Can we maintain privacy and participate in the 21st century at the same time?

Written by Grace Cook, Sam Santomartino, and Brad Beacham

Recently there have been an increasing number of discussions about personal privacy, and subsequent violations of that privacy, via social media and other technological platforms that appear to be seamlessly integrated in this day and age that collect data on their users. While some may think, “I know I am going to be advertised to, so I’d rather those ads be personalized toward content they know I am interested in;” these people may not comprehend the full potential for risk or exposure that they are agreeing to. Some may refrain from using a certain app in order to opt-out of sharing personal data, inferring that we are always complicit in our violations of privacy; but is this true? At what point is innovation too invasive and is there a way to effectively regulate what is being monitored?

“You have to hand over your personal privacy to be part of the 21st century”

(Goldberg, 2011)

Breaches of Privacy in Tech Giants Such as Facebook

Internet privacy has been an increasingly popular subject in the past decade as people have come to realize how their data is being collected, used, and occasionally stolen. In her article Privacy in the Age of Google and Facebook, Catherine Dwyer discusses the effects of several controversial services that are/have been offered by Facebook and Google.

In 2007, Facebook launched a service called Beacon, which tracked Facebook user’s activity online (mainly targeting online shopping) and then automatically pushed information about their activity to their friends’ news feeds (Dwyer, 2011). Because it was done automatically, users didn’t get a say in what was and wasn’t shared. It was poorly received because it automatically posted when people bought their Christmas gifts, which lead to Facebook “ruining Christmas”(Dwyer, 2011). Users clearly were unhappy that Facebook was publishing content that they did not consent to posting.

Facebook may have upset its users, but their intentions could have initially been positive in allowing users to share their activity more easily and naturally. However, the biggest problem is not that Facebook released Beacon: all companies (especially social media sites) miss the mark on some features. The bigger issue is that Facebook never learned from their mistake in sharing user information. In 2010, Facebook released Open Graph, which is similar to Beacon, but instead uses a series of plug-ins that web developers can use to link their sites to Facebook (Dwyer, 2011). It improved upon Beacon by giving users the choice to share whatever they wanted to through their interactions with third party websites (like hitting the “share” button on a blog), but it did so at the price of offering those websites lots of user information (Nottingham, 2012). Facebook continued its streak of revealing a bit too much information about its users– without them really wanting it this way.

Not only has Facebook invaded its user’s privacy by sharing it with other Facebook users, but Facebook has also collected data about users and sold it to other companies.

Figure 1: Activity on the internet is recorded by websites such as Facebook and sold to other companies to make a profit (Quote: Dwyer, 2011)

Facebook Pixel continues to track users’ activity in order to target advertisements towards that specific person based on their history online (AsapSCIENCE, 2018). If prompted, Facebook will actually provide its users with a list of the companies they have sold their data to– and the list is seemingly infinite.

Figure 2: The A’s and B’s of Facebook. When privacy info is requested, Facebook provides the list of companies that your data has been sold to. These are just the A’s and B’s of that list.

Facebook outlines its collection and use of data in its privacy policy and provides users with more information when asked. Perhaps more alarming are the ways in which our information is used without disclosure.

Data Collection Without Knowledge or Consent

Facebook clearly collects information about users and shares it with both other users as well as other companies. These privacy concerns seem to present a simple solution: don’t use Facebook. But could it be this simple?

Unfortunately not.

In Belgium, judges have ruled that Facebook broke privacy laws by tracking non-users via social plugins. According to an article by Natasha Lomas, the tracking of these non-users was near invisible and “even if you have never entered the Facebook domain, Facebook is still able to follow your browsing behavior without you knowing it, let alone, without you wanting it” (Lomas, 2018). Clearly this is an invasion of privacy on people that have never consented to giving Facebook any information.

At this point, it is obvious that Facebook cannot be trusted when it comes to privacy. But due to the long history of questionable actions, it is almost expected at this point, that Facebook is doing something it shouldn’t be doing with data about users (and now as we know, non-users). However, Facebook is not the only institution that is collecting information without consent of all parties involved.

According to a Wall Street Journal article by Douglas Belkin, universities such as Seton Hall University, Quinnipiac University, and Dickinson College are collecting data about applicants in new forms. For example, these schools know exactly when students open an email from the school, for how long they read it, and whether they click on any links included in the email. At Seton Hall University, they track how long students spend looking at the school’s website and at what age they began looking at the website (Belkin, 2019).

