Digital privacy
Internet |
---|
Internet portal |
Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data.[1][2] Digital privacy, a crucial aspect of modern online interactions and services, can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.[3]
Digital privacy has increasingly become a topic of interest as information and data shared over the social web have continued to become more and more commodified; social media users are now considered unpaid "digital labors", as one pays for "free" e-services through the loss of their privacy.[4] For example, between 2005 and 2011, the change in levels of disclosure for different profile items on Facebook shows that, over the years, people have wanted to keep more information private.[5] Observing the seven-year span, Facebook gained a profit of $100 billion through the collection and sharing of their users' data with third-party advertisers.[4]
The more a user shares on social networks, the more privacy is lost. All of the information and data one shares is connected to clusters of similar information. As the user continues to share their productive expression, it gets matched with the respective cluster, and their speech and expression are no longer only in the possession of them or of their social circle. This can be seen as a consequence of building social capital. As people create new and diverse ties on social networks, data becomes linked. This decrease in privacy continues until bundling appears (when the ties become strong and the network more homogeneous).[6]
As digital privacy concerns grow, regulatory approaches have emerged to protect user data across various sectors. In the United States, privacy regulation has traditionally been sector-based, with different industries having their own rules. Since the 1970s, laws have covered areas like financial services, healthcare, and education. However, recent efforts, such as the American Data Privacy and Protection Act of 2022 (ADPPA), signal a shift toward a comprehensive privacy framework. This mirrors the European Union's General Data Protection Regulation (GDPR), which provides uniform privacy rules across all sectors.[7]
A key challenge in digital privacy regulation is tailoring data protection rules for specific industries, particularly in digital spaces like social media, search engines, and mobile apps, where data collection practices often exceed existing laws. The Federal Trade Commission (FTC) has played a central role in addressing these concerns, with its growing expertise in the digital landscape. As the digital economy evolves, there is increasing pressure for stronger privacy laws that balance privacy protection with competition. Advocates argue that this balance is necessary to protect users from exploitation by companies with massive data collection capabilities.
Types of privacy
[edit]Information privacy
[edit]In the context of digital privacy, information privacy is the idea that individuals should have the freedom to determine how their digital information is collected and used. This is particularly relevant for personally identifiable information.
The concept of information privacy has evolved in parallel to the evolution of the field of Information Technology (IT). The rise of networking and computing led to the dramatic change in the ways of information exchange. The baseline for this concept was put forward in the late 1940s, and the third era of privacy development began in the 1990s.[8]
The European Union has various privacy laws that dictate how information may be collected and used by companies. Some of those laws are written to give agency to the preferences of individuals/consumers in how their data is used. The General Data Protection Regulation (GDPR) is an example of this. In other places, like in the United States, privacy law is argued by some to be less developed in this regard.[9] By example, some legislation, or lack thereof, allow companies to self-regulate their collection and dissemination practices of consumer information.
It is a common practice in some countries to oblige companies and websites to provide users with notice and ask for the consent to collect their data and/or track activity.[10] However, the specifics of this procedure usually are not properly regulated, which allows websites to manipulate users into obtaining consent by reducing the visibility of the notice, the frequency of requests for consent, etc. This affects the power dynamics between companies and consumers, perceived risks, and jeopardizes the right to privacy in the collection of personal data.
One such example of privacy policies being called into question would be on the social media app TikTok. While collecting user data normally requires permission from the user, the app is known to be quite insistent on the user sharing the data, at least in comparison to other apps such as Facebook. Since TikTok is capable of running without the user's personal data being gathered, this has raised suspicions about the app being used for data harvesting by the government.[11]
Public Perception of Data Privacy Risks and Regulation
[edit]A 2023 Pew Research study highlights growing concerns among Americans about data privacy.[12] 81% are worried about how companies use their personal data, and 71% share similar concerns about government data usage. Many feel they lack control over their data, with 73% stating they have little control over how companies collect their information and 79% feeling the same about government data collection.
