Lack of Awareness – Examples

Another recent example is the Cambridge Analytica/Facebook – scandal which occurred in the aftermath of the 2016 US presidential election and the Brexit referendum in the UK. It turned out that millions of Facebook users’ data had been analyzed in order to determine voters’ political preferences. Afterwards, voters were targeted individually with political advertisements specifically designed to make them change their minds. Most people had no idea that this was going on, or even that it was possible, before the scandal was all over the news.

Pro-Active Awareness

Instead of waiting for the next scandal to occur, it is much better to try to increase public awareness proactively. In fact, we believe that data companies, who have the knowledge that the public lacks, have a special duty to share some of that knowledge publically.

At Seluxit, we do several things to live up to this duty. We talk about IoT and data in public venues, we engage in educational activities, and we write about data ethics in these principles.

An Example

Smith is a user of a social media company. Smith gave consent to the company collecting certain personal data for the purpose of targeted marketing. Jones works as a data analyst at the company. He discovers that the users’ data can be utilized to determine their political preferences. Jones starts employing data analytics on all users’ data, including Smith’s, and now the company holds precise political profiles of all their users.

Here, the company should inform Smith about the change in purpose and ask for a new consent. After all, he never knew that his consent implied that the company would create a political profile of him.

Complying with the Principle of Compatible Purposes

It can be very hard to determine whether two purposes are compatible. In order to be on the safe side, it’s a good idea to get new consent from the data subject whenever the purpose of data processing is not exactly the same as the purpose for collecting the data.

At Seluxit, we try our best to inform the data subjects and collect new consent, every time the purpose of processing their data changes. And, we strongly encourage our customers to do the same.

Example

Imagine an online dating app which profiles people in order to better connect potential partners with each other and target users with relevant advertisements. Due to poor data security, a political campaign gains access to users’ personal data. The political campaign collects the data and uses them to determine people’s political preferences, in order to better target people with political advertisement, and spread fake news about opponent parties.

Compliance with the Principle

At Seluxit we are accountable for all our actions, and we take the responsibility that comes with holding and using data very seriously. We comply with all relevant data regulations, including the GDPR, and should our use of data have unforeseen bad consequences in the future, we will inform everyone involved and do our best to resolve the issue.

Why is Security So Important?

Security is important for several reasons. One reason is that it helps protect people’s privacy. If customers give their personal data to a company, it is normally with the expectation that the company protects the data. If the data in question are very personal, a security breach can lead to an immense invasion of privacy.

Security is not only an important feature of privacy protection, it is also important for avoiding blackmailing, financial fraud, espionage, and so on.

Example #1

Smith owns and uses a wearable fitness tracker, which collects data about Smith’s activity level, heart rate, sleep patterns, location, etc. Unfortunately, the manufacturer who collects all the data has very poor data security. One day, a hacker named Jones gains access to all of Smith’s data. Jones can see that Smith’s heart rate normally goes up for 30 minutes every Tuesday night at the same location. Jones makes a quick Google search to see who lives at that location. It turns out that it is one of Smith’s colleagues. Jones now uses this information to blackmail Smith. He wants $10.000, or he will reveal to Smith’s wife, children and friends that Smith is having an affair with the colleague.

Example #2

Smith owns a robotic vacuum cleaner, which is connected to the internet. As it moves around in Smith’s house, it collects data about when it is used, where it is used, etc. After having vacuumed Smith’s house for a few months, the manufacturer of the vacuum cleaner has a detailed map of Smith’s house, and they know when Smith is usually not home. Unfortunately, the manufacturer of the vacuum cleaner also has very poor data security, so Jones is able to get access to Smith’s vacuum data. He sells this data to a group of burglars, who breaks into Smith’s home the next day when he is not home.

Bad Business and Harmful Consequences

Any company or state who collects data, especially personal data, should make sure they have a sufficient level of security. For a company, the consequences of a data breach can be devastating, since it can completely undermine customers’ trust in the company. This is of course bad for the company. But as the examples above have demonstrated, security breaches can also have outright harmful consequences for the data subjects.

When is Profiling Problematic?

Profiling is not problematic in itself. We all make profiles of eachother in our minds all the time. We get information about each other, and we automatically form opinions and make predictions about each other all the time. So when is profiling problematic? Simply put, profiling is problematic when it is used in a harmful or unfair way. Let us look at an example.

An Example

Smith complains to the bank advisor Jones, explaining that he and Peter have the same age, the same income etc., so he doesn’t understand why he is not eligible why Peter is. Jones explains that historically, people living in Smith’s neighbourhood tend to have a bad track record when it comes to paying back long term loans. This, and only this, is the reason why the algorithm declined Smith’s application but approved Peter’s.

Biased Algorithms

Besides treating like cases alike, the algorithms used for profiling should not confirm or amplify biases. In the example above, it might be true that people in Smith’s neighbourhood tend to have bad track records when it comes to paying back long term loans. But the neighbourhood itself is probably not the real cause of it. It’s more likely that some people with bad track records tend to move to that neighbourhood for some other reason, for example, that it’s cheap. When Smith’s application is turned down, the algorithm confirms that people from that neighbourhood should be denied loans.

As much as possible, profiling algorithms should be based on real causes, rather than on spurious correlations with factors like location, race, ethnicity, physical appearance etc. In general, we must avoid the unfair use of profiling.