Data privacy is the biggest tech human rights concern today. While this contention might seem exaggerated to some, to most people working in tech today experts are aware of how new technology poses serious threats to our privacy as the recent case of Google’s recent purchase of Fitbit which ensures the tech giant’s reach into private health information. And this would not be the first case of big tech overreaching privacy laws.
The US Department of Health and Human Services Office for Civil Rights has a website specifically dedicated to such breaches of information in its list of cases currently under investigation. But healthcare information is just the tip of the iceberg for data privacy concerns.
And there are short-term “fixes” for privacy concerns, none of which are actually impermeable to data breaches. For instance, the latest Firefox browser shows who is tracking your online movements by allowing users to see cookies, trackers and fingerprinters monitoring your online activity. And Brave is a relatively new browser which not only loads faster than its competitors, but Brave prides itself on privacy and security. Still, government tracking and big business hacking are not entirely avoided by these browsers as there are still loopholes in privacy protections by extensions on Firefox’s platform. Even the best VPN solutions to hide one’s IP address are proving not to be failsafe solutions for those invested in privacy maintenance.
Still, privacy is not limited to browser history or tracking and extends far beyond this. In Australia, a man applying for a job on a Queensland gas project was asked to have his biodata (blood samples) sent overseas, a request which he pushed back against. After Australia’s Electrical Trades Union (ETU) pressured the company to desist, the case was finally laid to rest. A similar case in Queensland involved Jeremy Lee, a sawmill worker, who refused to surrender his fingerprints to his employer as part of their new work sign-in procedure. He was fired from his job and later won his unfair dismissal case against his former employer.
The larger questions as to our privacy are not just relegated to our browser history, but are now shown to envelop every aspect of our lives to include our bodies. From government surveillance to election interference to censorship by social media giants, the internet is turning into a space of fewer—not more—freedoms.
The recently issued Freedom on the Net report (2019) studies internet freedom in 65 countries from around the world covering 87 percent of the world’s internet users. Specifically, this report tracks improvements and declines in internet freedom conditions each year where the countries included in the study are “selected to represent diverse geographical regions and regime types.” The report makes a damning condemnation of social media specifically, noting how “unscrupulous partisan operatives have exploited the unregulated spaces of social media platforms, converting them into instruments for political distortion and societal control.” Also noted in the Freedom on the Net report is how social media allows certain freedoms of expression by ordinary people, civic groups, and journalists in reaching a wider audience, “but they have also provided an extremely useful and inexpensive platform for malign influence operations by foreign and domestic actors alike.” One of the most important conclusions of this report is that social media, the ostensible space of freedom of expression, is what is being preyed upon by corporate and political interests, noting: “Whether due to naïveté about the internet’s role in democracy promotion or policymakers’ laissez-faire attitude toward Silicon Valley, we now face a stark reality: the future of internet freedom rests on our ability to fix social media.”
The tie into government and corporate spying and privacy rights are intertwined, and inextricably so as the Freedom on the Net report recommends that “governments should swiftly amend existing privacy legislation to address the proper use of this technology.” Specifically, the report recommends the following:
Enact robust data privacy legislation. In the United States, policymakers should pass a federal electronic privacy law that provides robust data protections and harmonizes rules among the 50 states. Individuals should have control over their information and the right to access it, delete it, and transfer it to the providers of their choosing. Companies should be required to disclose in nontechnical language how they use customer data, details of third parties that have access to the data, and how third parties use the data. Companies should also notify customers in a timely fashion if their data is compromised. Governments should have the ability to access personal data only in limited circumstances as prescribed by law and subject to judicial authorization, and only within a specific time frame. Given the technical measures—including cyber attacks— that both foreign and domestic actors use to access citizens’ personal information, data privacy legislation should also be paired with cybersecurity requirements on the collection and amassing of user data.
The report also recommends restricting the export of sophisticated monitoring tools and to strictly regulate the use of social media surveillance tools as well as the collection of social media information by law enforcement and government. The report also recommends that users maintain control over their information and ensure that it is not being misused. With the adoption of Brave browser in Spain recently having overtaken Firefox reporting 80 million monthly users we can see that there is heightened awareness of privacy concerns. Even simple procedures like online questionnaires, applications for credit cards or signing up for new accounts lend to users’ becoming more vulnerable to privacy breaches. While some internet users are becoming more aware of the dangers of corporate tracking and government spying, the cognizance of the political ramifications of data privacy is still not wide enough to effect changes in current policy and law, much less in the majority of users’ online behavior and tools.
The same kinds of tracking and spying mechanisms that we see in play today from Google to Facebook are not isolated incidents limited to online browsing or social media engagement but are very much connected to how whistleblowing is curtailed and how private citizens become subjects of operations for which their identities are largely tertiary. In his recent book, Permanent Record (2019), Edward Snowden notes how the law is lagging far behind technology. He writes:
One major irony here is that law, which always lags behind technological innovation by at least a generation, gives substantially more protections to a communication’s content than to its metadata—and yet intelligence agencies are far more interested in the metadata—the activity records that allow them both the “big picture” ability to analyze data at scale, and the “little picture” ability to make perfect maps, chronologies, and associative synopses of an individual person’s life, from which they presume to extrapolate predictions of behavior. In sum, metadata can tell your surveillant virtually everything they’d ever want or need to know about you, except what’s actually going on inside your head.
From data privacy to government surveillance, our information is out there to be collected and inferred upon such that actual information becomes a découpage of associations and inductions. Facts remain sparsely available and inference and “gut feelings” rule the day.
And here is the rub for those of you reading this who think that having a secure browser will solve all your privacy problems. In short, it won’t. We need to push our policy makers and politicians to clamp down on privacy violations and to follow through on the what the Freedom on the Net report recommends in terms of a more international application of our human right to privacy, namely to “adhere to the UN Guiding Principles on Business and Human Rights and conduct human rights impact assessments for new markets, committing to doing no harm.” For where there is data protection in one geographical region does not mean that no harm will be undertaken elsewhere which is why we need to work in solidarity with those across the globe to create data privacy for all, today.