The report also reveals that a significant portion of Americans are confused about data usage. 77% do not understand how the government uses their data, and 67% feel similarly about companies. Additionally, there is strong support for more government regulation, with 72% of Americans believing that companies should face more oversight regarding personal information handling.
Despite concerns, Americans remain skeptical about their ability to protect their data. While 78% trust themselves to make decisions about online privacy, 61% feel their actions won’t make a significant impact. Racial and ethnic differences are also evident, with Hispanic, Black, and Asian adults more concerned about identity theft and data misuse compared to White adults.
Public trust in social media companies is low. 77% of Americans distrust social media executives’ ability to admit mistakes regarding data misuse, while 76% are skeptical about their commitment to prevent unauthorized data sales.
Communication privacy
[edit]In the context of digital privacy, communication privacy is the notion that individuals should have the freedom, or right, to communicate information digitally with the expectation that their communications are secure—meaning that messages and communications will only be accessible to the sender's original intended recipient.[3]
However, communications can be intercepted or delivered to other recipients without the sender's knowledge, in a multitude of ways. Communications can be intercepted directly through various hacking methods, such as the man-in-the-middle attack (MITM).[13] Communications can also be delivered to recipients unbeknown to the sender due to false assumptions made regarding the platform or medium that was used to send information. For example, the failure to read a company's privacy policy regarding communications on their platform could lead one to assume that their communication is protected when it is in fact not.[14] Additionally, companies frequently have been known to lack transparency in how they use information, which can be both intentional and unintentional.[15] Discussion of communication privacy necessarily requires consideration of technological methods of protecting information/communication in digital mediums, the effectiveness and ineffectiveness of such methods/systems, and the development/advancement of new and current technologies.
Many scholars have used communication privacy management (CPM) theory as a way to define control over private information. By sharing information with others through social media, the ownership of that information becomes collective.[16]
Individual privacy
[edit]In the context of digital privacy, individual privacy is the notion that individuals have a right to exist freely on the internet, in that they can choose what type of information they are exposed to, and more importantly, that unwanted information should not interrupt them.[3] An example of a digital breach of individual privacy would be an internet user receiving unwanted ads and emails/spam, or a computer virus that forces the user to take actions, which otherwise they would not. In such cases, the individual does not exist digitally without interruption from unwanted information; thus their individual privacy has been infringed upon.
Individual privacy
[edit]Some internet users proactively work to ensure information can not be collected, this is the practice of attempting to remain anonymous. There are many ways for a user to stay anonymous on the internet, including onion routing, anonymous VPN services, probabilistic anonymity, and deterministic anonymity.[17] Some companies are trying to create an all-in-one solution, In an interview with Tom Okman, co-founder of NordVPN he mentioned they're currently exploring a technology that will block trackers, cookies, detect malware before it lands on the user's device and more.[18]
Information anonymity
[edit]For a user to keep their information anonymous when accessing the web, onion routing can be used to ensure the protection of their personally identifiable information.
Onion routing was originally developed by the U.S. Naval Research Lab and was intended to anonymize web traffic.[19] The system created a path to any TCP/IP server by creating a pathway of onion routers. Once a pathway has been established, all information that is sent through it is anonymously delivered.[20] When the user has finished utilizing the pathway it was essentially deleted which freed the resources to be used for a new pathway within onion routing. The Onion Routing Project developed into what is today known as Tor, a completely open-sourced and free software. Unlike its predecessor, Tor is able to protect both the anonymity of individuals as well as web providers. This allows people to set up anonymous web servers that in effect provide a censorship-resistant publishing service.[19]
Communication anonymity
[edit]While the previously mentioned information anonymity system can also potentially protect the contents of communications between two people, there are other systems that directly function to guarantee that communication remains between its intended recipients.[21]
One of these systems, Pretty Good Privacy (PGP), has existed in various forms for many years. It functions to protect email messages by encrypting and decrypting them. It originally existed as a command-line-only program, but it has evolved in recent years to have its own full interface, and a multitude of email providers now offer built-in PGP support. Users can also install PGP-compatible software and manually configure it to encrypt emails on nearly any platform.[22]
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are measures to secure payments online. While these systems are not immune from breaches or failure, many users benefit greatly from their use as every major browser program has built-in support for it.[19]
Additional services
[edit]There are additional methods that work to provide anonymity and, by extension, protect the user's data.
