Is data privacy a fantasy? Buck up for the privacy future

Have you ever heard of Zenly, a popular location-sharing app among youngsters?

It allows users to share real-time locations with friends and pinpoint their friends’ locations when they open the app. Also, this app provides functions for messaging with friends, discovering nearby friends, planning events and meetups, activity status indicators, and even safety measures like SOS alerts. So basically, Zenly is designed to facilitate social connections and make it easier for friends to meet up or coordinate activities by providing visibility into each other’s whereabouts. However, it shut down in Feb 2023 and integrated its service with its parent company Snapchat.

We don’t discuss specific reasons for shutting down here, but Zenly, as a social app primarily used for location tracking, continuously faced debates and concerns about data privacy and surveillance risk, which is also common to many apps in location-sharing space (such as Apple Find My, DiDi, Life360). Also, the data collection and usage during the process is a potential risk. So, in this blog, using Zenly as a hook and example, we will explore data privacy in the digital are, and try to figure out new meaning and importance of privacy, protection dilemma, privacy paradox, and policy and governance of privacy protection.

More meaning: The new identity in the digital world

As we all know, privacy is a crucial component of human rights, and it protects us from many damages. However, privacy has acquired a new significance in the digital environment with the rise of data and surveillance. It is called data privacy, also named information privacy in some news or articles. Data privacy empowers individuals to control personal information, such as body, home, property, thoughts, feelings, secrets and identity. It ensures fair, legal, and transparent usage by other parties while respecting the individual’s preferences and expectations. To be more specific, data privacy involves personal information collection, the invisible exchanges between free online services and data collection, commercial and governmental engagement in detailed personal profiling, and informed consent (Flew, 2021). It is your personal choice and right to decide what kind of information you want to be shared and stored, and with whom or to whom.

The importance of data privacy is beyond all doubt, and we need to understand that your rights as your personal information is not just a set of data but a form of an individual’s identity. It is a digital right that protects your autonomy and freedom from interference, surveillance, and control by unknown parties (Flew, 2021), and keeps you far from cybercriminals like financial fraud or identity theft. It also maintains your confidentiality and dignity (Flew, 2021) to prevent sensitive information from being leaked and promotes freer expression and exploration in democratic societies (Karppinen, 2017; Marwick & Boyd, 2018).

The Intricate Tapestry of Privacy

Data privacy is a complex issue in the digital area due to the intersection of technology, ethics, and the legal system.

First is technology. Data collection is everywhere and sophisticated technology used in analysis and exploitation makes governance and protection challenging and complicated. The common technologies applied in our daily lives are profiles on social media, cookies on websites, IP address tracking, cloud storage like iCloud and so on. This is the data collected by Zenly. Also, there are some technologies used for commerce, industry development or state governance like data mining, blockchain and AI. Although the dynamic advancement offers benefits and convenience, it also continues to open new ways for privacy invasion (Flew, 2021). Moreover, the governance of digital privacy is not just the responsibility of the national government but involves a complex interplay of international bodies, tech giants and other stakeholders. This is a complex power dynamic about the establishment and enforcement of rules (Flew, 2021). Among that, tech giants like Facebook, Google and Amazon have significant power in establishing and enforcing rules on their platforms, such as terms of service, content moderation policies and algorithmic decision-making systems (Suzor, 2019). However, the rules built by platforms are opaque and not open in their standard and detail, also it does not have oversight by any users and regulators, which raises concerns about transparency and accountability.

The privacy policy of Zenly

Then is ethics. There is a dilemma about achieving the balance between user autonomy and the commodification of personal data, which points out the concerns of data as a commodity. Commercial activities prioritize data profits over individual rights and collect data with the fuzzy or outlawing method, inducing users to share information or privacy with unknown agencies or parties by complex and inexplicable policies. These opaque and lengthy terms of service agreements harm users’ autonomy and right-to-know (Suzor, 2019; Flew, 2021; Nissenbaum, 2018). Moreover, data privacy may exacerbate inequality because of the digital divide. Nowadays, mainstream privacy protection and policies are mostly designed around majority groups. In that case, privacy achievement requires the privilege’s support and facilitation, which means we should consider the needs and intersectionality of marginalized populations, such as people of lower socioeconomic status, racial and ethnic minorities, LGBTQ+ communities, and others who experience marginalization (Marwick & Boyd, 2018). It also calls for more inclusive and diverse ways to understand privacy and protection.

