No one can escape information leaks: The balance between information collection and information leakage in the age of data

Have you ever received junk mail? Do you get harassed by calls from strange numbers? If so, congratulations, your personal information may have been compromised.

With the development of Internet technology, whether for work or study, we are increasingly relying on digital devices and social media platforms. The digital age has arrived. It has changed our way of life and provided us with convenience. However, with the innovation of these technologies, the risk of leakage of personal information and data abuse also increases. With the growing popularity of social media networks, people are most concerned about whether personal information will be leaked online (Flew, 2021, p.101). Not only the users but, Information security in both government and media platforms will be challenged. The leak of information from Optus, Australia’s second largest telecommunications company, further confirms this social phenomenon.

In September 2022, Australian telecommunications company Optus suffered a major data breach. The company has about 10 million users whose personal information was stolen, including but not limited to names, dates of birth, home addresses, phone numbers, and passports. Although the head of Optus said the payment information was not leaked. In a subsequent survey, the government concluded that 2.8 million people could be at risk of identity theft and fraud. Optus CEO Kelly Bayer Rosmarin said Optus had strong cyber security systems in place and she was disappointed this had happened (Turnbull, 2022). This could be the worst data breach in Australian history. It turns out that no matter how strong the security protection system is, people’s privacy information will be threatened, which has aroused people’s discussion and the government’s deep thought.

Privacy paradox

There is a growing awareness of the risks of excessive data collection and analysis. Francis and Francis (2017, p.46) argued that although people think that the leakage of private information is very critical, they seem to be indifferent. Research data shows that 57% of people are worried about their privacy information being violated by companies, and some people believe that the government is the reason for their information leakage (Gerard et al., 2017, p.16). People expressed a high level of concern about privacy in the survey, and it is clear that people have become aware of the potential risks and threats of large scale data collection and analysis, but they have not reduced their use of social media platforms. This is the privacy paradox. It’s not surprising that people are willing to trade personal information for benefits. This phenomenon always appears in the digital platform, the information that users get from the website is more valuable than the information they provide to the website. However, when a customer’s phone number is recorded for a simple cash transaction in a store, it will arouse consumers’ thinking about who gets more benefits in such a situation (NORBERG et al., 2007).

Why does this happen? First of all, it is due to the asymmetry of information. Users are not aware of how data is collected and used and are not transparent about how data is shared and used. Then, users may ignore the long-term privacy risks and focus more on free service or convenience features. For example, when users want to access the website for free to obtain information, they must enter personal information and agree to the terms of service. Finally, in daily digital services, people value convenience more, and often a large proportion of users do not read the terms of service signed when registering.

Privacy protection in Australia compared with other countries

“We are a decade behind in cyber security,” said Clare O’Neil, Australia’s minister for cyber security. This Optus information leak incident can be directly reflected, highlighting that Australia lags behind other parts of the world in privacy and Internet issues (Turnbull, 2022). Daly (2017) believes that Australian laws fail to protect privacy, which has been widely recognized. People are demanding change from the government, but the government is not willing to change and innovate. There is no privacy provision in Australia’s constitution and, unlike other countries, it is not enforceable for privacy breaches.

Compared with Australia’s imperfect legal system, the European Union has a sound system for privacy protection. They introduced the General Data Protection Regulation (GDPR), which was created in 2018 and aims to provide tougher and more comprehensive protection for the personal data of EU citizens and residents. It applies to any location and organization within the EU, even if a business is outside the EU, but must comply with the GDPR whenever it involves the personal data of EU citizens. The GDPR imposes strict conditions on the transfer of personal data to countries outside the EU, ensuring that the data is adequately protected during transmission. Even if a data breach occurs, data processors are required to report it to regulators within 72 hours.

China, with its rapid development of digital media, also has well-established privacy policies. The Personal Information Protection Act will come into effect in 2021. This is the first comprehensive law in China that specifically addresses the protection of personal information. It stipulates the principles of personal information processing and gives citizens the right to their private information, such as the right to know, the right to access, the right to delete, etc., so that users can control their privacy from being violated.

The impact of information leakage

The disclosure of private information can have a huge impact on individuals, platforms, and governments.

For the users, some platforms collect users’ information and use users’ private information such as interests, hobbies, location, and habits, especially some social platforms, such as the web, a very popular Chinese social media platform, similar to Facebook. The platform collects information between the user and the post, and the platform can even connect to the account of a friend or family member through a personal account. Privacy is the right of people not to be disturbed or not to be violated;  It’s even involved in our interactions with others (Gerard et al., 2017,p.17). This poses a safety threat to oneself and close friends. What’s more, the leakage of important payment information, such as bank card passwords, may be used by others, causing property damage, and may even be involved in criminal activities.

For the platform, such as the serious information breach at Optus, users no longer trust the platform’s regulatory policies, but change operators, resulting in platform reputation damage, user loss, and market share reduction. What is more, the information leakage incident will cause the regulatory authorities to attach great importance so that the platform faces stricter scrutiny and greater operational pressure. There may also be compliance or regulatory challenges, including potential fines and penalties. Finally, serious information leakage also requires legal responsibility.