As IP addresses can frequently be traced back to a specific physical location,[23] and likewise can identify someone as well, changing one's IP address can help users remain anonymous by providing access to a multitude of servers in various geographic locations around the world, allowing them to appear as if they are physically located in a selected area, even when they are not. This is an example of a method/service that works to allow for information and communication anonymity.[24] IP-address changers are one such service, which an internet user typically pays a fee to use.
The Virtual Private Network (VPN) is a technology that provides users secured connection over a non-secure public network such as the Internet through several tunneling protocols, handling, and encapsulating traffic at different levels to ensure communication security.[25] VPN is also effective in securing data and privacy over the cloud and data-center environments because it is capable of protecting IPs from exposure to different kinds of attacks. This technology can be categorized into SSL VPN and IPSec VPN, which are methods of data communication from a user device to a VPN gateway using a secure tunnel.[26] There is also the case of the VHSP mechanism, which protects the exposure of an IP address by assigning a temporal IP for the VPN gateway and its services.[26]
The use of network address translation (NAT) allows users to hide connections passing through a gateway behind the gateway through the use of a sensible hiding IP address that is routable to the issuing gateway.[27]
The (no) harm principle
[edit]Following the (no) harm principle of John Stuart Mill, private references must be respected: one can do whatever they want as long as others do not suffer from the consequences of it. In one's private space, alone, a person is free to do whatever they desire.
With the advent of photojournalism, the invasion of celebrities' private lives arose along with the notion of right-to-privacy—or what Samuel D. Warren II and Louis Brandeis branded in 1890 as "the right to be left alone."[28] Today's "privacy incidents" do not exclusively concern celebrities and politicians, as most people are connected and share data: people are not online to be left alone.
The economic value of data
[edit]According to Alessandro Acquisti, Curtis Taylor and Liad Wagman in The Economics of Privacy (2015),[29] individual data can be seen as having two types of value: a commercial value and a private value. The fact that data is collected can have both positive and negative effects, and can cause a violation of privacy and a monetary cost. As per Acquisti, Taylor, and Wagman, there are further concerns about the progress of collecting data as data analysis becomes increasingly more efficient.
Regulations such as the EU Data Protection Directive, the U.S. Children's Online Privacy Protection Act, and many more are being put in place; however, the IT industry is always evolving and requires the users to be empowered and focus on self-management of the online privacy. As such, it is very important for the lawmakers to continue focusing on the right balance between the use of the internet and the economics of privacy.
Privacy and information breaches
[edit]Methods can be purposely crafted to obtain one's personal information illegally. These directed attacks are commonly referred to as hacking, though that term refers to the general practice and does not address specific hacking methods and implementation. Various hacking methods as it pertains to the invasion of one's digital privacy are outlined below. As it pertains to intent, within hacking, there are two categories of invasion:
- Directed attacks against someone individually, and
- Directed attacks against groups.[30]
With the latter category, however, a hacker could effectively obtain a specified/particular individual's information through first targeting a larger group.[31] An example of this possibility could be as follows: if a hacker, named individual-A, wishes to obtain a particular person's information, individual-B, they could first target a platform or group that has individual-B's information already, such as a credit agency, or they could likewise target a group that individual-B has previously relinquished/provided their data to, like a social media network or a cloud based data service. Through targeting one of those groups, individual-A could effectively obtain individual-B's information by first hacking all data the group has, including the data of other individuals. Once obtained, the hacker could simply identify individual-B's information within the data and disregard the rest. Digital tools are available online to help thwart personal data theft.[32]
Phishing
