The Internet has opened a wide window to a new world of possibilities since its inception as a space opened for everyone in the 1990s. Today, 4.5 billion internet users worldwide communicate, trade, enjoy, perform administrative tasks and carry out many other activities online that was unthinkable 30 years ago.

Governments make an effort to adequate their infrastructure to improve the digitalisation of their territories. The goal is to foster business and better service to their citizens. These efforts have been boosted after the pandemic, as technology has proven vital to keeping our economy and supporting our lifestyles.

However, the Internet is currently powered by companies with commercial interests. In summary, in 2021, approximately 25% of the S&P 500’s market capitalisation was accounted to five technological companies: Google, Apple, Facebook, Amazon, and Microsoft. So the largest companies in the world are technological ones, and they have a significant influence.

Consequently, the few companies controlling the market have a suffocating impact on our autonomy, democracy, well-being, social fabric and innovation. So they make it very difficult for other parties to carry out different proposals that could include palliating the planet’s heating, the challenge of population growth or democracy.

What is the role of data in this status quo?

Companies rely on data and interoperability to enhance their products, services and technology. Additionally, data allows them to study their customers and predict what stimulus will trigger them to purchase a good or a service, a practice called behavioural advertising.

«As technology improves, the gap between predicting and manipulating is closing.»

Ariel Ezrachi and Maurice Stucke, in their book “How Big-Tech Barons Smash Innovation—and How to Strike Back.”

Comparatively, behavioural advertising is becoming similar to subliminal advertising, where consumers are unaware that they see an advertisement and are manipulated into purchasing. And there are good reasons for most countries to have legislation regulating or prohibiting subliminal advertising.

To give a dimension to how important our data is to companies, I copy below some information I found on the Disconnect.io website (accessed on November 1^st, 2022), a vendor of data privacy solutions:

• There are approximately 4,000 data brokers worldwide,
• 38% of the Americans’ pay stub information is available on Equifax, a consumer credit reporting agency (this is only US. Something similar happens in other countries), and
• Acxiom, a marketing company, has roughly 3,000 data points tracked per person in their databases.

Consequences to citizens

Our data is a big business, as we have just seen. The information companies gather email, name, exact location, routines, preferences, names of our kids and pets, activities, etc.

There are plenty of opportunities to collect our data. For example, websites and mobile apps deploy trackers that follow us all over the internet and share the information they collect with third parties. Our Internet Service Providers (ISPs) collect personal data every time we go online. Most countries require ISPs to store this information for several years in case the authorities need to investigate criminal activities. However, the ISPs also share some data with others who monetise it without our knowledge or consent.

Consequently, all the information the different organisations collect about us can be used directly or indirectly through social engineering:

• For behavioural advertising,
• To know our passwords to access our bank accounts or charge us with goods we never enjoy,
• Impersonate us, which can have legal consequences, or
• There could be legitimate needs, backed up by the law. For example, when a court warrants a police corp to investigate terrorism, or if we use applications to locate our children, or give our position to rescue teams.

Leaving aside any legitimate need to access our personal data, there are two key ideas we must always keep present:

1. We do not always realise that what happens online doesn’t stay online. Our digital activity is part of our lives, and it influences them.
2. Our data is captured by any company that can later sell it to other parties that exploit it globally. Additionally, we use online services scattered worldwide and their partners. So what happens in our antipodes could easily happen to us.

Privacy is critical for humans to keep our mental health, prosper, grow from a personal perspective, and care for our families and friends. Our data belongs to our private realm.

Where’s the sheriff for Data Protection?

There are several pieces of legislation in various territories to protect personal data. However, they are insufficient as they don’t cover all possibilities. Moreover, governments are slow to progress in setting limits to harmful activities.

GDPR

The European Union approved the General Protection Regulation (GDPR) a few years ago. GDPR is a framework to grant European residents some control over their data.

However, Europeans use many services in other countries, and it isn’t easy to grant data the same level of protection when it leaves the EU. For example, there are tensions between the US and EU diplomacy over the exchange of information, as they don’t have the same view on data protection. The US alleges that they will proportionally look into personal data that crosses the Atlantic only when necessary. That’s not enough commitment to protect their residents’ data for the EU.

Another irregular situation is when we cross borders with countries, as customs of the landing country may search among the devices and documents we carry. For instance, customs officials in American airports can copy your electronic devices to a database. They keep records for 15 years, and roughly 2,500 employees can access that information without a warrant.

In any case, GDPR doesn’t protect Europeans from the contracts we sign granting permissions to a company to share our data with unknown partners for unspecific activities, cookie consent to gather information or app tracking through devices, among other rampant collection activities.

Accountability and responsibility

Unfortunately, digital companies have little accountability for protecting data or preventing their services from harming people.

Recently, a former Chief Security Officer at Uber was found guilty of actively hiding a data breach, after taking several actions against the law, including making the hackers sign a Non-Disclosure Agreement (NDA). This case is the first one of this kind in the world.

We are still waiting to see if an American court will hold YouTube responsible for radicalising the IS participants in the 2015 terrorist attack in Paris.

Unfortunately, even though the inquest into the death of a teenager in the UK ruled that she had “died from an act of self-harm while suffering from depression and the negative effects of online content”, as The Guardian explains, there have not been consequences to the social media which provided such negative information.

Further options to protect Data Privacy

Another key organisation in keeping data privacy is the International Telecommunications Union, a United Nations agency facilitating global communications. One of their tasks is to decide if they obfuscate information about source and target in data packages, which is crucial for privacy. However, we citizens need more information about their decisions and how they are implemented.

Since legislators act slowly and face significant resistance from powerful parties, some people have turned to Web 3 and decentralisation, looking for solutions. Web3 is in an early stage, though, and it may only answer some issues.

What can we citizens do?

We are responsible for protecting our privacy, keeping informed and letting our governments know our demands.

Indeed, we can actively protect our data privacy (at least to some extent). In my next two posts, I will discuss some routines we can incorporate to enhance our data privacy and how to choose our browsers and search engines.

Additionally, you can read “How Big-Tech Barons Smash Innovation—and How to Strike Back” by Ariel Ezrachi and Maurice Stucke. This book analyses the impact and influence of the largest technology companies and explains how the tendency is changing in some aspects.

Finally, keep informed on the news, including technical aspects. There are several newspapers and podcasts on the topics. I particularly enjoy Professor John Naughton’s column on Sundays in The Observer.