What is internet privacy and why it’s essential today?
Most internet users want to control how their information is collected and subsequently used. In addition, they wish to understand who knows what about them and how they learned it. But on top of that, users appreciate their informational privacy and security in the digital world even more.
Although, some users do not mind giving away their personal information to the service providers to improve functionality. However, most internet users want some guarantees about who has the privilege to use personal information and to what extent. That’s why and how the terminologies like “data privacy,” “consent for sharing,” “data abuse,” and “privacy breach” trigger heated debates.
Some common threats to informational privacy
Digitalization and the internet happened at an unprecedentedly fast pace in human history. Thus, they’ve created an environment never seen before that caught us all somewhat unprepared.
Sure, the new technology offers many new possibilities and advantages. But it also poses previously unknown threats to our privacy.
Notably, the rise of social media happened in an environment rapidly adopting the monopolization of the internet’s most essential features. The recent shift of Meta (previously known as ‘Facebook’) from social interactions to the metaverse thing is one such example. This trend is eroding users’ already meager control over their data.
Though losing control over personal data does not automatically constitute a tragedy, it poses some disadvantages.
But such drawbacks are not a fact of nature or an inevitable consequence of the internet’s dynamics. Instead, they happen because more and more entities have gained access to our data and are trying to obtain even more.
Luckily, governments, privacy enthusiasts, and activists sensed the upcoming privacy disaster early. Thus, data protection laws appeared in many jurisdictions to prevent abuses in the increasingly high personal data processing.
But then, data science emerged as a new discipline, bringing in big data, machine learning, deep learning techniques, and the corresponding privacy threats.
Likewise, platform economies are also around, backed by tech giants with global reach that profit from private data. So naturally, this led to more data storage and processing.
As they say, “information is power,” some actors among these giants abused this power against people. Then along came Edward Snowden with a series of scandalous revelations.
Initially, people dismissed Snowden’s warnings as paranoid. But then, the Cambridge Analytica scandal happened, proving him right. The threats about lack of privacy and control over our data are genuine and devastating.
Besides technology, some of the world’s governments also actively target users’ data privacy.
China, India, and North Korea are the most notorious governments with large data infrastructures to collect even more information about their citizens. Unfortunately, though, they are not the only regions with such measures. Many other countries have also implemented specified programs for ‘spying’ on users, such as the USA’s PRISM program. Furthermore, the governments have also agreed to share their citizens’ data (the 14 Eyes alliance), worsening their privacy.
It raises further concerns. Collecting private data that establish general trends without identifying individuals is one thing. But gathering that same data in a way that allows a government to pinpoint a single person’s behavior is another. Hence, such aggressive data collection and surveillance often facilitate implementing harsh steps against freedom of speech, internet freedom, and other fundamental rights for the citizens.
Tracking by corporate giants
Corporations have an enormous amount of customer data. They use it to match their users with the most effective publicity. And those databases, along with the technology used to analyze them and render them valid, are like the family jewels for these companies.
Apple, Microsoft, Facebook, or Amazon may sell specific products or services. But their business model is developed around collecting, selling, and analyzing personal information. And they are only getting bigger and better at their game.
An inevitable question pops up at this stage:
What does privacy mean in an environment where the same functionality we all enjoy so much is fueled by the very data collection we decry?
The new technologies that we quickly adopt empower a few global corporations enormously to set the tone on the debate of what informational privacy is all about.
Ironically, the terms and concepts are murkier now than in the past regarding informational privacy.
The very idea of privacy, which is clearly defined by the laws of most countries, is exceptionally ill-defined when it comes to the notion’s digital version. Regrettably, legislators are also confused on this issue, affecting ethics and policymaking.
Central to the discussion is GDPR. Most of the debate everywhere in the world moves around how the courts, individuals, corporations, and governments should interpret, analyze and adopt GDPR.
The European Union adopted it as the law of the land in 2018. That was a breakthrough, which provided online users with unprecedented privacy rights. Moreover, this EU’s adoption extends beyond its borders, thus granting at least some rights to users globally.
Privacy: Is there more to it than just hiding data?
The first problem to solve is to figure out what ‘privacy’ is in the first place.
