Personal data = private property or the new commodity?
In conjunction with Data Privacy Day on 28 Jan 2011, the Centre for Independent Journalism (CIJ) Malaysia held a public forum entitled, “My information = mine?” at our favourite venue Annexe Gallery, Central Market, KL. It turned out to be a cosy, informal small group discussion with about 26 people.
To make the topic ‘real’ to the audience, the talk started a little differently: rather than being greeted with a formal welcome from the organiser, the seated audience were straightaway treated to a ‘scene’, in both the literal and idiomatic sense of the word, created by a seeming audience member when he was stopped by the organiser and asked to sign the attendance list (the registration table was strategically placed within full sight of the audience, who were seated in a circle that was the actual general spotlight).
As the planted audience-actor challenged the organiser over the requirement for his personal details, the issues raised were of transparency (in privacy policies), data security and accountability on the part of organisations that collect private data were raised, as well as the justification for concern – with the audience members agreeing – eg. identity theft, which can lead to scams committed under our names, among others; also, the current lack of recourse to justice, shared by lawyer Sonya Liew, one of the resource persons planted in the audience. Firstly, she said, there needs to be a contract; even so, since the Data Protection Act is yet to be enforced although it has been passed in December 2010, there is in effect no protection for the individual. In the event of a security breach, eg. due to hacking, the company may be sued under Tort law.
An audience member shared that beyond rights, there is an underlying power equation that comes to play. Faced against someone in a superior position, especially an employer, people will feel compelled to sign a contract despite it not being to their advantage. Judicial recourse is out of the question because of the prohibitive costs of time and money, as well as the difficulty of finding a good counsel. On top of that, there is lack of support from others in the same position, who would advise not rocking the boat, saying: “you just need to earn your salary at the end of the month and get on with it.”
When another prepared audience member shared how innocuous pictures taken by friends or strangers can turn up in an unrelated context, eg a collage or powerpoint, without your consent or knowledge, thereby giving an inaccurate or undesirable impression of you, and another chimed that the Police Special Branch also do this unchallenged, it was an opportunity for Sonia Randhawa, the other resource person, to highlight the two actors (and their powers) that need to be distinguished – private companies and the State. For one, the State would have more powers, eg. it can get a court order for phone-tapping a suspected terrorist. However, there may be some overlap between the two actors, eg when the State sells data to companies.
Moderator See Tshiung Han then began the forum proper and related the recent hacking of Facebook founder Mark Zuckerberg’s page by way of introducing the topic of online security, with breaches a common thing, especially in emails. The cautionary lesson here: don’t click on unknown links until you can verify they are genuine.
As regards privacy, he noted that there is a generational difference in attitudes. Most of the audience members are on Facebook, reflecting the general situation in Malaysia.
On the issue of social media accounts created under your name without your consent, there are inbuilt mechanisms for complaints. Hacking, however, is illegal and a jailable offence under the Communications and Multimedia Act and the Computer Crimes Act, said Sonya, though enforcement is slack.
A participant brought up the prevalence of hate groups against individuals, which the forum clarified is a natural human reaction and not a privacy issue, unless the postings reveal one’s whereabouts; however, it may be an issue of defamation, unless it’s true.
Going back to corporate manouvres, it was raised that continually innovated search engines increasingly make it easier for people to find out the minutest aspects about everyone, undermining our ability to project our image as we wish, which is problematic for people who want to maintain a professional distance with their contacts. This technological aspect would have a greater impact on younger people, since what is posted online stays forever – eg. photos of them in their foolish youth may not impress an educational institution or employer. To conclude, there is reasonable individual control, but not total. Some examples cited of similar privacy invasions on Facebook: that one’s profile can be seen on the “friends’ profile” of friends whose privacy settings are already maximised and how online ‘stalkers’ can use that feature; the automatic change to the latest new profile layout; and a deactivated account that was reactivated by a game application.
A participant questioned the legitimacy of privacy rights when it comes to free services – eg. Facebook, which we are not compelled to join in the first place, and in readily given information. Another pointed out that what’s ‘public’ differs according to perspectives (note to CIJ: something to be explored in future discussions about privacy?). Conclusion: the problem here is that our personal information is being exchanged for services, with the implications only known to one side but unclear to the other.
Sonia pointed out that there is a difference between Google, Yahoo and Facebook using private information to direct advertisements at us and how certain companies such as telcos give advertisers our information. Eg. mobile phone companies in Malaysia have the right to sell private information to third parties, whereas most countries prohibit this. Another participant pointed out that it is not only telcos, but supermarkets and other companies, eg. Petronas card, Bonus Link, etc that pay good money for private information to obtain good market research.
Pointing out the difference between offline and online ways of handling privacy, Sonia said the former, while reserving the right to change the terms, requires informed consent, in black and white, while the latter has a dotted line that keeps changing (eg. in activating a mobile phone in Malaysia, a user would be “expressly” allowing the operator to use their data as it sees fit). A reason for this could be that technology is evolving too quickly for the whole process of consent, but this leaves the individual/consumer vulnerable since it is difficult for them to keep abreast of changes after signing the preliminary contract. This assumption of, and relegation to, personal obligation is problematic. Eg. in Facebook, the implications of new features on privacy are not explained and it is only through discussions such as this that one discovers potential dangers; but how many of the millions of Facebook users can make an effort and take the time to do this?
Pages: 1 2