For the state and the government, to began with, it may undermine the public’s trust in the government’s ability to protect sensitive information. Loss of trust weakens the credibility and effectiveness of government in decision making and governance. It will also cause protests from citizens, produce social unrest, and adversely affect the stability of governance. Second, information leaks may raise questions from the international community about national data protection measures and policies and may face sanctions from international organizations or pressure to strengthen regulation. Finally, the leaked information, especially sensitive information or classified data, could pose a serious threat to national security.

The balance between data collection and privacy protection

According to Flew (2021, p.100), there should be just the right balance between trust and ethics in the digital age and self-regulation by companies.

Finding a balance between data collection and privacy breaches is a key challenge in today’s digital age. With the development of technology, data collection has become an important behavior in business, research and government decision-making. A large amount of information is stored on the Internet platform, which brings a lot of convenience to our life. For example, Optus can tailor personal communications packages to a user’s habits and preferences. The platform can find problems in the service by analyzing user data and feedback, so as to improve product quality and service quality. This helps provide a better user experience and can quickly resolve potential issues, making it easier for customers to manage their accounts. This information is useful for guiding product development and innovation, writing better marketing strategies, and making quick business decisions.

However, excessive data collection poses a great risk of privacy disclosure. The centralized storage of large amounts of user data is an easy target for cyber attacks. If the data is hacked, the user’s personal information can be leaked, which can lead to identity theft, property damage and other issues. In addition, excessive data collection allows social platforms to use user data to analyze and predict user behavior and make recommendations based on user preferences and historical decisions. This may affect the freedom and independence of user behavior. Therefore, we need to take steps to ensure a balance between data collection and privacy protection.

Measures to prevent information leakage

Despite the random occurrence of information leaks, it also makes us deeply aware of the paradox of the digital platform era: digital platforms are like public infrastructure, and as the phenomenon of information leakage continues to occur, we have begun to notice the gaps in regulatory policies, and enterprises need to constantly reform self-regulation((Flew, 2021, p.99)

From the perspective of individual users, in the first place, choose a complex password when setting the password for the account, and set the authentication question during the data transmission process, which can protect the user’s account from unauthorized access. In the second place, we should strengthen our awareness of prevention and reduce the risk of weight loss information leakage by uploading personal information on social platforms, such as Posting photos, binding mailboxes, etc.

From the perspective of the platform or company, first of all, the company can record every data breach, and analyze the type and cause of the leak, which helps to rectify their defense system and strengthen the defense capability. Then, periodically review data and security systems, and repair loopholes in time to reduce potential accidents. Last but not the least, there should be greater transparency in information collection, behavioral sharing with users in real-time, and allowing users to make decisions about their data. Ensure that every user’s information is protected.

From the perspective of the country, the emergence of issues of widespread public concern is at the heart of the global technology, indicating a growing recognition that these issues should not be left to the platform companies themselves(Flew, 2021,p.98). On the one hand, Ms. O’Neil believes the government should punish giant companies such as Optus, which in some countries could result in hundreds of millions of dollars in fines. However, in Australia, the penalty cannot exceed $2 million (Turnbull, 2022). On the other hand, Turnbull (2022) also believes that data retention laws should be reformed. According to current industry rules, companies are required to retain users’ personal information for six years. That’s how long telecom companies have to keep sensitive information if new rules come in. It is necessary to improve the ability of platforms or companies to encrypt data and protect users’ personal information from being infringed.

Conclusion

All in all, in the digital age, the security of personal privacy is still full of uncertainty. We need to find a balance between the collection of data and the leakage of information caused by excessive collection. This is not a task for governments alone, but for users, platforms, and countries to work together. Under the premise of protecting personal information, use data to bring or more convenience to users’ lives. Make science and technology more innovative and develop.

Reference

Daly, A. (2017). Privacy in automation: An appraisal of the emerging Australian approach. Computer Law & Security Review33(6), 836–846. https://doi.org/10.1016/j.clsr.2017.05.009

Flew, T. (2021). Regulating platforms. Polity Press.

Francis, L., & Francis, J. G. (2017). Privacy: What everyone needs to know. Oxford University Press.

Gerard, G., Ariadne, V., Kimberlee, W., Fiona, M., Webb, A., Lucy, S., & Francesco, B. (2017). Digital rights in Australia. Department Of Media And Communications, University Of Sydney.

NORBERG, P. A., HORNE, D. R., & HORNE, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs41(1), 100–126. https://doi.org/10.1111/j.1745-6606.2006.00070.x

Suzor. (2019). Lawless: The secret rules that govern our digital lives. Cambridge University Press.

Turnbull, T. (2022, September 29). Optus: How a massive data breach has exposed Australia. BBC News. https://www.bbc.com/news/world-australia-63056838

Be the first to comment

Leave a Reply