Our current information and internet era primarily refers to privacy as hiding your data and activities from potential wrongdoers. However, it isn’t a precise definition. Matters are not helped by pop culture (what a surprise!). It depicts privacy related to CCTV cameras, Big Brother, government surveillance, MI5, CIA, KGB, and things of the kind in the movies and television.
The Internet Association of Privacy Professionals is the world’s largest global information privacy community. Fortunately, they’ve given the notion of privacy much thought, thus presenting a better definition.
Privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.Source: IAPP
IAPP’s definition looks very simple and obvious. But in the digital age, the definition has to be implemented on software, hardware, policies, devices, and other tools. That’s where the concept of privacy becomes tricky. Further complications arise from the fact that privacy is a subjective idea that depends on the society discussing it.
Let’s forget online privacy for a moment. If you talk about analog, traditional privacy, you will find a different opinion (or definition) in every single person you ask. For example, some people talk to others about their salary, family, medical problems, and other personal subjects without reservations. But others do not like to speak openly on such matters and will try to avoid such discussions as far as possible.
Ultimately, the intellectual community of every country will come up with a tentative definition through public debate. Each government will then provide a legal definition to respect and legislate.
Data Privacy vs. Informational Privacy
Upon hearing the terms “data privacy” and “informational privacy,” you might ask: are these two the same?
Well, the correct answer is “it depends.” But if you are an average online user, yes, both concepts point to the same facts as both stem from the more general notion of data security.
Both concepts focus on properly handling the large amounts of data that online users worldwide generate every day.
Discussing informational privacy implies notions such as notice, regulatory oversight, and consent. But, more specifically, informational privacy is about how corporations (or any other entity collecting user data) share or sell that information to third parties and whether it does so after seeking consent from the users (or making them aware) or not.
Another concern in informational privacy is about how these actors and third parties collect, store and analyze the data they gather and about the legality of those processes. Precisely, this is what typically defines data privacy. But, as you can notice, these two terms are generally interchangeable, bearing similar contexts.
Fortunately, the legislative front is progressing in this regard, and some informational privacy-enhancing laws, like GDPR, HIPAA, GLBA, and CCPA, are or will be in effect soon. Because these laws provide some legal context, the discussions on this subject can move away from mere definitions and turn to regulatory restrictions that can better serve users and e-commerce merchants simultaneously.
Data Privacy vs. Data Security
So far, we’ve assumed informational privacy and data privacy to be interchangeable terms and concepts as they are both aspects of data security. But how do these ideas compare?
Let’s start with data security. It has to do with how any entity (but most often governmental agencies) in possession of data protects it from digital criminals and external attacks. Data privacy (or informational privacy), on the other hand, deals with how the data is collected, used, shared, and processed.
So, the differences are subtle but essential. Organizations often believe that their excellent data security measures to keep hackers at bay make them automatically compliant with regulations like GDPR or CCPA, which protect informational privacy. It is a misconception.
When we get right down to it, the difference comes to this: a corporation or institution that collects and stores personal data must ensure that the personally identifiable information remains safe from third parties through encryption, access restriction, and multiple security layers.
In that context, if an organization carelessly gathers data, it violates data privacy regulations. But, again, prior awareness and consent from users are critical. So even if the data is secure and nobody else can take advantage of the information, there is still something wrong with the process.
Informational invasion of privacy
Invasion of informational privacy occurs when somebody intrudes unduly into your life without your consent.
Significantly, such invasion happens when your right and freedom to be left alone and control your image in communications and private spaces is infringed. The critical idea here is “proper consent.” So the invasion of informational privacy can come from individuals and institutions alike.
How far is too far? The most frequent form of informational privacy is when someone deliberately uses a person’s statements as a marketing ploy.
Posting somebody else’s portrait online without permission is also a form of invasion of informational privacy. Another example is in businesses that communicate with prospective customers through the phone or email without offering a chance to opt-out of their campaign.
These examples could seem more or less harmless. But consider somebody who misappropriates your name. That is an invasion of informational privacy as well.
This is common, as explained previously, when a business abuses a person’s likeness or name for marketing purposes without that person’s explicit permission. Usually, such invasion happens to celebrities and doesn’t risk an average user.
