Nation states don’t seem keen on protecting people’s fundamental rights to privacy from web giants, so what should be done?
People for the most part are fine with handing over personal data for free software, whether it’s an app for finding things, such as Google offers with search, or connecting with people, like Facebook does for social networking.
But what happens when users are not OK with the terms and conditions they’ve signed to and who’s going to protect their fundamental rights to privacy?
The state should protect those rights to privacy but there are many reasons why it probably won’t, according to a paper by Emily Taylor, a seasoned internet governance expert, published by the Global Commission on Internet Governance.
Taylor asks what regulatory options are available to protect citizens’ privacy when nations and the companies they’re meant to regulate both have interests in collecting as much information as possible about people, albeit for different reasons.
She asserts that the web is now basically in the hands of Facebook and Google, which have proven to be the most adept at making use of big data — the same data that governments would also like to divine insights from for national security and other reasons. So, 2.9 billion people are milling about the two or three platforms, she notes.
However, these people may one day reject the trade-off between privacy and free software, but what can they if and when that situation arises, given the inter-dependencies between government and the few companies that control the web?
“The market for web platforms is becoming more concentrated in the hands of a small number of companies. This alignment of powerful interests threatens an insidious erosion of fundamental rights and makes it unlikely that governments — who rely on private sector data and skills — would legislate or regulate to limit big data collection by Internet platform providers,” she writes.
At the same time, states are throwing regulation of privacy to companies, such as decisions about when to act upon violations of fundamental rights.
A case in point is the role Google now plays following the European Court of Justice’s (ECJ) “right to be forgotten” decision last May. Google is now the first point of contact and decision maker for requests by EU residents to remove certain results it indexes linked to name searches.
Google didn’t want to play that role, but as Taylor points out, it also doesn’t apply “rule-of-law” principles to its process, such as “open justice, conflict of interest, transparency, appeal”.
It could be seen as the the state having outsourced its decision-making to a private company better at automatic the process.
One claim by many online companies is that they only use anonymised data, suggesting nothing meaningful can be processed about an individual. That may have been true in the past but bug data, thanks to the internet, “increases the fragility of anonymisation as a protection”, according to Taylor.
People also make security trade-offs for convenience, such as single sign-on services that Facebook and Google offer for third-party services saying users the hassle of creating new credentials for each online service they sign up with.
Services like this are just one tool that enable providers to track users when they’re not logged in to the specific service. But they can also enhance government surveillance capabilities, and are largely unregulated, offering governments superior capabilities to what the Stasi had in the 1980s over east Germany.
“Unlike the Stasi’s unsiftable heaps of paper, digital data is searchable, indexed and correlated. It is usable, and used,” the paper notes.
Participate in CSO and Gigamon's survey on Security Priorities today!
Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.
For full terms and conditions click here.