Author: Mariam Jikidze
This essay was originally published in the collection of essays prepared within the scope of the project funded by the Internet Society.
Introduction
The right to inviolability of personal life is discussed by scientists in many disciplines. The desire for comfort and the development of technological achievements have raised an important issue that is an integral part of modern communication, namely, the inclusion of social networks in daily life. Today, there are 4.65 billion social media users worldwide, equating to 58.7 percent of the total global population.[1] In turn, access to them requires a certain fee, which is reflected in the transfer of the individual's personal data. However, data processing by large international companies does not take place only as a result of a one-time act, i.e. transfer by the user. Data processing includes such operations as collection, use, storage, transfer to third parties, deletion, etc. Do you monitor how much time you spend on social networks? Have you read the requested security rules that you agreed to? Each swipe, like, share, post, etc. is stored in the form of servers, which allows the creation of a portrait of a person, which is called digital DNA. This is where the issue of privacy and security comes into play, as there is an unlimited amount of information about an individual, the protection of which is especially questionable when a cyber-attack is launched every 39 seconds,[2] which means a loss of control over the distribution of petabytes of information accumulated by international companies.
Personal data
Personal data is information related to an
identified or identifiable natural person[3], More
precisely, information about a person whose identity is known or can be
determined as a result of the search for additional information. A person is
identifiable when it is possible to obtain additional information without
significant effort that allows the identification of the data subject. Personal
data include name, surname, personal number, fingerprint, bank statement,
income, workplace, phone number, health status, personal correspondence,
information on debt obligations, marital status, location, conviction, etc.[4]
In addition to the above-mentioned, the personal
data protection legislation allocates a special category of data, the
processing of which requires enhanced protection due to its nature. This
category includes information related to a person's race or ethnicity,
political views, religious or philosophical beliefs, trade union membership,
health status, sexual life, criminal record, administrative detention, restraining
order, plea bargains, diversion, recognition as a victim of crime, or as a person affected. A special category also includes biometric and genetic data,
which allow the identification of a physical person with the
above-mentioned signs.[5]
Social networks and privacy
Nowadays, the terms social media and social
networking are used interchangeably, although there are clear differences
between them. Social media is any platform for the transmission of information,
for example, Snapchat, Pinterest, Youtube, Instagram, and social networking is
a two-way means of communicating with each other online, namely Facebook,
Twitter, Linkedin, etc. Social media is a much broader term as it includes
different types of media such as videos, blogs, articles and more. Separating
them is important in order to show the relevance of networks, which has led to
their establishment as the most simple, free and affordable means of modern
communication. It turns out that in some ways social networking is considered a
subcategory of social media.[6]
The information requested by
social networks covers a wide range of information about a person's personal
life. When registering in the network, the applicant needs to indicate the kind
of information that allows to identify him, namely, name, surname, date of
birth, e-mail address, route of movement and many others.[7] Every network has a developed data policy, which is uploaded on their website and can be viewed by the user,
although we find vagueness in certain parts. For example, consider Facebook,
which does not provide an exact list of partners and third parties to which the
user's personal information is provided or may be provided, which allows for
unlimited disclosure of information about a person's personal life.
A very pragmatic answer corresponds to the question of what is the purpose of entering personal information in social networks. In particular, this policy facilitates the collection and analysis of statistical data, and the offer of interesting advertisements, which makes the platform more sophisticated and effective, as it is tailored to the user's interests. However, the positive side is accompanied by the danger of misuse of data, as it is easy to create a psycho type of person. In particular, according to one of the high-profile facts of 2015, an analytical firm (Cambridge Analytica) used data collected from more than 87 million Facebook users to predict their votes in the upcoming elections, and then spread political propaganda by advertising before the elections, which led to the formation of people's will.[8] In addition, e-commerce is also taking place. For example, according to BBC News, in 2018 Facebook was found to be selling data to giant companies such as Spotify, Netflix and Amazon, [9] which violates the privacy policy, since this fact was not agreed with the users. Therefore, for a profit-oriented company, every piece of data about a person is valuable. In addition to the information stored during registration, using networks by mobile phone requires access to applications such as the camera, phone contacts, location, microphone and phone memory, which includes all other applications. In addition, the social networking applications process and store all kinds of information about who the user has contact with, which products or websites the subject visits most often, and all transactions made with the card linked to the applications on the mobile phone. In short, all the steps of the user can be easily studied, as a result of which a common base of personal data is created, the so-called "Big data".
A shared database is easily created on phones,
tablets and computers with Internet access via WIFI, 3G and 4G networks. In
general, "big data" is collected and stored for many purposes,
including medical innovation,[10] but
there is another side to the coin. The collection of big data easily forms an
individual's digital DNA, revealing who you are, what your habits are, what you
like to buy or do online, and more. However, the danger lies in its volume.
