The very recent scandal around WhatsApp privacy update reminded us of our personal data’s worth. Billions of people use digital tools owned by companies that collect and sell their data daily, often without consent, but very few think about it until a controversy comes up. Personal data collection and what happens with it afterward is one of the main issues of our interaction with online technology, especially now amid pandemic when it seems as if we’re online all the time. New apps, such as those for video calls, pose new risks to the safety of our private information. The first step in regaining control over it is learning where the threats reside.
Name, home and IP addresses, location history, health and financial records, browsing histories, shopping preferences, social media activities, phone and app usage – these are just some pieces of information revealed through online activity and all of them are vulnerable to misuse. Data privacy (also known as information privacy) is concerned with their proper handling – how they are collected, stored, and shared, and whether this complies with restrictions such as the General Data Protection Regulation (GDPR). According to GDPR, data privacy means empowering users to make their own decisions about who can process their data and for what purpose, while data protection means keeping data safe from unauthorized access.
Outside of the digital realm where things can get clouded pretty quickly, privacy concerns are much easier to grasp. They have always been very important – we keep certain things and information hidden to protect them from falling into the wrong hands. We are reluctant to give away sensitive information in face-to-face situations, but as we get confronted with long, bureaucratic “Terms and Conditions” for features we want to use online, the concept of privacy becomes much more elusive.
It is not just about wanting things, though, but also about needing them. Many people are well aware of the proven risks and still agree to all terms and conditions for the convenience of using tools that became imperative in our daily private and professional lives. Meanwhile, others may not be informed enough about how their data is used online and may insist that they don’t care about privacy issues because they have “nothing to hide” anyway. As author and professor Colin J. Bennett explains, most people "go through their daily lives believing that surveillance processes are not directed at them, but at the miscreants and wrongdoers" despite "evidence that the monitoring of individual behavior has become routine and everyday". And while the concern about the invasiveness of government surveillance for our supposed safety is well-founded, it is mainly the private sector – big tech companies such as Amazon, Facebook, and Google – that misuse personal data for profit gains in particularly insidious ways.
Not only are we individually compromised by having our data sold to unknown third parties for dubious purposes, but we also unwittingly contribute to goals that might be unacceptable to us. One of such infamous examples was the scandal around the political consulting firm Cambridge Analytica in 2018. The company influenced the livelihood of entire nations by using personal data secretly harvested from millions of people's Facebook accounts and selling it to competing political campaigns. It became known, for example, that Donald Trump won the US elections in 2016 by hiring Cambridge Analytica to profile voters and target them with personalized political ads.
Cybersecurity expert Zak Doffman notes: "WhatsApp does collect too much data, much more than the likes of Signal, Telegram, and iMessage. But when compared to apps like Facebook, Messenger, Google, Instagram, Snapchat, and TikTok, it collects very little. So, unless you avoid those others, WhatsApp isn’t your biggest problem." The data privacy issue needs to be looked at with these different apps in mind, many of which work in an orchestrated way to extract as much data as possible.
For example, WhatsApp already collects a lot of information that can be combined with other data given through Facebook and Facebook-owned companies, such as information about how you interact with others on its services (the time, frequency, and duration of interactions with others), the time you spend online, your location (if allowed), and any statuses, profile images, and features you set. It can also collect information about your phone, such as battery level, mobile operator, and signal strength. And if you opt for data backup, it will not be encrypted, which means that the content of your messages becomes exposed and the purpose of end-to-end encryption futile.