[edit]Phishing is a common method of obtaining someone's private information.[33] This generally consists of an individual (often referred in this context as a hacker), developing a website that looks similar to other major websites that a target person commonly uses. The phishing website may look identical to the legitimate site, but its URL could have a variation in spelling or a different domain such as .org instead of .com.[34] The target person can be directed to the site through a link in a "fake" email that is designed to look like it came from the website they commonly use. The user then clicks on the URL, proceeds to sign in, or provide other personal information, and as opposed to the information being submitted to the website that the user thought they were on, it is actually sent directly to the hacker.[35] Phishing attacks commonly obtain bank and financial data as well as social networking website information.[34]
Online tools can help users protect their information from phishing attacks, including Web browser extensions, which are capable of flagging suspicious websites and links.[36]
Development and controversy
[edit]Digital privacy is a trending social concern. For example, over the past decade, the usage of the phrase digital privacy has increased by more than fivefold in published books.[37] A TED talk by Eric Berlow and Sean Gourley following the 2013 mass surveillance disclosures cast a shadow over the privacy of cloud storage and social media.[38] While digital privacy is concerned with the privacy of digital information in general, in many contexts it specifically refers to information concerning personal identity shared over public networks.[39]
As the secrecy of the American Foreign Intelligence Surveillance Act becomes widely disclosed,[40] digital privacy is increasingly recognized as an issue in the context of mass surveillance. Prior to the Edward Snowden disclosures concerning the extent of the NSA PRISM program were revealed in 2013, the public debate on digital privacy mainly centered on privacy concerns with social-networking services, as viewed from within these services. Even after 2013, scandals related to social-media privacy issues have continued to attract public attention. The most notable of these is the coverage of the Facebook–Cambridge Analytica data scandal in 2018, which led to a 66% decrease in public trust of Facebook.[41]
The use of cryptographic software to evade prosecution and harassment while sending and receiving information over computer networks is associated with crypto-anarchism, a movement intending to protect individuals from mass surveillance by the government.
Future Research
[edit]In the future, research on digital privacy should explore the intersection of security|cybersecurity and personal data protection. Specifically, it is crucial to investigate the evolving risks of cyber threats like malware, ransomware, and phishing, which threaten privacy. Moreover, a multi-disciplinary approach that combines legal, technological, and social perspectives would provide a comprehensive understanding of how personal data is shared, managed, and protected. This could expand the focus beyond individual protection to include the collective implications of digital privacy, particularly as new technologies like AI and IoT complicate privacy boundaries.[42]
See also
[edit]Further reading
[edit]- "Privacy and Information Technology" (Summer 2020 edition), Edward N. Zalta, Editor by Jeroen van den Hoven; Martijn Blaauw; Wolter Pieters; and Martijn Warnier, The Stanford Encyclopedia of Philosophy, October 30, 2019 (version). Retrieved October 6, 2022.
- Digital Data Collection and Information Privacy Law by Mark Burdon, Cambridge University Press, 2020.
- "Data Is Different, So Policymakers Should Pay Close Attention to Its Governance", by Susan Ariel Aaronson, Mira Burri. Editor, Part IV - Global Perspectives on Digital Trade Governance. Cambridge University Press, July 9, 2021. Retrieved October 6, 2022.
- "Data is disruptive: How data sovereignty is challenging data governance" Susan Ariel Aaronson, Hinrich Foundation August 3, 2021. Retrieved October 6, 2022.
- "Privacy, Big Data, and the Public Good: Frameworks for Engagement", by Combe C., Local Government Studies, 41(1), 181–182. 2014. Retrieved December 6, 2024.
References
[edit]- ^ TEDx Talks (2016-01-21), Privacy in the Digital Age | Nicholas Martino | TEDxFSCJ, retrieved 2018-11-28
- ^ Rice, James C.; Sussan, Fiona (2016-10-01). "Digital privacy: A conceptual framework for business". Journal of Payments Strategy & Systems. 10 (3): 260–266. doi:10.69554/MCBM2391.
- ^ a b c Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e-services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. hdl:10397/20138. ISSN 0887-6045.
