. It offers easy access to information, entertainment, education and financial conveniences such as online banking. Along with these benefits, comes risk such as our (users) privacy and security being compromised.
Lightbeam allows an average user to view first and third party sites which they interact with while browsing the web. It is a program which lessens the transparency of the internet, where many unknown interactions occur.
The image bellow is a visual graph created by Lightbeam after an internet surfing session of 20 minutes. The sites visited were popular websites in terms of entertainment, social media and news, totaling 11 sites. The image displays an unknown interaction with 160 third party sites. The huge number of unknown interactions by visiting only a few sites is a cause of concern.
The images bellow displays the number of third party sites which connected with the visited sites and other third party sites. It can be observed that third party sites connected to many more third party sites relative to visited-third party sites.
The main concern for internet privacy does not lay in the number of sites which a user connected to unknowingly. It is the storage and compilation of personal information by the websites. The first image displays purple lines which signifies the storage of personal information through cookies. Some of the visited sites used cookies, and some of the third party sites also stored cookies. This means often times, personal information of users are collected often without consent. The information collected may then be used by these websites and compromising user privacy and security.
Luckily there are constitutional laws to protect user security and privacy. Canada has a personal data protection act regulated by the federal government which is the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA adopted ten privacy principles:
- Accountability: An organization designates an individual or group responsible for personal information they collect and are accountable for them according to the principles below:
- Identifying Purposes: The purpose of collection of personal information must be stated at or before collection.
- Consent: Individuals must know and consent to collection and use of their personal information.
- Limiting Collection: Only necessary amount of information must be collected.
- Limiting Use, Disclosure, and Retention: Use and disclosure of personal information requires consent and must only be kept until its use is required.
- Accuracy: Personal information must be complete, accurate and updated.
- Safeguards: Personal information must be protected by security safeguards sufficiently based on information sensitivity.
- Openness: Organization’s personal information management policies and practices must be available.
- Individual Access: Individuals can request for information of the use, retention and disclosure of their personal information. Accuracy and completeness of personal information can be challenged by such individuals.
- Challenging Compliance: An individual can challenge organizations and have then be accountable for failing to comply to any of the stated principles.