This article is written by Kazi Ashique Azfar pursuing Diploma in Cyber Law, FinTech Regulations, and Technology Contracts from LawSikho.
Table of Contents
Introduction
The technologies available to us provide far more convenience than could have been hoped for by previous generations. There is a lot of automation and synchronisation among the devices we use to ensure that we are always up to date by keeping our schedules, addresses, notes, photographs, and other materials in sync for us from device to device. All of this ease, though, may have a drawback because to enable the devices to perform these functions, we put our personal data at risk in ways we aren’t aware of.
Every time one goes online, the person leaves a trail of information behind, voluntarily or involuntarily, which is of great value to companies. The process used by these companies to collect and refine data is called data mining. Information like what you just posted on Facebook or which post you upvoted on Instagram or which links you opened on a search engine are stored in databases and then used to bombard you with “things you might like.” Data mining is used to build a profile about how you use the internet, your interests, and your socioeconomic status, all without your knowledge.
While there are various claims in favour of data mining as a method for customising online experiences, the data collected is ultimately personal data of people bought and sold by hundreds of businesses, ranging from online shopping platforms to dating sites. By reducing the data exhaust, you will minimise the selling and purchasing of data, which results in a flood of advertising.
Understanding the term cyber exhaust
Cyber exhaust or digital exhaust is all the trail of information or ‘consumer data’ the people create as they surf the internet and interact with websites and services. It is best explained with the analogy of a car and its engine exhaust. While driving, there is sure to be engine exhaust; similarly, there is bound to be a trail of information left behind while surfing the internet called digital or cyber exhaust.
Your credit card number, billing and shipping addresses, the items you bought, the services you signed up for, the pages you browsed, and the search words you entered could all be included in your digital exhaust. In fact, a person’s digital exhaust even contains their personally identifiable information, which includes any information that can be used to identify an individual.
Digital exhaust is a valuable asset for companies, an illustration of which is the data broking industry, a $200 billion a year industry. A single email address is worth an average of $89 over time, which foes even higher to an average of $251 over time if it’s for travel-related marketing. In 2018 people generated 2.5 quintillion bytes of data each day while using/surfing the internet, using Social Media platforms, communicating through text or email, Digital photographs shared on social media or cloud etc., other services like weather or ride-hailing apps and the internet of things.
Some of the tangible effects it has on people
- While shopping online, you are quoted an entirely different price for the very same product than another user, based on the company’s data regarding you.
- Based on your browsing history with regards to medicine for someone in your family, you are bombarded with product advertisements and reviews. Your premium for health insurance also goes up.
- Your browsing history related to car racing is bought by your car insurer and now consider you a “high risk” individual.
How is the data mined, used or misused?
To understand how our data is used, we must first examine how corporations collect and sell our information. When we voluntarily give our data to businesses, it is one of the most popular ways for them to obtain it. We may not be aware of it, but when we download applications or register with websites, we agree to the terms and conditions, allowing our data to be collected. This is especially true of ostensibly free programmes that aren’t always free. We frequently pay for our personal data, allowing companies to mine it and sell it to you or to other companies.
Cookies, Social Media Trackers, and Fingerprints are other ways that our data is collected and monitored. A cookie, for example, is a small piece of text that a web server saves on your hard drive. Cookies allow a website to save information on our systems so that it can be retrieved later. These cookies track us from one site to another, collecting information about all our online activities – which sites we visited, which ads or content we stopped to look at, which items we purchased. This takes the form of targeted advertising and recommendations, and we give them permission legally without understanding the repercussions.
Data miners have more access to our data as we and our devices become more linked, allowing advertisers to pinpoint and concentrate more precisely on our behaviours. The more data from connected devices we allow to be obtained, the more knowledge and accuracy businesses can have. The problem is that the companies have unfettered access to our data, and we do not have a say in how or if it can be used. The only permission that they take is consent, without which one loses access to the service for using our data, and once they have it, there is no restriction as to how it can be used. They may even sell the data to a third party whose service might not even be used by the individual.
The most common use of data mined is advertisements, personalised for each individual user. When we visit a website, there is an immediate auction for ad space between third-party companies that want to sell it to us. They use the information gathered about us to decide how important we are to businesses and accordingly make bids. All advertisements are given the same weighting at the start of the process since they are all equally likely to be clicked on. However, as various advertisements gain priority over time, the weighting becomes unbalanced, and the higher-weighted advertisement will appear more frequently.
This is possible because our data is being collected and used to create structure and a digital version of ourselves, which can predict and manipulate our choices. Lizzie O’Shea defines it as the digital identity created by collecting and refining data about us – our social, political and economic preferences. This can be used to limit our autonomy and influence or manipulate us – Cambridge Analytica is one of the worst and most widely known instances of this influence. It used data mining and brokerage in the form of a Facebook quiz to gather hundreds of thousands of data points from users and then used the information to create strategic communications to manipulate different electoral processes.
Ways to reduce cyber exhaust
While it is impossible to stop any digital exhaust completely, there are ways to minimise and control it.
-
Changing settings of application and services we use online
Examine your browser, social media profiles, and other online accounts’ privacy settings to ensure you’re giving out as little information as possible by turning off your location and cookies, as well as opting out of other online trackers. Only provide information that is absolutely important for the purpose of functionality.
-
Use privacy add-ons
There is a range of browser add-ons and plug-ins that will help you reduce your cyber exhaust. Advertisers and other third-party trackers can be prevented from secretly monitoring where you go and what sites you look at on the web using tools like the Electronic Frontier Foundation’s Privacy Badger, Ghostery, and HTTPS everywhere.
-
Log out every time
There are always trackers looking for your personal information. So, when surfing the internet, log out of your social media accounts to prevent trackers from sending information to social media networks.
-
Use privacy alternatives
As a result of privacy concerns, privacy-friendly alternatives to popular applications and services have cropped up, offering the same functionality. Duckduckgo, a popular alternative to Google search engine, similarly people have turned to privacy-conscious browsers like firefox and brave as opposed to google chrome. There are a host of VPN services offering to hide digital footprints.
However, these are all individual efforts and can only lead to limited success. For an overall change, there is a need for laws that ensure that companies respect their users’ privacy and don’t misuse their personal data. There is a need for more countries to adopt personal data protection laws like the EU General Data Protection Regulation (GDPR).
GDPR defines data mining or profiling under article 4 as “any form of automated processing of personal data” related to any natural person to analyse or predict consisting of using those data to predict “aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.” It requires the Data Controllers to inform the users about the data being collected, the reason or logic behind such collection and the eventual consequence or use of such data may be put to (Article 13(2)(f) of the GDPR). Thus there is a provision for informed consent to be taken from the user to use their personal data.
It has regulated the companies, which are data controllers and processors of data subjects’ information. They can not use personal data without the prior permission of the data subject, among other things. Personal data includes not only the subject’s name but also phone numbers, bank account numbers, IP addresses, photographs, and sexual preferences. It also includes MAC addresses for phones and devices and browser history — any information that can be used to identify an individual.
Conclusion
The law establishes and requires companies to be accountable for how personal data is handled and secured. GDPR essentially implies that organisations must handle data subjects’ data on their terms and ensure that data subjects can trust the companies with their data. It also provides for supervisory bodies and compensatory provision in case of violation of the provision of GDPR.
References
- https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-blowing-stats-everyone-should-read/?sh=1075e14960ba
- How our data is used and misused online | by Ronan | The Startup | Medium
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:
