In 2000, when Scott McNealy, former Sun Microsystems CEO famously uttered “Privacy is dead – Get over it!” he may have been forewarning the world of what was the inevitable by allowing our lives to become completely connected to and intertwined within cyberspace. The definition of privacy is stated as “freedom from unauthorized intrusion”. (“Privacy,” 2019). However, in a highly digitized and connected world, this definition may not hold much truth to it.
Before the advent of technology, the concept of online privacy was within the external locus of control of almost everyone, however as daily aspects of our lives rapidly move towards increased digitization, we find that our online privacy and ability to have control over that has quickly diminished. Online external parties have become so entrenched in our daily existence and unintentionally – or intentionally- we have given up our rights to total privacy. As Rauhofer (2008) stated: “The use of information and communications technology and the ‘digitalisation’ of everyday tasks has resulted in a paradigm shift where vast amounts of personal information about individuals, their opinions and habits is generated and stored in the databases of those providing online services”.
This essay will primarily focus on protecting Public Personal Information (PPI) as this is where consumers have a tenuous hold on what data about them is collected, used, shared or sold. Thus, privacy can be considered dead due to varying global data protection regulations and practices resulting in gaps in protection of consumers’ privacy, an ever-widening gap between advancing technology and suitable, relevant legislation making it formidable for ensuring data privacy and digital oversharing which exacerbates data privacy loss.
Varying Data Protection Standards and Non-Existent Legislation
In attempting to define data privacy, one will find varying degrees of focus on the actual meaning of the term. Some definitions focus on use and governance of the personal data, others define it in terms of preserving and protecting personal information, while others look at the relative importance of some data against others as the driving factor as to how it is handled. It can be argued that because of the varying definitions, this affects what main principles should be focused on to devise relevant legislation or codes of practice that cover the more important qualities of data privacy and notably protects the subjects involved. These changing interpretations of what is data privacy makes it harder to have cohesion across the board by which online companies and organizations can adhere to regarding how consumers’ data is protected, stored, shared and used.
There is also the issue of the tradeoff between the services consumers pay for and how much protection of their data is received in exchange. For companies such as Google and Facebook who offer services for free, this thinking is behind the unencumbered use of consumers’ data. Using the same concept, the European E-Commerce Directive did not protect consumers who obtained free services (Zanki, Lee, & Chang, 2016, p.3). This gap was exploited by online companies operating within the European countries offering free services.
Although the European Union (EU) was able to close this loophole with the introduction of the General Data Protection Regulation (GDPR) in 2018, globally there is still concern regarding the enactment of legislation in some countries to protect the data privacy of citizens. Looking at the largest regions of the world, 19 of 54 recognized African countries, 15 of the 48 countries that make up Asia and 17 of the 33 countries that make up the Latin Americas and the Caribbean, have enacted data protection and privacy laws. This means that about 42% of the world’s population has very little or no legislation covering their data privacy. While a few countries such as Canada, Argentina, New Zealand and Switzerland have data privacy laws that are comparably robust as those of the EU’s GDPR, most don’t, and they would not be able to do so anytime soon. (The State of Data Protection Rules Around the World – A Briefing for Consumer Organizations, 2018).
Harmonizing these several international data protection legislation is tough and confusing as different regions may face barriers such as differing political, economic and social development, varying state and federal legislation and others may have no legislation, thus finding commonality amongst these varying pieces of legislation and policies can have serious implications (Zanki, Lee, & Chang, 2016, p.2).
The Great Technology/Legislation Chasm
With over 3.7 billion human beings using the Internet, more than 2.5 quintillion bytes of data is created per day – 90% of it having been generated over the last two years alone (Marr, 2018). Data about and on us is created even when we do not directly use a device or Internet of Things (IoT), such as when data is collected in person at government offices, hospitals or insurance companies, it is entered into databases that are connected to the vast network of servers. All this data is being created on more and more devices and this compounds the issue of keeping legislation abreast and ahead of the rate at which technology is evolving. It is seemingly impossible for legislation to be au courant with the latest developments surrounding data privacy.
Kerry (2018) summarised: “As the data universe keeps expanding, more and more of it falls outside the various specific laws on the books”. This includes most of the data we generate through such widespread uses as web searches, social media, e-commerce, and smartphone apps. The changes come faster than legislation or regulatory rules can adapt, and they erase the sectoral boundaries that have defined our privacy laws.
Compounding the issues is that depending on the device that collects the data, the regulations that protect the consumers’ privacy change. For example, in the U.S, collection of personal health information only by a doctor is protected under the Health Insurance Portability and Accountability Act (HIPAA), however if that same information is collected using a Fitbit tracker and stored in the app, there is no legislation regarding how that information can be used. This leaves room for gaps where protection of the consumers’ privacy and expectation of privacy fall through.
Cyber Enabled Oversharing
Oversharing happens even when there are controls that people can use to limit how much information they can share, because of something called the online disinhibition effect, where social restrictions and inhibitions that people would have in face-to-face interactions they lose in their interactions while online (Suler, 2001). In comparison to our world twenty years ago, today people share almost everything online especially through social networking sites(SNS). Reseachers coined the term digital crowding to describe how much online users share and consume of personal information (Macdonald, 2016) and people have become so accustomed to SNS allowing them to share the mundane, minutiae of their lives.
Most people fail to set clear boundaries with family and friends about sharing personal information online. It could be because we no longer look at who we share the information with as being strangers, but as being part of our ‘audience’ or ‘followers’ and the emotional desire for likes, retweets and shares outweighs the consequences of how this information can be harmful or embarassing for our friends or families. According to a Pew Research study, most of the respondents acknowledged that with an evolution of the digital era, people would be more receptive to trading information and privacy for convenience and customization (Macdonald, 2016)
The issues highlighted showed that differing global data protection regulations and practices results in gaps in protecting consumers’ privacy, the broadening divide between advancing technology and relevant legislation makes it a daunting feat to ensure that people’s data remains private and digital oversharing only helps to intensify the issue of less data privacy.
In applying logical argumentation, the argument is valid since if all the premises could be considered true, then the conclusion is one that would follow based on the premises given. The argument could also be considered sound based on the assertions used to prove the veracity of the premises. Data privacy although dead as we know it, will however continue to be redefined as we move towards an increasingly information-driven age.