The Unending Data Dilemma: Navigating Privacy, Breaches, and Regulations

Consider this for a minute!!

If you are given 2 options: never to access the internet and keep your data safe OR surf the internet at the expense of your data privacy, which would you choose?

Don’t worry, I know this is a tough call to make, but I happen to think you may choose the latter over the former simply because you do not understand the intricacies of such a decision and its ripple effect on your security and safety.

Do you know that:

• According to Zippia Research, 1.7 MB of data is generated by an average person per second.
• Domo conducted a study that showed that 2.5 quintillion bytes of data are generated each day.

This simply means every time we use our smartphones, browse the internet, shop online, and interact with social media, we leave behind digital footprints. These footprints manifest as your data. This data fuels the digital economy, powers innovation and growth, and is behind many of the products and services that we use every day, from personalized recommendations to smart devices to digital assistants.

Yet, personal data is also a double-edged sword. While data can enable you to access information, benefits, and opportunities, it can also be used against you which could result in manipulation, discrimination, and harm, due to lack of autonomy, privacy, and security.

Thus, everyone must understand the concept of data usage, privacy, theft, and regulation in 2023.

What is data privacy?

Data privacy is the safeguarding of your personal information from being disclosed to public and private entities in a variety of circumstances. It involves having the autonomy to choose whether, how, and to what extent you want to communicate or share your personal information with others.

This may lead to one asking:

Is my online footprint/data truly private?

Each time you use a particular service or consume a particular product or service especially online, these activities are recorded and saved as your personal data, revealing your preferences, habits, interests, and identities. On the flip side, it can expose your vulnerabilities, secrets, fears, and biases.

Tech companies are mostly counterparts to this ruse. With companies like Facebook, Google, Twitter, and the rest, users often believe they can retain full ownership and privacy control on their data, securing them from misuse, but this is highly unlikely. Personal data end up getting harvested from your footprints on the internet across platforms and being provided to businesses, companies, and individuals who need them to create targeted products and services.

Data mismanagement and harvesting have become a norm for the past two decades, especially with the advent of new modern internet technologies, and have been commercially used by most businesses from start-ups to large companies for targeted marketing. Data harvesting often leads to Data Breaches and Theft and this can lead to serious cases of cyber crimes.

Data Theft

Data Theft otherwise called “Information Theft” is an act that involves obtaining sensitive, confidential, and protected data from servers and sites that are being disclosed without the owners’ permission, which compromises privacy. Any information that is being accessed without due permission, be it personal or organizational data from any platform, especially if the platform has been charged with the responsibility of keeping the said data safe, has been subjected to data theft.

Data theft is considered serious security and privacy issue. It is an illegal transfer or storage of financial, personal, and confidential information. Data theft takes place in many organizations be it small private businesses or big corporations.

The crux of data theft, which is its most notable effect is that, once anyone gets access to personal and private information regardless of what type of information it is, they are at liberty of being used against their owners’ will or permission. Data theft is a major cybercrime that involves the illegal storage or exfiltration of data or financial information. Its growth has been fueled by rapid digital advancements in recent years.

Major Data Breaches, Fines, and Settlements

Given the dawning enlightenment of data privacy infringement and breaches, various countries around the world have enacted data privacy and protection laws and regulations to guide how data are collected, how data subjects are informed, and what control a data subject has over their data once it is transferred.

These laws are enacted with penalties to follow if any of the laws are faulted by any platform or site, which could be fines, lawsuits, and even prohibiting a site’s use in certain jurisdictions.

So far, several data breaches and privacy infringement has been recorded. Some of the examples include:

• Facebook was sued by Belgium’s data protection regulator in 2015 for trampling on EU privacy law by tracking non-Facebook users’ online activities without their consent when they visit a Facebook page. The court ordered Facebook to desist from that act or risk a fine of $277,000 daily.

  
  

• In 2018, The New York Times reported that the French Data Protection Authority under the GDPR had fined Google 50 million euros equivalent to $57 million for not properly disclosing how its services collect users’ data for personalized advertisement.

  
  

• Amazon, Apple, Facebook, Google, and Microsoft were sued by a French digital rights group called La Quadrature du Net in 2018 for allegedly violating the EU’s General Data Protection Regulation (GDPR). The group claimed that the tech giants used “forced consent” to collect personal data from users without giving them a choice. The lawsuits could result in fines of up to 4% of their global revenue.

  
  

• Google was sued in a proposed class action in the U.S. in 2020 for illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode. The lawsuit seeks at least $5 billion, accusing Google of violating federal wiretapping and California privacy laws.

  
  

• Didi Global, a Chinese ride-hailing company, was fined $1.19 billion by China’s cyberspace regulator in 2021 for violating data protection laws. The fine was the largest ever imposed by China for data breaches and came after Didi’s controversial IPO in the U.S.

Major Data Privacy Protection Laws and Regulations

Some of the major data protection laws that are still in effect in 2023 include but are not limited to the following:

1. The EU General Data Protection Regulation (GDPR)
2. The EU Data Act
3. The EU Data Governance Act
4. The EU ePrivacy Regulation
5. The EU-U.S. Data Privacy Framework (DPF)
6. The US Connecticut Data Privacy Act (CTDPA)
7. The Utah Consumer Privacy Act (UCPA)
8. The Virginia Consumer Data Protection Act (VCDPA)

The Current Status of Data

The reality of the lack of data privacy and outright data sourcing and harvesting has become an eye-opener to a great degree and has made many users express their dissatisfaction and voice their disapproval of the process without owners’ approval.

Technology continuously evolves; new ideas and innovations emerge to improve our way of living and solve our challenges. In 2023, several of these technologies are becoming dominant. One such technology is Artificial Intelligence (AI). With the proliferation of AI-generated content, there is a fear of data privacy infringement. It becomes difficult to manage, track, and protect personal data as AI can seep into platforms for resources. This can lead to data breaches, the use of personal data without owners’ permission, and other legal issues. Nonetheless, due to data privacy awareness, there have been enough concerns raised to offset or significantly debase the vulnerability of data.

The convergence of consumers, government, and market forces in recent times is creating a system where users can be more in charge of their data, successfully lifting the ”Digital Curtain” which had obscured the data sourcing and harvesting practices of companies and businesses from lawmakers and the public.

One converging force and distinct pressure currently driving change in the personal data industry are Government Action. Several data regulations and laws around the world have been created to enforce data safety and keep individuals in control of their data.

Conclusion

Data privacy and protection are becoming increasingly important in our digital society as technology advances. In the coming months, we will witness a new era of data protection and governance, as consumers demand more control over their personal information, governments enact more stringent and comprehensive laws and regulations, and businesses adapt to the changing landscape and expectations.

The EU and the United States are already leading the way with their ambitious and comprehensive data laws that aim to foster trust, innovation, and competitiveness in the data economy and so is the US, by establishing data privacy laws across several states. These laws will have significant implications for businesses and individuals who collect, share, or use data across various sectors and scenarios.