Lack of Awareness – Examples

Another recent example is the Cambridge Analytica/Facebook – scandal which occurred in the aftermath of the 2016 US presidential election and the Brexit referendum in the UK. It turned out that millions of Facebook users’ data had been analyzed in order to determine voters’ political preferences. Afterwards, voters were targeted individually with political advertisements specifically designed to make them change their minds. Most people had no idea that this was going on, or even that it was possible, before the scandal was all over the news.

Pro-Active Awareness

Instead of waiting for the next scandal to occur, it is much better to try to increase public awareness proactively. In fact, we believe that data companies, who have the knowledge that the public lacks, have a special duty to share some of that knowledge publically.

At Seluxit, we do several things to live up to this duty. We talk about IoT and data in public venues, we engage in educational activities, and we write about data ethics in these principles.

An Example

Smith is a user of a social media company. Smith gave consent to the company collecting certain personal data for the purpose of targeted marketing. Jones works as a data analyst at the company. He discovers that the users’ data can be utilized to determine their political preferences. Jones starts employing data analytics on all users’ data, including Smith’s, and now the company holds precise political profiles of all their users.

Here, the company should inform Smith about the change in purpose and ask for a new consent. After all, he never knew that his consent implied that the company would create a political profile of him.

Complying with the Principle of Compatible Purposes

It can be very hard to determine whether two purposes are compatible. In order to be on the safe side, it’s a good idea to get new consent from the data subject whenever the purpose of data processing is not exactly the same as the purpose for collecting the data.

At Seluxit, we try our best to inform the data subjects and collect new consent, every time the purpose of processing their data changes. And, we strongly encourage our customers to do the same.

Example

Imagine an online dating app which profiles people in order to better connect potential partners with each other and target users with relevant advertisements. Due to poor data security, a political campaign gains access to users’ personal data. The political campaign collects the data and uses them to determine people’s political preferences, in order to better target people with political advertisement, and spread fake news about opponent parties.

Compliance with the Principle

At Seluxit we are accountable for all our actions, and we take the responsibility that comes with holding and using data very seriously. We comply with all relevant data regulations, including the GDPR, and should our use of data have unforeseen bad consequences in the future, we will inform everyone involved and do our best to resolve the issue.

Why is Security So Important?

Security is important for several reasons. One reason is that it helps protect people’s privacy. If customers give their personal data to a company, it is normally with the expectation that the company protects the data. If the data in question are very personal, a security breach can lead to an immense invasion of privacy.

Security is not only an important feature of privacy protection, it is also important for avoiding blackmailing, financial fraud, espionage, and so on.

Example #1

Smith owns and uses a wearable fitness tracker, which collects data about Smith’s activity level, heart rate, sleep patterns, location, etc. Unfortunately, the manufacturer who collects all the data has very poor data security. One day, a hacker named Jones gains access to all of Smith’s data. Jones can see that Smith’s heart rate normally goes up for 30 minutes every Tuesday night at the same location. Jones makes a quick Google search to see who lives at that location. It turns out that it is one of Smith’s colleagues. Jones now uses this information to blackmail Smith. He wants $10.000, or he will reveal to Smith’s wife, children and friends that Smith is having an affair with the colleague.

Example #2

Smith owns a robotic vacuum cleaner, which is connected to the internet. As it moves around in Smith’s house, it collects data about when it is used, where it is used, etc. After having vacuumed Smith’s house for a few months, the manufacturer of the vacuum cleaner has a detailed map of Smith’s house, and they know when Smith is usually not home. Unfortunately, the manufacturer of the vacuum cleaner also has very poor data security, so Jones is able to get access to Smith’s vacuum data. He sells this data to a group of burglars, who breaks into Smith’s home the next day when he is not home.

Bad Business and Harmful Consequences

Any company or state who collects data, especially personal data, should make sure they have a sufficient level of security. For a company, the consequences of a data breach can be devastating, since it can completely undermine customers’ trust in the company. This is of course bad for the company. But as the examples above have demonstrated, security breaches can also have outright harmful consequences for the data subjects.