- ^ a b Scholz, Trebor (2012-10-12). Digital Labor: The Internet as Playground and Factory. Routledge. ISBN 978-1-136-50669-7.
- ^ Stutzman, Fred; Gross, Ralph; Acquisti, Alessandro (2013-03-01). "Silent Listeners: The Evolution of Privacy and Disclosure on Facebook". Journal of Privacy and Confidentiality. 4 (2). doi:10.29012/jpc.v4i2.620. ISSN 2575-8527.
- ^ Tubaro, Paola; Casilli, Antonio A; Sarabi, Yasaman (2014). "Against the Hypothesis of the End of Privacy". SpringerBriefs in Digital Spaces. doi:10.1007/978-3-319-02456-1. ISBN 978-3-319-02455-4. ISSN 2193-5890.
- ^ MacCarthy, Michael (2023). "Privacy Rules for Digital Industries". Regulating Digital Industries: How Public Oversight Can Encourage Competition, Protect Privacy, and Ensure Free Speech. Brookings Institution Press. pp. 171–230. ISBN 978-0-8157-4015-5. JSTOR 10.7864/jj.10354693.7.
- ^ "Information Privacy Research: An Interdisciplinary Review". ResearchGate. Retrieved 2020-12-01.
- ^ "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground 2 University of Ottawa Law & Technology Journal 2005". heinonline.org. Retrieved 2018-11-28.
- ^ "Lexis® - Sign In | LexisNexis". signin.lexisnexis.com. Retrieved 2023-05-02.
- ^ Touma, Rafqa (2022-07-19). "TikTok has been accused of 'aggressive' data harvesting. Is your information at risk?". The Guardian. ISSN 0261-3077. Retrieved 2023-07-12.
- ^ "Views of data privacy risks, personal data, and digital privacy laws". pewresearch.org. 18 October 2023. Retrieved 2024-12-06.
- ^ "What is a man-in-the-middle attack?". us.norton.com. Retrieved 2020-10-10.
- ^ Kemp, Katharine. "94% of Australians do not read all privacy policies that apply to them – and that's rational behaviour". The Conversation. Retrieved 2018-11-28.
- ^ Meijer, Ronald; Conradie, Peter; Choenni, Sunil (2014). "Reconciling Contradictions of Open Data Regarding Transparency, Privacy, Security and Trust". Journal of Theoretical and Applied Electronic Commerce Research. 9 (3): 32–44. doi:10.4067/S0718-18762014000300004. hdl:1854/LU-5671907. ISSN 0718-1876.
- ^ Child, Jeffrey T.; Starcher, Shawn C. (2016-01-01). "Fuzzy Facebook privacy boundaries: Exploring mediated lurking, vague-booking, and Facebook privacy management". Computers in Human Behavior. 54: 483–490. doi:10.1016/j.chb.2015.08.035. ISSN 0747-5632.
- ^ Grahn, Kaj J.; Forss, Thomas; Pulkkis, Göran. "Anonymous Communication on the Internet". InSITE 2014: Informing Science + IT Education Conference. 14: 103–120.
- ^ Gewirtz, David. "Meet NordSec: The company behind NordVPN wants to be your one-stop privacy suite". ZDNet. Retrieved 2021-08-02.
- ^ a b c Acquisti, Alessandro; Gritzalis, Stefanos; Lambrinoudakis, Costos; Vimercati, Sabrina di (2007-12-22). Digital Privacy: Theory, Technologies, and Practices. CRC Press. ISBN 9781420052183.
- ^ Reed, Michael G.; Syverson, Paul F.; Goldschlag, David M. (1998). "Anonymous connections and onion routing - IEEE Journals & Magazine". IEEE Journal on Selected Areas in Communications. 16 (4): 482–494. CiteSeerX 10.1.1.728.3577. doi:10.1109/49.668972.
- ^ Edman, M. and Yener, B. 2009. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Comput. Surv. 42, 1, Article 5 (December 2009), 35 pages. doi:10.1145/1592451.1592456
- ^ Zimmermann, Philip R. (1999). "Why I Wrote PGP". Essays on PGP. Philip Zimmermann.
