Monday, July 15, 2024

INCOGNITO | Privacy in the digital environment

[NOTE: Earlier this month, when I was asked to discuss the state of privacy in the digital environment, I focused on the risks it is exposed to whenever people log on to the Web. Since I believe the conversation is a crucial one, I am reproducing here the gist of what I said.]

If we’re going to talk about privacy in the digital realm, it’s important for us to have a basic appreciation of the context. What do we mean exactly when we refer to the digital environment?

The concept is that space where our life meets our use of technology, particularly the Internet. It continues to grow each day both in terms of magnitude and impact. Just consider the numbers. In 2017, 46% of households already owned a computer. This 2020, 59% of the world’s population is hooked to the Internet. They spend more than 100 days online per year. 50% are in social media, spending an average of 2.5 hours per day.

Here in the Philippines, 67% of the population are active internet users who spend 9 hours and 45 minutes online everyday. That’s the highest in the world. 73 million are active in social media, patronizing the medium almost 4 hours a day.

These figures will continue to go up because we are always finding new ways to connect something we use or do to the Internet.

Another important footnote is the central role of data in this ongoing process of digitalization. Much of the digital environment runs on data. It makes money out of data.

We produce so much data online today that some of the things that supposedly happen in a so-called internet minute are simply mind-boggling: 18.1 million messages transmitted; 188 million emails sent out; 390,000 apps downloaded, via the Apple Store and Google Play; 3.8 million search queries made on the Google search engine. These numbers don’t even include yet government data processing statistics.

But perhaps the most astonishing trivia of all is this: according to one estimate, if you compute all information humans have been able to produce from the very beginning until the year 2000, you should know that we produce the same amount of information in less than an hour today!

Come to think of it, this would explain why there is now a growing number of tech companies among the world’s top businesses. They’re ones that have been most successful at monetizing data. Many of them are now are here in Asia. Beginning in 2014, the continent is already home to more tech companies than the US.

Having amply described what our digital environment looks like, let’s now take a quick look what kinds of challenges it creates for our privacy. It will take us days to discuss all of them, so I’m only going to highlight three problem areas:

  • Proliferation of data-intensive systems (DIS), which, by their very nature, challenge data protection laws and our very definition of privacy. DIS are those systems and technologies that operate around the collection and subsequent processing of data on large scales. We’re talking about the likes of social media platforms and fintech products, such as lending apps, in the private sector. Governments have their digital identity systems, health information exchanges, and SIM card registers, as common examples. While these systems do offer benefits, they pose a lot of risks as well. If I’m forced to identify one problem that has the most significant impact on privacy online, it is probably how they enable the misuse or abuse of our personal data.
  • Steady but steep rise in cybercrimes, particularly those involving privacy violations or the unauthorized processing of personal data. There is no denying that the number of crimes involving the unauthorized or unlawful processing of personal data have shot up. We see today — almost on a regular basis — the occurrence of such crimes as identity theft, online harassment and cyberbullying, doxing, revenge porn, and, of course, hacking incidents. In many cases, they disproportionately affect vulnerable groups and those already belonging to marginalized sectors.
  • Emergence of a real-life surveillance society. Especially when DIS are involved, digitalization has made it possible for both the government and private sector to conduct more and better surveillance activities. Edward Snowden showed us in 2013 how bad things are right now as far as governments are involved. If the Netflix special “Social Dilemma” taught us anything, it’s that private companies are just as guilty.

To make matters worse, other factors have made these problems more difficult to address. For instance, many countries still do not have data protection laws and regulations. In those that do (like us), the law will often have flaws or limitations. Policy gaps are common.

Sometimes, there is a privacy law, but the regulator or implementing agency is weak. Weakness can be in terms of powers, funding, personnel, and expertise on the subject matter. This leads to poor implementation which can feel a whole lot like having no law at all. In other instances, there is a law and a capable regulator. The problem is that the latter is compromised. When regulators cozy up to the very same entities they are supposed to regulate, they become useless.

To address these problems effectively, a number of things have to happen:

  • We must make sure technologies are always grounded in law. Those developed or managed by government must always have a legal basis. The law creating them must have safeguards and must recognize transparency as a key component. Of course, all technologies must adhere to privacy and data protection laws, like recognizing data subject rights and prescribing mandatory breach notification protocols.
  • There must be effective oversight by competent and independent regulators. Regulators must be given sufficient powers and resources. But they must also do their jobs effectively. They need to make sure they are competent at what they do. And they must also not allow themselves to be compromised or influenced by vested interests.
  • Civil society must remain active and vocal. NGOs, the media, and academic institutions must be ready to assist the government, but also keep it in check always. They must continue to speak truth to power, while the government must welcome and not shun valid criticisms.
  • People need to be empowered citizens or data subjects. We need keep ourselves informed of applicable laws, especially those that give us rights. Then we should exercise these rights whenever we can—even when it’s inconvenient.

In trying to preserve our privacy and other human rights online, we have to believe that technology exists to supplement our weaknesses, and not to take advantage of them. We must therefore make sure it enhances our rights, instead of undermining them. True progress, after all — the kind promised to us by a digital future — should never be at the expense of our fundamental rights.

The author is a lawyer, artist, photographer, and privacy advocate. Additional information and queries may be sent to


- Advertisement -spot_img




- Advertisement -spot_img