Although these variables may be considered useful in determining interest in the university, they also bring many privacy concerns. Many of these prospective students did not know they were being tracked at all (Belkin, 2019). Additionally, it is common that students who are looking at or applying to colleges are under 18– they couldn’t consent to data collection even if they wanted to. Where will the line be drawn for the tracking of kids online?

This brings the discussion back to Facebook, where many of the users are not adults. The social media site only requires its users to be 13 years old in order to create a profile, which means it is collecting and using data of minors to their own benefit.

Figure 3: How can society hold companies such as Facebook and Google accountable for their actions with regard to their users’ privacy, or is it too late? (Image: Hubaux & Juels, 2016)

Do social media companies need to be regulated in data collection the way banks are regulated in money collection? Many agree that they do, which is why in recent years there have been an increasing number of investigations into companies such as Facebook as well as the passing of new laws.

Attempts at Regulation

In 2014, the European court granted its citizens the “right to be forgotten” in which any European citizen can request that a search engine delink a result item deemed “inaccurate, irrelevant or excessive” (Newman, 2015). Although the decision seeks to allow individuals to take control of their once permanent digital footprint, it has caused some controversy. Critics claim that such requests would violate existing rights of free speech and free press (Newman, 2015). In response, however, the European court claims that the right to be forgotten is not absolute. While content may be delinked from certain sites, they are not erased. Essentially, private or otherwise untenable information will be hidden, acting as an additional layer of protection for the individual in question (Newman, 2015). However, such an idea does not come without its faults. Delinking requests are only valid on a national basis, rather than globally. Thus, information that has been delinked in one country is still easily accessible in a different one (Newman, 2015). As of now, there is a “mismatch of regulatory jurisdiction” and thus individuals can only be protected on a case-by-case, country-by-country basis (Newman, 2015). Although the right to be forgotten isn’t perfect, it is a step in the right direction. With the internet becoming a means for many of our interactions and transactions, the likelihood of information being published about someone that is inaccurate or unwelcome is very high. It is unlikely that we can control everything that exists on the internet about us, but making it less accessible for others to see could go a long way in privacy protection.

Figure 4: The right to be forgotten allows individuals to submit requests for delinking items from search results on search engines such as Google.

More recently, the European Union has implemented the General Data Protection Regulation (GDPR) in which companies that violate certain privacy rights or consent requirements pertaining to personal data will be held much more accountable (Lomas, 2018). As awareness and concern over the exploitation of digital personal privacy grows, people look to their respective governments for protection. GDPR is another step in the right direction as far as regulation and transparency in data mining private information.

Conclusion

While these solutions are limited to a confined geography, we are left to wonder what the world will look like 5, 10, or 20 years down the line. As companies such as Facebook gather more data and users become increasingly aware of the risks of information collection, will there ever be a constraint placed on tech giants that protects users while still allowing these companies to profit? Technology is changing fast, and the information available is increasing exponentially. It is clear that figuring out how to protect users of this digital age will be an increasingly important question in the coming years.

References

Belkin, D. (2019, January 26). Colleges Mine Data on Their Applicants. Wall Street Journal. Retrieved from https://www.wsj.com/articles/the-data-colleges-collect-on-applicants-11548507602

Dwyer, C. (2011). Privacy in the Age of Google and Facebook. IEEE Technology and Society Magazine, 30(3), 58–63. https://doi.org/10.1109/MTS.2011.942309

Goldberg, B. (2011). Privacy Worries Grow More Public. American Libraries, 42(5/6), 26–27. Retrieved from http://www.jstor.org/stable/23024978

Hubaux, J., & Juels, A. (2016, June 01). Privacy Is Dead, Long Live Privacy. Retrieved February 5, 2019, from https://cacm.acm.org/magazines/2016/6/202642-privacy-is-dead-long-live-privacy/fulltext

AsapSCIENCE (2018, June 07). Is Your Phone Listening To You? Retrieved from https://www.youtube.com/watch?v=NwTmHNt-IG8&feature=youtu.be

Lomas, N. (2018, February). Facebook’s tracking of non-users ruled illegal again — TechCrunch. Retrieved January 30, 2019, from https://techcrunch.com/2018/02/19/facebooks-tracking-of-non-users-ruled-illegal-again/amp/

Newman, A. L. (2015). What the “right to be forgotten” means for privacy in a digital age | Science. Science, 347(6221), 507–508. https://doi.org/DOI: 10.1126/science.aaa4603

Nottingham, P. (2012, February 22). Guide to the Facebook Open Graph. Retrieved February 4, 2019, from https://www.distilled.net/blog/social-media/guide-to-the-facebook-open-graph/