- ^ Ruiz-Sanchez, M. A.; Biersack, E. W.; Dabbous, W. "Survey and taxonomy of IP address lookup algorithms - IEEE Journals & Magazine". IEEE Network. 15 (2): 8–23. doi:10.1109/65.912716.
- ^ "What an IP Address Can Reveal About You" (PDF). Technology Analysis Branch of the Office Privacy Commissioner of Canada. May 2013.
- ^ Doss, Robin; Piramuthu, Selwyn; Zhou, Wei (2016). Future Network Systems and Security: Second International Conference, FNSS 2016, Paris, France, November 23-25, 2016, Proceedings. Cham: Springer. p. 3. ISBN 9783319480206.
- ^ a b Kim, Kuinam (2015). Information Science and Applications. Berlin: Springer. p. 1053. ISBN 9783662465776.
- ^ Simonis, Drew; Pincock, Corey; Kligerman, Daniel; Maxwell, Doug; Amon, Cherie; Keele, Allen (2002). Checkpoint Next Generation Security Administration. Rockland, MA: Elsevier. pp. 498. ISBN 978-1928994749.
- ^ Warren, Samuel D.; Brandeis, Louis D. (1890). "The Right to Privacy". Harvard Law Review. 4 (5): 193–220. doi:10.2307/1321160. ISSN 0017-811X. JSTOR 1321160.
- ^ Acquisti, Alessandro; Taylor, Curtis R.; Wagman, Liad (2015). "The Economics of Privacy". SSRN Working Paper Series. doi:10.2139/ssrn.2580411. ISSN 1556-5068. S2CID 7745229.
- ^ Koumourou, Xenophon (10 September 2012). Hacking analysis and protection: Hacking analysis and protection methods. CreateSpace Independent Publishing Platform. ISBN 978-1463764944.
- ^ Dubovitskaya, Maria (12 February 2018), Take back control of your personal data, retrieved 2018-12-12
- ^ "How to Protect Your Digital Privacy" Throrin Klosowski, The New York Times, September 6, 2021. Retrieved October 6, 2022.
- ^ Chiew, Kang Leng; Yong, Kelvin Sheng Chek; Tan, Choon Lin (2018-09-15). "A survey of phishing attacks: Their types, vectors and technical approaches". Expert Systems with Applications. 106: 1–20. doi:10.1016/j.eswa.2018.03.050. ISSN 0957-4174. S2CID 46919702.
- ^ a b Hassan, Nihad; Hijazi, Rami (2017). Digital Privacy and Security Using Windows: A Practical Guide. New York: Apress. p. 69. ISBN 9781484227985.
- ^ Lacey, David; Salmon, Paul; Glancy, Patrick (2015-01-01). "Taking the Bait: A Systems Analysis of Phishing Attacks". Procedia Manufacturing. 3: 1109–1116. doi:10.1016/j.promfg.2015.07.185. ISSN 2351-9789.
- ^ Acquisti, Alessandro; Gritzalis, Stefano; Lambrinoudakis, Costos; di Vimercati, Sabrina (2007). Digital Privacy: Theory, Technologies, and Practices. Boca Raton, FL: Auerbach Publications. p. 14. ISBN 9781420052176.
- ^ "Google Ngram Viewer". Retrieved 2022-08-19.
- ^ Gourley, Eric Berlow and Sean (18 September 2013), Mapping ideas worth spreading, retrieved 2018-11-27
- ^ "Privacy". Electronic Frontier Foundation (in Spanish). Retrieved 2018-11-27.
- ^ Roberts, Jeff (2013-08-22). "Google and Microsoft's plea on NSA requests moves slowly in secret court". gigaom.com. Retrieved 2018-11-27.
- ^ "Zuckerberg's apology tour has not done much to regain user trust". NBC News. 18 April 2018. Archived from the original on 2023-06-14.
- ^ IEEE (2023). "What Is Digital Privacy and Its Importance?". IEEE. Retrieved 2024-12-06.