Celebrities often have lawyers and legal teams to tackle these issues. But the prevalence of celebrity cases doesn’t exclude the possibility that this can happen to an average person.
Also, celebrities are pretty careful about keeping as much control as possible over their pictures, names, and how the media uses them. Therefore, any business that uses any of those items without written permission from a given celebrity’s legal representatives is incurring an invasion of informational privacy.
Types of informational privacy
Privacy of the body
Gives people rights over their own bodies. The government has no right to invade or examine it without the individual’s consent. It’s not about sexual violence only. This right prevents somebody else, for instance, from taking a blood sample from your body without your authorization.
Privacy of correspondence
This type of privacy is the most important because such invasions are common in the online world.
Snail mail and faxes have fallen out of use as communication methods. But in the past, when letters were sealed for privacy, corporations and governments still tried to intrude. Now that most of the world’s communications happen digitally, those governments or corporations are not likely to stop.
Suppose we, as a society, want to keep our privacy of correspondence current. In that case, we will have to earn it by fighting for it because neither governments nor businesses will want to lose those data mining opportunities.
Your right to privacy of correspondence enables you to communicate with others secretly without others snooping. It also empowers you to demand privacy in personal communications and when dealing with resources such as Wikipedia.
Privacy of data
Data is everything in the digital age. Thus data privacy is vital in the digital world, governing how your data moves, is collected and by whom, and how it is shared, why, and with whom.
But the invasion of privacy is offensively accessing the data stored in your local computer, theoretically offline and safe from prying eyes. Unfortunately, it is becoming common because the current legal environment offers little to no protection against data seizure and search.
Therefore, the best thing to do is play it safe and adopt measures such as full disk encryption. Plenty of good products offer you that service, many of them are free, depending on what you specifically want and the operating system you use.
Linux is the most friendly operating system for encryption purposes. It offers full disk encryption out of the box, without any additional software or configuration options. Although many users prefer Windows or macOS for their ease of use, if you’re concerned about privacy and data security, Linux is the operating system you should use.
The financial industry has kept up with advances in science and technology better than the rest.
The traditional financial system has a vested interest in keeping some things safe and private. But then Bitcoin came online in 2008. It arrived as a speculative asset but is now slowly turning into a mainstream currency. (It’s a national legal tender in El Salvador already.) So more and more digitally savvy users are interested in doing business online and improving their financial status.
Before the digital age, the banks helped their clients to keep their financial privacy to some degree. Banks were so good at this that the government’s attempts to find out financial details about individuals (debt, expenditure, wealth, income, etc.) were frequently thwarted. But the government smarted up, passed new laws, and declined financial privacy.
Reasonably, the governments need to have more information about the country’s economy, for which they need to know the finances of their citizens. So doing away with individual privacy in the financial sector is justified to the power structure because it increases economic growth.
A more practical reason is that the additional information allows the government to compute the taxes citizens should pay more accurately.
That’s where cryptocurrencies could make all the difference. Digital assets such as Monero will allow its holders to have almost perfect financial secrecy, even if the government wants to smell around their investments.
Privacy of identity
This is the one that everybody takes for granted, so it gets overlooked the most.
You have the right to go about your daily life with complete anonymity. Showing your ID whenever you want to buy a newspaper or cigarettes or try to enter any building or restaurant violates this privacy right.
However, as unfortunate tragic incidents increasingly happen worldwide and right-wing politics gain more followers, this privacy right slowly erodes. Politicians are thus pushing with more advanced ID cards.
The worse offenders in this respect are the world’s airports. You give up most of your privacy rights when buying an airplane ticket. Your clothes and bags are checked. Your body gets scanned. You have to go through a plethora of clearance passes before you can leave.
Last but not least, there are CCTV cameras. In the past two decades, hoodies have become the fashion because people know that they are being recorded all the time in the streets.
The degree to which cameras are available in many of the world’s leading cities, combined with the local governments’ information about their citizens, makes it easy for them to track any individual with great detail.
Privacy of location
Following the omnipresence of CCTV cameras, the next natural thing to think about is the privacy of the location.
