Data Privacy Week: Confronting the Corporate Gaze

Magnifying glass over social media icons and profiles

The Privacy International Network is celebrating Data Privacy Week, where we’ll be talking about how trends in surveillance and data exploitation are increasingly affecting our right to privacy. Join the conversation on Twitter using #dataprivacyweek.

It is no mystery that data exploitation is part of most consumer-oriented tech companies’ business models. A big part of our lives is recorded and exploited, from our web searches, to our personal communications, location, and our shopping habits, just to name a few data points, to generate even more data about us, through the observation of the data trail we leave behind.

Our lives are then not only under the scrutiny of governments and their (mass) surveillance activities, but also under the eyes of corporations looking to extract value from our data and interactions. All of this is happening at a global scale, and in many cases with little or non-existent safeguards.

The Privacy International Network is working to expose companies that fail to protect their customers’ data, analysing their terms of service and practices, exploring how users perceive social media platforms, and studying how these platforms are being leveraged for intelligence purposes. 
 

Telecommunications: How do they (not) defend our data?

How transparent are telecommunication companies about their collaboration with law enforcement agencies? Red en Defensa de los Derechos Digitales (R3D) posed that question in their report “Who does not defend your data” (available in Spanish). It examines a new federal telecommunications law in Mexico that imposed obligations for telecommunications companies to collaborate with law enforcement agencies, many of them poorly drafted and undermining the right to privacy.

In Uganda, Unwanted Witness had a similar question. They researched the existing legal framework on telecommunications and privacy to explore how companies were protecting their customers’ data. Their subsequent report is pretty self-explanatory: Your Communication and Personal Data is not Safe Anymore, and highlights the lack of regulation to protect the rights of the users of telecom companies and Internet Service Providers, which is compounded by the absence of data protection legislation.

ADC report

(In)visible followers: Social and state surveillance enabled by social media

Our relationship with social media is becoming increasingly complex: while providing new audiences to promote our messages and defend our causes, it also enables unprecedented levels of surveillance of our actions.

7iber focused their attention on that tension, investigating why people in Jordan are increasingly migrating from Facebook to Twitter (available in Arabic). Their research found that, among other factors, users' perception of social surveillance from their families on Facebook had triggered that decision.

Meanwhile, the Argentina-based Asociación por los Derechos Civiles researched the use of open source intelligence in their report “Followers we don’t see” (available in Spanish). They analysed the government's monitoring of social media to investigate crimes, and detailed how this ‘cyber patrolling’ had eroded the right to privacy and freedom of expression, creating a chilling effect for social media users.

In some cases the scale of the surveillance is bigger. In a report launched this week, 7amleh, a partner organisation from Palestine, describes how the Israeli government restricts key telecommunications infrastructure in Palestine, including access to frequencies and key network equipment. This control of key infrastructure facilitates violations of Palestinians’ right to privacy and freedom of expression.

GAFA

Digital platforms: How accountable are they?

Finally, there is the question of the accountability of digital platforms. Two members of the PI Network have studied this issue: Dejusticia, in Colombia, researched the accountability of Google and other big Internet companies, while Digital Rights Foundation (DRF) prepared a report about ride-sharing apps in Pakistan.

After analysing privacy policies from more than 30 companies with business models based on data exploitation, Dejusticia found that their practices were not properly addressed by the current personal data framework (available in Spanish). Moreover, they concluded that many of these practices, like user profiling, need to be further addressed by legislative and regulatory reform.

In Pakistan, DRF prepared a detailed study on the practices of Uber and Careem in the country, highlighting the need for better complaints mechanisms and security procedures, which are particularly necessary from a gender perspective and the specific impacts that such policies have over women. They also found that both companies’ privacy policies lack basic guarantees such as data breach disclosures and contain unspecified data sharing provisions, among other flaws.

Countering the hidden data ecosystem

Alongside the work of its partners, Privacy International has been active in countering corporate exploitation. Last year, we presented a complaint against seven companies for wide-scale and systematic infringements of data protection law.

We also launched a report outlining how how apps on Android share data with Facebook, finding that at least 61 percent of the apps that were tested automatically transfer data to Facebook the moment a user opens the app, regardless of whether people have a Facebook account or not.

The fight to confront and counter the corporate gaze is only beginning, and we will keep working with the Network to expose and push back against exploitative practices that impact our privacy, freedom, and autonomy.