Finally, I decided to restart my blogging habit after four years of procrastination. This blog is mainly related to my thoughts on privacy. What does it mean to me? One phrase coming to my mind when I think about privacy is 'my research topic'😉. But is that all? The privacy I am talking about here is digital data privacy (not real-world privacy where the state of being alone, or the right to keep one's personal matters and relationships secret; maybe this can be applied in digital format)
When I start to read materials for my research, I could gain different perspectives on privacy. I started to behave like a 16-year-old me (first year of high school) when I applied physics in every real-world scenarios (such as why is it easy for me to move the door from the edge than near the door joint). I was a curious kid who had a lot of questions about everything. I want to know the answers to every question. I still remember a question that I asked when I was in grade 4; why carbohydrate digestion begins in the mouth while other metabolism starts in the stomach. Still, I do not have a convincing answer for that stuck question.
Likewise, when I learn about data privacy, the privacy shield capsulated me and started to restrict me from sharing the data or adopting any IoT devices. I always ask myself what will happen if I post this photo on Facebook, what will happen if I search for something internet? how did they find that I am interested in buying winter cloth (through advertisements) when I updated my location on Facebook?
Though I could not avoid all these nightmares as my 3/4 of the day is with laptops/mobile phones/ smartwatches and generating digital data. So, here I wrote some head-eating questions of mine and non-technical answers as a friend who is concerned about privacy.
- Is that mean a service provider like Google/Facebook (Meta) knows me more than I know myself?
Obviously, the service providers collect many data about us. We can describe it as an invisible person watching all our activities which we do consciously or unconsciously. The algorithms embedded on the applications try to learn our behaviour and propose something personalised to us; act as if they have minds of their own. However, all those recommendations are not accurate and a user may deliberately hate the recommendation as well. For example, after buying a heater, if you see your wall full of heater advertisements, you may feel annoyed. Another example: an application can store your credit card details on their end (or hacked by attackers from a service provider) and buy some items automatically without your knowledge until it arrives at your home door (it's worst if it goes to someone else's home door 😝). In this way, applications may fall into an uncanny valley, where they are intelligent enough to learn the user behaviour, and trigger some events/social behaviours in users, but still machine-like enough to create dissonance by doing something I don't want or prefer.
A common definition of data privacy from GDPR (privacy law for European countries) is “the ability of an individual to control when with whom to share the data for what purpose ”. Privacy for me is that I should have the privilege to share my data with the people I want to share and it should be transparent to me (what is happening after I post something on Facebook). I don't want to be hidden by a black-box without knowing the analysis/process/progress of my data.
Most of the time we are confused by the terms privacy and security. Service-providing companies mostly focus on security than privacy. Security means protecting users' data from being hacked or stolen. For example, password authentication is one of the security methods to prevent attackers to use your data. However, privacy should be decided by the user via explicitly specifying what data should be shared and with whom (even with the service provider) and a transparent data process/movement.
- What are the purposes for collecting my data?
Service providers collect the data for multiple purposes such as advertisement, selling to other applications, health and safety, entertainment, personalisation, commercial, research, and convenience. Some of the purposes are beneficial for both users (actual data owners) and service providers while others are beneficial only for service providers. Generally, service providers analyse the data on their end (without selling to other applications) to improve the personalised view/recommendations/convenience for the users or research (can transfer to other services like government/university also for their research)/improve their product quality or build/recommend their new products. Some of the data are collected for health safety purposes (such as Google map location data are sometimes utilised to alert somebody when someone is in danger, or medical data in a hospital to share/analysed by medical practitioners), entertainment (such as recommending your favourite shows in YouTube), and commercial (showing advertisement/ financial transactions).
However, though we are actual data owners, we do not have the privilege to know the purpose of collecting our data and controlling it. We can just view the purposes in the 'accept terms and conditions' document if we read it carefully (which is the one we usually don't read and just accept everything).
- What can a user do if they want to protect their privacy in the current environment?
In practice, from the user’s viewpoint, configuring privacy preferences (or privacy settings) is the primary means of managing privacy. To date, many applications require users to explicitly follow and regulate data-sharing preferences with other services. More data/more applications mean more privacy responsibility for the users. Unfortunately, the complexity of such settings, coupled with a lack of technical knowledge, results in many users simply choosing the default settings.
However, many studies have statistically shown the inadequacy of the current manual privacy settings and user satisfaction in those settings.
So, what can be the solution to this problem? This is my starting point of research about how can I assist end-user in ensuring their privacy?
Further reading:
- Y. Shanmugarasa, H. -Y. Paik, S. S. Kanhere and L. Zhu, "Towards Automated Data Sharing in Personal Data Stores," 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), 2021, pp. 328-331, doi: 10.1109/PerComWorkshops51409.2021.9431001.
- Y. Shanmugarasa, H. -y. Paik, S. S. Kanhere and L. Zhu, "Automated Privacy Preferences for Smart Home Data Sharing Using Personal Data Stores," in IEEE Security & Privacy, vol. 20, no. 1, pp. 12-22, Jan.-Feb. 2022, doi: 10.1109/MSEC.2021.3106056.
