Social media has become an increasingly intrinsic part of our lives. Forty-five per cent of the world’s population, a staggering 3.48 billion people, connect to some form of social media, according to data collected by Hootesuite. Social and personal data has come to play a critical role in social media analytics. Businesses use this social media analytics to learn how customers perceive and interact with their brand, and make corresponding strategic changes to improve their sales.
The extensive amount of personal information that has become available online and the extent to which users and social media platform administrators can access user profiles has put user privacy at the forefront of discussion.[1] Article 12 of the UDHR explicitly states privacy as a basic human right and therefore, corporations dealing with consumer or employee data are accountable to ensure its safety and security.
Dangers
Malicious intended procurement of personal data can lead to identity theft, sexual predation, cyberstalking, and victimization. Efforts made to curb these threats along with various others are security tightening measures, attempts at the greater holding of accountability of the exploiters, censoring of offensive speech and potential violence incitement.
Public alleged insufficient efforts from Twitter and Facebook to stop hate speech and misinformation and called for regulation, overriding Facebook CEO Mark Zuckerberg’s claim that social media companies shouldn’t be arbiters of truth.
Other concerns of personal data misuse center on how bad actors access private data from social media platforms and use it to manipulate opinions for the benefit of few.[2]
Incidents
Data breaches occur for a variety of reasons. Companies can be hacked and data can be mishandled or sold to third parties. Holes in a website's security system can leave information unprotected.
A significant example of social media data exploitation is the Facebook Cambridge Analytica scandal. The political consulting firm, Cambridge Analytic, secretly harvested information from 50 million Facebook profiles and provided the 2016 Trump campaign input for political advertising purposes.
Only 270,000 Facebook users had installed the app that instigated the exploit. But due to Facebook’s data-sharing policies at the time, the app was able to gather data on millions of their friends.[3] The privacy tree - inherited privacy settings through sharing with friends, of friends - is something that we need to be cognizant of.[4]
Another Facebook data leak was of the myPersonality app, which exposed intimate details of 3 million users. Personal data from the personality quiz app myPersonality was distributed to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. The data was highly sensitive, and revealed personal details of Facebook users, such as the results of psychological tests. It was meant to be stored and shared anonymously. However, due to the profoundly poor precautions taken, de-anonymising was not difficult.[5]
Facebook gives its user data access to anyone who has an app on Facebook or integrates Facebook Login in their app.[6] Your data is not only accessed by Facebook but also by numerous other individuals. It is alarming to consider how many data misconducts may have occurred that have simply not been identified.
Problems
People are generally not aware of the value of their private data and the extent to which their data is scraped, stored and analyzed for exploitation. A single piece of information like location or preference may seem innocuous, but coupled with other material (which may be extracted through different sources) and aggregated, can create a picture of an individual’s life and habits.
Personal data in advertising or political campaigns is a trillion-dollar business. An exorbitant amount of analysis is undertaken to enhance the understanding of the behavioral aspects of individuals.
As it happens even with peoples’ best interests in terms of privacy at heart, it is difficult to maintain security in a large organization and continually persist the attempts of break-in. Additionally, it is quite common for security breaches to come from inside a company. It is critical for every data-handling company to have an extremely dedicated and motivated team of network security professionals.
Efforts
Companies that handle data are responsible for maintaining its security. To ensure accountability, new global data protection laws have been passed - The most known is the European Union General Data Protection Regulation (EU GDPR). Under the terms of GDPR, passed in 2018, organizations have to ensure that personal data is gathered legally and under strict conditions. Those who collect and manage it are obliged to protect it from misuse and exploitation and to respect the rights of data owners, or face penalties for not doing so.[7]
Several countries have taken upon emulating the EU's data protection law.
India’s Personal Data Protection Law, the country’s first legal framework for data protection, introduced in 2019, incorporates many elements of the EU’s GDPR.
What we as users should ensure
Most sites push their users to agree to terms that hold beneficial for their sites and exclude the user’s interests. Hence, although the enforcement of GDPR ensures that the default settings are privacy preserved, we should familiarize with the provided privacy protection and look into terms we would be accepting.
A two-factor authentication system is known to offer more security. However, this recourse can also be used as a duping prospect as was seen in August 2019- when a massive phishing campaign targeted Instagram users by posing as a two-factor authentication system, prompting them to log in to a false Instagram page[2]. It is imperative to check the authorization and authenticity of the software systems we keep trust in.
Conclusion
The threat of personal data misuse is one that can be fought to resist, not defeat. The initiative of data protection laws has certainly provided users with greater personal data security, holding companies accountable and liable to fines in the event of a data breach.
However, we as users cannot rely solely on data protection laws to keep our data secured, we must have well-learned awareness and concern about data privacy and follow basic data protection tips to ensure a safe cyberspace.
Article by-
Vedica Rao,
Co-Editor,
For the Record,
PES MUN Society
Comments