Does Privacy Still Exist?

In today’s hyper-connected world, some

people believe that complete confidentiality is unachievable. Growing concerns surrounding data privacy have made internet users more cautious with the information they give out on social media platforms. Making our Facebook profiles private is not enough to protect all our data. The issue is not just having intimate details about our lives revealed but rather that all the data we share online such as GPS data, apps used and contacts is being used to produce a monetized good, sold for consumer specific advertising. At a time when it is increasingly difficult to control what data we supply and who gets access to it, we need to consider what the major issues are for online data privacy today.

Smartphone use has become essential in our daily lives. Since 2011, the number of people who own smartphones nearly quadrupled, with an estimated 2.5 billion smartphone users. Data from USC Annenberg shows that since 2000, the time spent online every week by an average American rose from 9.4 to 23.6 hours. The growth in mobile phone users and time spent online coupled with social media’s ability to capture data about our online behavior, means that we are sharing unprecedented amounts of

data about ourselves each day. This has given companies in Silicon Valley much more precise information on our preferences, allowing them to develop a whole new form of advertising known as ad targeting. The data we share through our social media platforms is gathered by software programs, enabling advertisers to target their audience by offering products and services based on their online preferences and behaviors.

This industry has skyrocketed, with $46 billion put toward programmatic advertising in 2018 and an estimated $65 billion in 2020.

The most powerful example of ad targeting is Google Adwords. This monitoring system uses machine learning to display ads coherently with someone’s browsing. The goal is to make the computer categorize user data, create associations between elements and ultimately learn from successes and failures.

Now, Google is running artificial intelligence that goes beyond analyzing what you click on or where you go, to probe the videos you watch, the songs you listen to, the text you read, and even data on the people you interact with online. Marketers and advertisers can use the data to make algorithms react to the consumer’s behavior, in order to determine the ideal time to show a specific ad.

Many people think Google’s servers are impenetrable and that they would never sell people’s data. However, “there is a growing sentiment among Americans that our federal laws need to reflect that we have fully entered the era of big data,” says Congressman Hank Johnson (D-Ga.), who recently proposed two data protection bills in the U.S. Congress.

The need for laws protecting privacy was brought to the forefront by a series of data breaches in 2018, including T-Mobile, Quora, Google, Orbitz and Marriot Hotels. These breaches affected over 100 million users, whose data was either viewed, copied, stolen or used by third parties.

Data breaches like these can occur for different reasons. First of all, data can sometimes be partially or fully de-anonymized using various statistical analysis techniques. Secondly, large warehouses of personal data tend to become targets for hackers, as Google stores people’s data in a fully identified form before making them anonymous upon release. Indeed, more than 500,000 Google+ users were subject to such a breach in Spring 2018. The software glitch in the site allowed outside developers to potentially access personal Google+ profile data. The data of hundreds of thousands of users was exposed, however, Google decided not to notify its users in fear of damaging their reputation.

While incidents like this show just how insecure our data already is, a recent announcement by Zuckerberg reveals that things may be about to get worse. In mid-January 2019, Mark Zuckerberg, Facebook’s chief executive, confirmed his plan to unify the messaging infrastructure of the three networks: Facebook Messenger, WhatsApp and Instagram. Zuckerberg said that this would not happen before 2020, explainingthat the process was aimed at ensuring end-to-end encryption, like WhatsApp. Zuckerberg explains that the goal is to create “the best messaging experiences” for the users. Essentially, all messages would be able to travel across the three platforms.

Facebook alone has over 2.32 billion monthly active users, while WhatsApp has 1.5 billion users who send 60 billion messages per day on and Instagram has 1 billion users who have shared over 50 billion images.

Following Zuckerberg’s announcement, there have been widespread antitrust, privacy and security concerns, as Facebook did not give further information on how people’s data will be used. In May of 2018, the EU put into effect the General Data Protection Regulation (GDPR) and shortly after the ePrivacy regulation. The GDPR is based on Article 8 of the European Charter of Fundamental Rights: Everyone has the right to respect for his private and family life, his home and his correspondence.” While GDPR is focused on the protection of personal data, ePrivacy protects the confidentiality of communications. For example, this would require user consent to track a user’s data files based on website visits stored on a computer, otherwise known as “cookies.”

In response to Zuckerberg’s announcement of using the data from the three platforms, the UK Information Commissioner Office (ICO) declared that sharing user information between different social media platforms is illegal.

Sandra Wachter, a lawyer and Research Fellow at the Oxford Internet Institute, explained that there will be a single point of vulnerability for malicious actors to target to access information, with all your past data from all three platforms. This is called data processing, and it is illegal if they do it without asking for the user’s permission.

To comply with the EU General Data Protection Regulation (GDPR), WhatsApp voluntarily committed to only share data with its parent company. Elizabeth Denham from the ICO explained, “WhatsApp has assured us that no UK user data has ever been shared with Facebook.” This ensured she would not issue a fine under the Data Protection Act, a UK law essentially implementing GDPR.

Perhaps the most problematic thing Zuckerberg has implemented is a legal basis for data processing. He will simply renew the users’ consent, just like Snapchat did in 2018 when it created the Snap Map, a feature that allows you to share your locations with your friends. Snapchat only asked for people to “agree” and most people continued using the app without a thought. “There’s a real concern that consumer protection law is basically being swallowed by click-to-agree clauses,” said David Hoffman, a professor at the University of Pennsylvania Law School.

In the long-run, initiatives such as the creation of the GDPR and ePrivacy may impact how data is manipulated in Europe by implementing stricter and more transparent rules against data sharing and data processing. However, we will never be sure if we are actually in control of our privacy if we are not aware of what forms of personal data is shared with marketing companies. As internet users, it’s important that we assess the value of our online privacy, with special attention to the fact that our private information could end up in anyone’s hands.

By Shadi Ayoubi

Illustration by Taline Shahinian