True freedom of movement means that you have the right to be wherever you want, whenever you want, with whoever you want, without anyone (including the government) always looking above your shoulder.
As things stand today, it’s probably safe to say that this particular right to privacy has no relevance in practical terms.
Most smartphones include GPS functionality which means that the GPS network knows where you are. That applies even if you turn it off if you own an iPhone.
So when your GPS info is there, you are connected to many other persons at all times, and geolocation features are more widespread than ever. So yes, the right to privacy of location is extinct for the most part. That being said, the principle still stands.
The violent events in the last two decades have essentially forced some of the world’s governments to track the locations of their persons of interest closely. For this, law enforcement agents can even use your smartphones against you, following your location throughout.
Privacy of Territory
This right means that nobody can, nor should invade your home, including the government agents.
And it’s not just about your real-estate properties. Instead, a specified territory around you should remain inviolate wherever you go.
Why does this matter at all?
Informational privacy constitutes the root of data security. Hence, it has become a critical issue in and around the technology industry.
As explained above, many industrial behemoths think of the data they collect as their most valuable asset. If everything crumbles down around them, they can rebuild everything again. They can even make it better until they own the data they need to reconstruct everything.
Lately, a new term frequently used to describe the world’s economy is “the data economy.” Did you notice the word “data” in there? That’s because data is essential. But, of course, your information and the right to informational privacy is important too.
The new data economy forces its actors to go around requesting consent from their users. Also, they need to be more transparent than ever. The companies need some policing to remain honest and stick to their privacy policies, and they must be accountable for using data to their users and the governments.
After all, if these corporations can’t collect data anymore, they will go out of business. They need users to trust them, for which they need to prove that they are playing fair.
As a contemporary digital citizen and user, you should not consider your informational privacy a privilege. Instead, it’s your right, and you deserve appropriate respect for your privacy.
Living by your rights means that you can and should refuse any unwanted surveillance. You should be safe living in your own space and able to express your views on any issues you care about without having to identify yourself through IDs of any kind, digital or physical. Indeed, if societies don’t uphold these rights, democracy will quickly die.
Problems in defining informational privacy
Defining terminologies and setting out legislation is never simple. Even the most straightforward laws can give birth to subtle and complicated phenomena. Informational privacy is no different.
Inconsistent definitions for “privacy”
Perhaps, everyone considers informational privacy necessary, without which general individual privacy cannot be guaranteed.
But various privacy advocacy groups worldwide, working in different jurisdictions, understand privacy differently. In other words: there’s no neutral, international dictionary or language to agree upon when talking about privacy.
Above, we mentioned three laws meant to protect informational privacy: HIPAA, CCPA, and GDPR. Unfortunately, none of them includes a precise definition of informational privacy. Instead, they suggest fair information practices for companies regarding the data they collect, use and sell.
Defining informational privacy was never on their agenda. Instead, these laws focus more on the rights of online users and online companies.
Above all, each law was written in a different jurisdiction and applied to a different society that defines privacy in its own respective way.
People usually consider the European Union’s GDPR (General Data Protection Regulation) the most advanced informational privacy legislation. Yet, some established publishers decry this law as nothing short of a mess regarding privacy.
Appreciably, GDPR establishes and grants consumers many unprecedented rights. But it remains unclear how beneficial such rights will be. For instance, they may not enhance informational privacy if not many online users know they have those rights or ignore how informational privacy works.
Compliance issues for businesses
Unfortunately, the situation in the US is nightmarish, particularly given that most tech giants hail from here.
Specifically, businesses in North America have worst practices than any others globally. So while they find themselves needing to comply with both CCPA and GDPR, they simply can’t. That’s because both legislations have different informational privacy concepts and fair use definitions.
For instance, if you live in California, CCPA protects your right to block companies from selling your data. But GDPR does not even mention this issue.
Instead, GDPR places limitations on companies for their data collection. Specifically, they must have some legal basis to collect and process data. CCPA, in contrast, doesn’t require companies to justify data processing or collection.
Likewise, genetic and biometric data are two types of customer data healthcare in GDPR’s definitions. But for CCPA, they’re just “personal information.”
