Privacy is essential in today’s lifestyle and could be necessary for human society to function. Today we are giving up more and more private information online without knowing that it’s being harvested and personalized and sold to lots of different people…our likes and dislikes, our closest friends, our bad habits, even our daily movements, both on and offline. Many people underestimate the importance of online privacy, but they should be aware of how much information they’re sharing. Not only on social networks but just by browsing itself. Because on the “Internet”, data has high value. It’s stolen, sold, collected, and analyzed. But as much as privacy, data manipulations made in the last years' massive security breaches. Most people assume that cyber-attacks are incredibly sophisticated, but it may come as a shock that something as simple as a social media post can result in a security breach. (And I will not go further because I might lose some between the lines.) OK but 4 likes on social media are usually enough to reveal a person’s sexual orientation? YES, one thoughtless click could be the difference between business as usual and a cybersecurity nightmare. OMG!!
Businesses and consumers invest time and money into securing private information, but too often, the focus is on preventing attacks from accessing data and therefore ensuring that personal data remain confidential. In the last years, cybercriminal groups and other organized threats developed instead of breaching the ability to manipulate digital data. So it’s an illusion that data protection law can give individuals control over their data. In what world do they live and expect to claim that individuals are able to exercise control over their personal data? Most practices involve multiple data controllers and processors sharing sets of data, for multiple purposes, and increasingly with automated operations on data — cloud computing and profiling — that data controllers themselves do not fully understand or know the details of what are they doing or they will be doing with the data. Yes, you can be informed, if you know where to look and how to read. But who knows, looks, and reads? Not everyone knows programming or data sets or data mining. Yes, you can request correction or erasure, if you know whom to ask. But how are you ever going to reach everyone in the chain, in a mosaic of interconnected data processing? There are simply too many ifs and buts and not even the firmest believers in informational self-determination can claim, that they know which of their data are being processed in what ways by the data controllers and if the data is protected in any way. Google Spain has an example of a guy who enforced his right to erase some information’s from public eyes. His decision leaves considerable room for competing interests and for interpretation. If you get out from search engines you would remain with your data on your service provider who will still link to that information. If you go to court to enforce your right to erasure can lead to increased publicity and trigger news items referring to the offending information, and the erasure of these new pieces cannot be invoked since they constitute correct and relevant recent publicly news. Nevertheless, in the public sector is more obvious: the government as a data controller determines when, how, and why it processes data — citizens have nothing to choose. So where is the privacy and data control for the citizens?
Statista revealed that 22% of internet users said that their online accounts have been attacked at least once.
Creating more rules to ensure controller compliance will not lead to data protection law being valuable. The result: data protection law only restricts, not also enables, is wide-spread, and of the two functions of data protection — protecting fundamental freedoms and stimulating the free flow of personal data — the latter is often overlooked. Furthermore, did you know that in July 2020 Twitter was a victim of data manipulation? Attackers took over numerous high-profile accounts, including verified accounts such as Kanye West, Barack Obama, Apple, and Joe Biden. They used the platform (gained $100k in few hours) to Tweet a message requesting Bitcoin be sent to a specific wallet number with a promise they’d return it doubled. Who ensured protection for those scammed? The law, the state government, the controller, the processor?
Did you know that nearly the entire Internet is essentially the deep web? In recent years, the total amount of information processed on the deep web was estimated to be 7.9 zettabytes (that is 7,900,000,000,000,000,000,000 bytes) and growing at a rate of 60% per year. To put that in perspective, 1 zettabyte is equivalent to 44 trillion gigabytes. But because the deep web is hidden from search engines, some people use it for more nefarious purposes. If the deep web is 96% off all digital universe you would understand how much personal data is in the hands of wrong people. Mostly on the dark web, the subset of the deep web that’s known as a haven for criminal activity. On the dark web marketplaces or forums such as FreeHacks, Nulled, Hydra, Versus, Dream, Wall Street Market, and Point Facebook login details can be bought for as little as 5.2$. Comparably, Instagram accounts go for as little as 1.29$ while Twitter details only fetch 1.69$ per login.
Another big issue is differentiation. Data protection law applies that data is either personal data (triggering the whole regime), or it is not (triggering nothing), but it cannot be something in between or something else. Huge problems will occur with profiling (they do not necessarily relate to individuals, but often to groups “someone with characteristics x, y, and z”) because of its self-declared scope, they cannot cover the creation and application of group profiles in general, but only the creation and use of individual profiles. So, when is a profile related to an identifiable individual? This is the case now with some big social media companies and their data being developed and used by multiple companies. Do you think this is the first time this companies data profiling has been used for government purposes? Or Google, or Amazon, or any other big tech company does it differently? Wasn’t then and isn’t now a secret that they sell your data to the highest bidder. Selling data is a big business and a very profitable one. People don’t want to pay for content and services because they’ve grown to expect them for free, but creating content and services costs money, so the creators have to find ways of monetizing their work, usually through advertising or selling data. There are now companies known as “data brokers” that collect and maintain data on millions of people, which they analyze, package, and sell without the user’s knowledge or permission. Data brokers collect and sell information to other companies for many reasons, including targeted advertising, credit risk assessment, and direct marketing. In the United States, they collect up to 1500 pieces of information about a person. In the EU they skew the interpretation of “legitimate interest” or exploit the inattention of internet users who don’t read what they consent to.
In spite of that, it’s clear now that the use of behavioral data to nudge voters with propaganda-as-a-service exploded. These tactics are nothing but the latest phase in marketing, and marketing or its electoral equivalent “campaigning” has existed in elections right from the beginning. Can’t blame political parties for adopting the latest marketing tools when marketing itself is commonplace during elections. And marketing is getting smarter thanks to the technology available these days. The problem is with the legality. If another state is behind and involved in data manipulation to the owner state then we have another issue. Some results may sound stupid, dystopian because “liking” a political campaign page is a little different from pinning a poster in a window. But five years ago psychology researchers showed that far more complex traits could be deduced from patterns invisible to a human observer scanning through profiles on social media. (complex character assessments) Scary few dozen “likes” can give a strong prediction of which party a user will vote for. Can easily be applied to large numbers of people without their individual consent and without them noticing. By leveraging automated emotional manipulation with the use of AI, bots, dark posts, and fake news you can activate an invisible machine that preys on the personalities of individual voters to create large shifts in public opinion. Building platforms whose natural end state is digital addiction. So be aware!!
It always has been whoever owns DATA owns the bright FUTURE.