Hyper-collection: why do companies collect the information they do?
In this post, Brendan Walker-Munro reflects on his article ‘Hyper-Collection: A Possible New Paradigm in Modern Surveillance’, which appeared in the 21(2) issue of Surveillance & Society.
Last year, Australia suffered something of a reckoning with regards to its privacy laws, with massive data breaches impacting our telecommunications companies, insurance providers and banks. In July 2022, I wrote this piece for The Conversation after questions were aimed at the intrusive information collection policies used by companies like TikTok, Kmart and Bunnings. That piece — and the public debate which followed — inspired me to write a lengthier article for Surveillance & Society.
Hyper-collection remains one of the biggest threats to our privacy, because it is undertaken lawfully in countries with weak or ambiguous privacy laws. Shoshana Zuboff called the collection of personal information by big tech “an expropriation of critical human rights that is best understood as a coup from above”. Ambiguity permits corporations to play the margins, safe in the knowledge that no regulatory will challenge their interpretation without risking their reputation. Such ambiguity also limits the remedies available to private citizens when their privacy is violated.
From my position, my work presents a new way of looking at ongoing developments in commercial and retail surveillance. The unnecessary or unsupported collection of personal information by corporations raises their profile as a target for identity crime, data theft and blackmail or extortion. As governments look to hand over more and more of the processes of governing to private third parties, we have to become more comfortable asking questions about how we feel about those arrangements. As practitioners, we also have to ask what role we expect the law to perform: does it set acceptable minimum standards? Does it prohibit high risk activities? Does it provide enough remedies for victims?
Technologies will continue to emerge which fundamentally challenge our understanding of what privacy actually is. For the future, one of the questions is clearly “what does privacy mean now”? We have been arguing about that definition for decades without really settling on any one definition. We also need to consider whether the concept of privacy — as we might have considered it in the 20th century — is gone for good in the age of smartphones and AI. If it isn’t, what do we need to do to protect it? And if privacy has fundamentally been altered, what is its scope, boundaries, and limits? Perhaps by answering these questions, we can square ourselves against the rise and rise of hyper-collection.
