This series is all about helping you understand, the Data Privacy Basics – key concepts that we should all know around our personal data, regulations that are in place to protect that data, and what Data Privacy means for us. In this insight, we ask the question of why Data Privacy is so important for us and look at some of the major data- and privacy-related issues it can help tackle.
Data Privacy gives back control over data to individuals, to us. Besides our fundamental right to privacy, and the existence of a right to protection of data in some countries (e.g. in the European Union Charter of Fundamental Rights), data privacy regulations bestow further and more easily enforceable rights upon us. These include the rights to have access to our personal data, to have errors in our data rectified, or to have our data erased altogether. We will discuss these so-called ‘data subject rights’ in more detail in our GDPR series. Fact is, that these rights have made it easier for us take back some control over our data once it is already out there.
Besides giving these rights to individuals, Data Privacy and regulations to enforce Data Privacy pose restrictions and obligations on those collecting and using our data. Regulations like the GDPR, for example, require businesses and organisations to adhere to certain principles, and to ensure that a valid legal basis is present when personal data is being collected and used. These principles and legal bases will be examined more specifically in our GDPR series. However, one legal basis that should receive particular attention is consent. This is because consent is the only legal basis that actively involves the individual in the process. It means that businesses or organisations are required to seek our permission to be able to use our personal data. And this is the cases for many instances of intrusive and potentially risky data collection practices, such as the use of personal data for direct marketing and targeted advertising, or as part of an automated decision-making process. Consent also is the main legal basis required when it comes to sensitive kinds of data, including health and biometric data. As such, data privacy regulations help protect our personal data by imposing obligations on businesses and organisations on the one hand, and by giving us back some power and requiring our consent for many kinds of data practices on the other hand.
So, what are some of the main issues that Stronger data privacy practices can help tackle?
Privacy per se
Privacy has always been important to humans – to some more than to others. While there is information that we do not mind sharing with others, there are many things we want to keep private. In the era of digitalisation and with more and more of our personal information becoming shareable and analysable data, the real-world concept of privacy has seen the need to be translated into a virtual format to protect our personal information online, namely data privacy. While data privacy does have an impact on physical data collection and processing, its effect on the handling of digital data is far more significant. Consider the kinds of personal data that are being collected online and the many ways in which this is done: If we did not have any data privacy regulations, our online presence would be much more vulnerable to being exploited, manipulated and interfered with than is the case now.
Intrusive marketing & advertising
As of today, many businesses have opted to monetise data in one way or another. Much of this monetisation regards the advertising business. Thanks to Big Data and the development of more and more sophisticated algorithmic systems to use this data, advertising, too, has evolved. What many of us nowadays witness online is the result of this evolution: targeted advertising. Simply speaking, targeting advertising involves the compilation of our personal data into profiles about us that can be used to recommend products and services that are likely to appeal to us. These practices can span from simply suggesting things we have previously shown interested in or actively searched for online; to more complicated methods that can deduce certain preferences from analysing our profiles. As a result, we may come across ads that feature things we have never actively considered but which spark our interest, or even reflect issues that we talk of think about but have never looked up online. If you have ever felt like an ad on a website or a recommended post on social media was eerily accurate to the state of mind you were in, you have likely come across this kind of targeted advertising. While being advertised things we may enjoy is not necessarily a bad thing, it brings a lot of risks with it. For example, targeted ads may be placed during times when we are most vulnerable to being persuaded by them, resulting in klicks, likes or purchases of things we do not necessarily want or need. Targeted advertising is also prone to being biased. This is because the algorithmic systems which make targeting possible may discriminate against people based on their personal characteristics. This can result in unfair recommendations, which offer some products to people for more than they are offered for to others; or in the suggesting of dodgy or fraudulent ads only to people who are most vulnerable to falling for their lies.
Stronger Data Privacy practices are key in mitigating these risks. By requiring consent for many kinds of data processing, especially regarding marketing and profiling purposes, it is not as easy for businesses and organisations to acquire data about us that would give them unfair advantages in targeted advertising.
Besides the targeted advertising, which many of us may already find intrusive, our data, particularly if it is compiled in a profile about us, can also be used to “nudge” us into certain behaviour. “Nudging” means to gently push someone in a direction, often without the individual consciously being aware of it. Online this is often done with algorithms, which take in our online behaviours and other data about us, to recommend or suggest content, whether that the careful curation of posts on our Social Media feed, or the auto-play function used on YouTube. Nudging like this can lead us to go down rabbit holes or get the sense that many people have a similar opinion as us – simply because we are only being recommended those things we have previously liked or spent time on. Based on this data about us, the algorithms keep pushing us further into this direction.
While we may be able to easily recognise when a product we have looked up before is now being advertised to us, other, more subtle ways of using our data “against us”, such as nudging, are not as obvious. It may be that we enjoy being recommended similar content again and again, and this is also why businesses, particularly social media platforms, employ such algorithms – to keep us entertained. However, these practices can have severely negative effects on us individually, and on society as a whole. By going down rabbit holes, many individuals get stuck in echo-chambers, which do not allow for a diversity of opinions, but rather echo their own opinions repeatedly. As a result, people become more polarised.
Besides these more unintentional effects, nudging has also been exploited for deliberate manipulation of large groups. For example, current architectures of online platforms, particularly social media platforms, allow for a targeting of misinformation campaigns or political propaganda to those groups of society who are prone to buying into the particular topics.
“Data is the new oil"
One of the most significant purposes for data collection is data’s potential for monetisation. While it is not easy or straightforward to establish our data’s exact monetary worth, we do know it is very valuable depending on what it can be used for, or, at least, depending on what those collecting it think it can be used for. Businesses, organisations, and even state institutions spend huge amounts of money on the above described advertising or data-driven manipulation of people. That is, our data is not only used by those collecting it to make money, but, in turn, exploited by others to influence us.
As a result, there is a growing sense among people that they do not want businesses, particularly those already biggest and most powerful, to further enrich themselves based on the data we give away for free.
The need for more regulation
While stronger data privacy frameworks contribute to the prevention of and fight against harmful data practices, the above also require better regulation of other related issues, such as the development and use of artificial intelligence, or the conduct and responsibilities of Big Tech companies, especially those who provide online public spaces for their users, i.e. social media networks. The EU and other countries in the world are in the process of responding to this need by discussing and passing new tech-related legal frameworks. What you can expect from these other new areas besides data privacy and how they might apply in practice will be the topic of a future series of ours, so stay tuned for more!