​Big data, little state: how will you reclaim your privacy?

Nation states don’t seem keen on protecting people’s fundamental rights to privacy from web giants, so what should be done?

People for the most part are fine with handing over personal data for free software, whether it’s an app for finding things, such as Google offers with search, or connecting with people, like Facebook does for social networking.

But what happens when users are not OK with the terms and conditions they’ve signed to and who’s going to protect their fundamental rights to privacy?

The state should protect those rights to privacy but there are many reasons why it probably won’t, according to a paper by Emily Taylor, a seasoned internet governance expert, published by the Global Commission on Internet Governance.

Taylor asks what regulatory options are available to protect citizens’ privacy when nations and the companies they’re meant to regulate both have interests in collecting as much information as possible about people, albeit for different reasons.

She asserts that the web is now basically in the hands of Facebook and Google, which have proven to be the most adept at making use of big data — the same data that governments would also like to divine insights from for national security and other reasons. So, 2.9 billion people are milling about the two or three platforms, she notes.

However, these people may one day reject the trade-off between privacy and free software, but what can they if and when that situation arises, given the inter-dependencies between government and the few companies that control the web?

“The market for web platforms is becoming more concentrated in the hands of a small number of companies. This alignment of powerful interests threatens an insidious erosion of fundamental rights and makes it unlikely that governments — who rely on private sector data and skills — would legislate or regulate to limit big data collection by Internet platform providers,” she writes.

At the same time, states are throwing regulation of privacy to companies, such as decisions about when to act upon violations of fundamental rights.

Read more: Unpatched OS use declines in Australia but out-of-life Java, Flash persist

A case in point is the role Google now plays following the European Court of Justice’s (ECJ) “right to be forgotten” decision last May. Google is now the first point of contact and decision maker for requests by EU residents to remove certain results it indexes linked to name searches.

Google didn’t want to play that role, but as Taylor points out, it also doesn’t apply “rule-of-law” principles to its process, such as “open justice, conflict of interest, transparency, appeal”.

It could be seen as the the state having outsourced its decision-making to a private company better at automatic the process.

One claim by many online companies is that they only use anonymised data, suggesting nothing meaningful can be processed about an individual. That may have been true in the past but bug data, thanks to the internet, “increases the fragility of anonymisation as a protection”, according to Taylor.

People also make security trade-offs for convenience, such as single sign-on services that Facebook and Google offer for third-party services saying users the hassle of creating new credentials for each online service they sign up with.

Services like this are just one tool that enable providers to track users when they’re not logged in to the specific service. But they can also enhance government surveillance capabilities, and are largely unregulated, offering governments superior capabilities to what the Stasi had in the 1980s over east Germany.

“Unlike the Stasi’s unsiftable heaps of paper, digital data is searchable, indexed and correlated. It is usable, and used,” the paper notes.


Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Read more: ​Federal government escalates AFP email scam warnings

Join the CSO newsletter!

Error: Please check your email address.

Tags Emily Taylor​Big dataprivacy lawinternet governancefree softwareprivacyCSO Australia

More about AppleCSOdivineEUFacebookGigamonGoogleVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place