Both legislations impose fines in different ways and have other enforcement mechanisms. So it’s not that both regulatory efforts are mutually exclusive. Instead, they address the same problems from different angles, leaving many unmapped spaces where grey situations can arise.
Vague descriptions in laws
Another problem is equivocation. The word “reasonable,” frequently appearing in the text of both laws, opens up possibilities for subjective interpretation. That’s because “reasonable” is an elusive concept that can be defined in many different ways.
So, while both legislations deem “reasonable” invasions of informational privacy acceptable, they leave the interpretation of “reasonable” to others.
That is why even if both sets of laws are enacted and enforced, the world still needs privacy activists to remain active. Because otherwise, governmental respect for our digital rights will be far from “reasonable.”
The privacy of personal information
As already highlighted, a critical element in informational privacy is how carefully corporations collect their users’ personal information while respecting their privacy.
Users can’t enforce this right on their own. Instead, the respective lawmakers should address these concerns. They must avoid controlling our sensitive professional, medical, or psychological conditions to institutions or corporations. Otherwise, we will lose the privacy of our personal information.
If criminals gain access to this data, things get even worse.
Another possibility is that users will not feel comfortable providing complete and accurate information when setting up accounts. Thus, some data schemes that enforce legality and transparency (such as the bothersome KYC program) could become useless.
The main focus of informational privacy is to ensure that proper rules and regulations exist to govern consumer data collection. It must also include the transfer of personal data (credit card details, government records, medical data, and other sensitive material) so that it all remains confidential, safe from external observers.
Personal data privacy, data protection, and data mining do not need to interfere with each other
The exponential progress in information technology has enormously influenced informational privacy.
Some prominent mentions include the rise in social media platforms, advanced data mining based on “Big data,” growing eCommerce, and, more recently, the explosion in digital activity everywhere in the world in the post-COVID-19 era.
This rise in internet usage also exposes users to privacy threats as people use more devices, like tablets and smartphones, which carry even more personal information than desktop computers. Undoubtedly, these gadgets are helpful as users can get everything they want within a few taps. But the underlying data exposure makes the future of informational privacy look bleak, even in the case of the upcoming “Internet of Things” and similar technologies.
Information technology should supposedly improve living. But it has increasingly invaded every aspect of our lifestyle. So, informational privacy issues are not just about the sites we visit. Instead, they will end up influencing all the values by which we live.
The other new thing is data mining. It allows professional analysts to dive into vast pools of collected data and find patterns and behaviors hidden in lesser data samples.
Data mining isn’t entirely a bad thing. It not only helps the companies know their users better. But the users will also like the gradual improvements in the functionality of systems as services or platforms adapts quickly to the users’ demands.
But is data mining a threat to privacy? It depends. If the data used in the mining process is sanitized to delete any personally identifiable information, then it should bring no harm. But, if it isn’t, then we’re in the hands of Big Brother.
So, there’s nothing wrong with data mining in itself. Instead, how entities collect and use data (especially considering “user consent”) is what matters.
This article strived to explain informational privacy in the most transparent possible terms. Hopefully, you must have now realized what makes the privacy of your personal information different from security. Also, you must have recognized the various ways through which invasion of informational privacy happens today.
But more importantly, this guide aimed to persuade you that the data privacy issues in today’s digital civilization are essential. These things are not just for Julian Assange or Edward Snowden to worry about. Instead, they will hit you and the people around you somehow sooner or later. That’s why you need to be aware and well-prepared to protect your fundamental privacy rights.
About the author
Ali Qamar is the founder of PrivacySavvy, which he started out of the sheer passion for making every internet user privacy savvy. Ali has always been concerned about security and privacy for the general public and is very libertarian. Even before Edward Snowden appeared, he has been a privacy advocate even before Edward Snowden appeared with his revelations about NSA's mass surveillance.
Ali graduated with a computing degree from the leading IT college in Pakistan, so he boasts a background in this area. He has an accountable understanding of the technical sides of encryption, VPNs, and privacy.
Ali is regularly quoted in the privacy and security reports by the local press. His contributions have been featured in SecurityAffairs, HackRead, Ehacking, Livewire, Intego, Business.com, InfosecMagazine, and many more publications online. Ali is naturally attracted to transforming things.