Then comes the legal system. As we all know, the pervasive internet connects every corner of the world, enabling the transmission and sharing of data at an unprecedented scale and speed. This makes privacy protection a super large-scale collaboration of government. However, data privacy regulations vary across countries, even the states because of the diverse cultures and legal frameworks, it is difficult to set a standard and specific boundary for enforcement. Plus, it is also important to clarify the new need for new human rights in digital time. Technological advancements increase the potential for surveillance and control, risking freedoms and democratic principles (Karppinen, 2017). What’s more, digital transformation has not only brought new rights issues but also aroused the debate over the balance between privacy, security, and economic efficiency, such as the global encryption debate between national security and personal privacy, which challenges clear and universal privacy regulations (Ahlam, 2021). Under this circumstance, digital human rights are not just a legal right, but also complex, dynamic, living principles navigated within diverse political and ideological views. It also can be used as a tool to challenge surveillance and censorship abuses and defend against threats from state and corporate power (Karppinen, 2017).

Privacy Paradox: Has Data Privacy Left the Chat?

While the importance of data privacy is widely recognized and claim they value their privacy, they are still willing to share their preferences and information on platforms, which could potentially hurt their privacy.

Here is a lively example of Zenly users:

Some Zenly users have raised concerns about significant privacy risks by using the app, particularly criticizing its ineffective privacy settings like ghost mode. They have noted problems such as the app continuing to share location data even after being closed, excessive collection of personal data, and the potential for being tracked by strangers online. Despite these concerns, Zenly was still their go-to social app.

Through that, we can understand that privacy paradox is a discrepancy between users’ expressed attitudes towards privacy and their actual online practices (Barnes, 2006).

Figure 1. The Online Privacy Dilemma.
This image, taken from Norton’s 2021 blog, illustrates the online privacy dilemma (Norton, n.d.).

However, why does the privacy paradox emerge? According to existing studies privacy-related research (Kokolakis, 2017), there are several reasons:

– A mental trade-off between benefits and risk: users are unwilling to break the convenient habits or behaviours. Like Zenly users were unwilling to give up social connections they have established.

– The emotional ties and social connection: For example, people use Zenly because “a lot of my friends are on it” and “it’s the hype now”.

– Cognitive biases like optimism bias: Users have overconfidence in their privacy knowledge and underestimate their risk of experiencing privacy leakage. For example, Zenly users signed up confidently and skipped reading the privacy policy, because they believed that Zenly and its parent company Snapchat are famous and had solid guarantees.

– Decision-making under Incomplete information, bounded rationally: Users lack professional knowledge about to fully understand some implications of policy and accept all permissions for convenience.

The privacy paradox has complex reasons behind it and influences users’ behaviour from a mix of psychological, social and immediate contextual factors (Kokolakis, 2017). And we cannot define privacy paradox solely as a lack of awareness or knowledge. However, the most interesting is that although users recognise the risk of privacy leakage, they still prefer to keep using the service anyway with different degrees of attitude. Scholar Alan Westin (2013, as cited in Flew, 2021) sorts them into three main camps based on how they view online privacy:

  • Privacy Fundamentalists: 90-100% prioritize privacy.
  • Privacy Pragmatists: 45-55% weighing the benefits.
  • Privacy Unconcerned: 0-10% a little care.

Beyond that, if an individual feels overwhelmed by the complexity of digital ecosystems and holds negative attitudes (like skeptical, uncertainty, powerlessness, and mistrust) about the effectiveness of privacy protection and policy, it will appear as a resigned state about digital privacy, called privacy cynicism (Hoffmann, Lutz & Ranzini, 2016). Those users believe any protection efforts are useless because they cannot handle various complicated online services and technologies and believe their privacy rights will be damaged by unavoidable and overwhelming external forces . It can be said that this concept emerged out of surveillance and data leakage scandals, and it is an upgraded version of the privacy paradox. Although those users might have fallen into a state of resignation about data privacy, it is still a good opportunity for scholars, institutions and governments to analyse individual perceptions shifting and public discourses on privacy risks, behaviour and cynicism (Hoffmann, Lutz & Ranzini, 2016), then structure an effective legal system to protect privacy and relevant digital rights.

Triumph in Privacy: Are We There Yet?

It is a complex issue that data privacy requires a comprehensive understanding of our rights and the mechanisms in place to protect those rights. Also, providing a persuasive and effective policy for users to protect their privacy is a key step. It means we must discuss this issue from a macroscope – policy and governance.

However, despite the ongoing challenges we talked about above, it is worth pointing out that the world is on the way to addressing these hidden risks and eliminating privacy concerns. There are three remarkable and significant legal systems, The General Data Protection (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and Australian Privacy Principles (APPs).

The General Data Protection Regulation (GDPR) sets a new standard for data protection. This regulation not only gives EU citizens strong data rights, such as requesting access to personal data, requesting deletion of information under qualified circumstances, and freely transferring data between service providers, but also includes the right to receive prompt notification of data leakage (European Parliament and the Council of the European Union, 2016). GDPR has a profound impact on businesses around the world, forcing them to overhaul their policies to ensure compliance.

In addition, GDPR (European Parliament and the Council of the European Union, 2016) sets specific requirements for organizations of different sizes: large enterprises are required to establish a complete privacy management framework and cultivate an internal data protection culture; for small organizations, it is recommended to implement more flexible and moderate management strategies to strengthen employee Awareness and enforcement of data protection. The GDPR also stipulates that organizations that handle large amounts of sensitive data must appoint a Data Protection Officer (DPO), who will oversee GDPR compliance and provide professional advice on data protection.

When a personal data leak occurs, GDPR also has a strict reporting and recording mechanism, requiring organizations to effectively detect, investigate and report data leaks, and to keep detailed records of all related activities (European Parliament and the Council of the European Union, 2016). These regulations ensure a high level of accountability and transparency by organizations when processing personal data.

Both the CCPA and APP introduce some subtle differences in data privacy that reflect the priorities and legal culture of their respective regions. While GDPR is generally considered to be more comprehensive and stricter in scope and enforcement, CCPA gives consumers the ability to directly decide whether to sell their personal information by increasing their control over the sale of their data (State of California Department of Justice, 2024). The CCPA also specifically requires companies to add a “Do Not Sell My Personal Information” link to their websites to make it easier for consumers to exercise their rights. At the same time, APPs emphasize transparency and accountability, requiring organizations to handle personal information openly and transparently, paying special attention to the use of personal information for direct marketing, and giving individuals the right to refuse the use of their information for direct marketing (OAIC, 2023). Each of these different legal frameworks contributes a unique perspective to the global privacy and data protection conversation.

Conclusion

In this evolving digital age, data privacy remains a challenge, and while governments are increasing their efforts to find solutions, it is also an issue that requires each of us to work together. Enterprises need to be socially responsible, abide by relevant laws and regulations and protect personal data. As netizens, we must enhance our awareness of personal information protection, maintain a positive attitude, and reasonably control our data-sharing behaviour. Not only should we become a digital literacy advocate, but also actively participate in the establishment and implementation of privacy policies.

Make an effort for a better digital environment together!

References

Ahlam, R. (2021). Apple, the government, and you: Security and privacy implications of the global encryption debate. Fordham International Law Journal, 44(3), 771. Available at: https://ir.lawnet.fordham.edu/ilj/vol44/iss3/5

Barnes, S. B. (2006). A privacy paradox: Social networking in the United States. First Monday, 11(9). https://doi.org/10.5210/fm.v11i9.1394

European Parliament and Council of the European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2016/679

Flew, T. (2021). Issues of concern. In Regulating platforms (pp. 98-130). Polity Press.

Hoffmann, C. P., Lutz, C., & Ranzini, G. (2016). Privacy cynicism: A new approach to the privacy paradox. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 10(4), Article 7. https://doi.org/10.5817/CP2016-4-7

Karppinen, K. (2017). Human rights in the digital. In H. Tumber & S. Waisbord (Eds.), The Routledge Companion to Media and Human Rights (1st ed., pp. 95-103). Routledge. https://doi.org/10.4324/9781315619835-9

Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security, 64, 122-134. https://doi.org/10.1016/j.cose.2015.07.002

Marwick, A. E., & Boyd, D. (2018). Understanding Privacy at the Margins: Introduction. International journal of communication [Online], 1157+. https://link.gale.com/apps/doc/A561120196/AONE?u=usyd&sid=bookmark-AONE&xid=3df64beb

Norton. (n.d.). The online privacy dilemma [Image]. Retrieved from https://us.norton.com/blog/privacy/how-much-privacy-we-give-up

Nissenbaum, H. (2018). Respecting Context to Protect Privacy: Why Meaning Matters. Science and Engineering Ethics, 24(3), 831-852. https://doi.org/10.1007/s11948-015-9674-9

OAIC. (2023). Australian Privacy Principles. Office of the Australian Information Commissioner. https://www.oaic.gov.au/privacy/australian-privacy-principles

State of California Department of Justice. (2024, March 13). California Consumer Privacy Act (CCPA). State of California – Department of Justice – Office of the Attorney General. https://oag.ca.gov/privacy/ccpa

Suzor, N. P. (2019). Who Makes the Rules? In Lawless: The Secret Rules That Govern our Digital Lives (pp. 10–24). chapter, Cambridge: Cambridge University Press. https://doi.org/10.1017/9781108666428

Be the first to comment

Leave a Reply