Metadata (data that describes other data), such as the time, date, and
geolocation of a photo uploaded, or observational data about a person's
preferences or behavior, are particularly dangerous,[11] since, for example, when using location-based
services, networks receive information about the real-time location of users,
in the event of a hacking attack, all the movements of the relevant person can
be hacked, which can lead to threats, blackmail and raids on network users by
criminals.[12]
This mass volume of data doubles
every other year.[13]
Austrian student Max Schrems and his
group, “Europe Against Facebook”, wanted to know more about the data Facebook
stores about them, so they requested data from Facebook and received a
2,000-page CD database dump. One interesting fact that Max Schrems discovered
is that Facebook does not always delete data when a user clicks the delete
button on the Facebook platform. For example, when a Facebook user deletes an
incoming message, the message is moved to the "Deleted Messages"
folder. When a user deletes a message from the "deleted" folder, the
message disappears from the user interface, and it can be assumed that the
message has been deleted from Facebook's servers, but as it turns out, this is
not always the case.[14] Accordingly,
there are additional questions about how and for how long user data is stored.
For "big data" storage data processors of social networks use a distributed file system (Hadoop),
which involves storing a mass amount of data in different techniques[15],
so that data is not completely lost as a result of damage to one. Therefore,
Hadoop allows the clustering of multiple computers to analyze massive data faster.
Twitter operates several large Hadoop clusters that are among the largest in
the world.[16] As for Facebook, since the number of monthly active
users of the platform is about 2.936 billion, [17]
it uses a tectonic distributed file system[18]
capable of storing exabytes of data. To represent the volume, it should be
noted that one exabyte is equivalent to one billion gigabytes. Therefore, the
storage of large amounts of personal data by modern social networks is not
really a problem.
Regarding the data storage
period, the data is stored as long as the user uses a particular social
network. As for deactivation and complete deletion, during the deactivation
period, the data is stored in the archive for 30 days, and as a result of
deleting the profile, it must be deleted within a maximum of 90 days. [19]
However, the information spread in society gives rise to assume the opposite, which
arouses distrust towards social networks.
Since it has become clear how
much personal data is collected by social networks, it is also necessary to
underline the risk arising from data processors losing control over them, which
is caused by cyber-attacks. The latter has more than once had a place on
Twitter and Facebook platforms. In particular, one of the large-scale cases
took place in 2021, which led to the disclosure of personal data of more than
533 million users.[20]
Due to technological challenges, in order to better protect the rights of users of social networks, the General Data Protection Regulation (GDPR) of the European Union was created, which takes the protection of personal data to a completely new level.[21] According to the regulation, the collector is given this right only if there is the consent of the data subject or a right clearly existing by law. The rules for obtaining consent are quite strictly defined: the subject must give it freely and explicitly. However, there is also a flaw here, since there are cases when the user is required, without explanations or alternative possibilities, to agree to the processing of various types of data in order to be able to register on a social network[22], which, I think, does not constitute a manifestation of will. According to the regulation, it is important for each user to be informed about what kind of information social networks are allowed to process and what measures can be taken if the scope is exceeded. This regulation applies to any organization registered in the European Union, which processes personal data within the scope of its activities, as well as to those organizations that are not registered in the European Union, but process the data of persons in the European Union. In addition, when processing, it is important to take into account the basic principles that ensure the inviolability of personal life. This includes lawful and fair processing of data, easy access to information about processing for a person, collection only for specific, clearly defined, lawful purposes, processing only to the extent necessary to achieve a specific lawful purpose, security and protection of data from unauthorized or unlawful processing, accidental loss, from destruction and damage.[23] However, according to the above-mentioned discussion, the practice of processing personal data in social networks establishes a lower standard, which increases the risks of unjustified interference in the private life of users.
Conclusion
The number of people wishing to register on
social networks is increasing day by day, and it is expected to increase to 6
billion by 2027,[24]
therefore, it is important for each applicant and user to know what internal
processes are going on when creating a profile, connecting with friends,
commenting or with regard to data collected by other possible interactions. From now on,
read more carefully the terms and conditions offered by social networks and
monitor the permissions you give to protect your privacy. If you notice the
incompatibility of the processing of personal data with the principles outlined
by the GDPR or you are interested in what kind of information is stored about
you, you can even contact social networks directly, as Max Schrems did.
[1] DATA REPORTAL,
GLOBAL SOCIAL MEDIA STATISTICS, 2022, იხ.
https://bit.ly/3MyxMIJ [09.07.2022]
[2] University of North
Georgia, Cybersecurity: A Global Priority and Career Opportunity, see:
[3] Article 2 of the
Law of Georgia "On Personal Data Protection", subsection
"a", N-5669, 2011, see: https://bit.ly/3uCFQRI
[4] Silagadze S.,
Personal data and the legal bases of its processing, Tbilisi, 2020, see: https://bit.ly/3z2dZgJ [09.07.2022]
[5] Article 2 of the
Law of Georgia "On Personal Data Protection", subsection
"b", N-5669, 2011, see: https://bit.ly/3yTI69S
[6] Haley, Social Networking vs Social Media: What are The Differences
& Similarities, see:
https://bit.ly/3RoFKXG [09.07.2022]
[7] Nadiradze A.,
Protection of personal data in the age of Internet and technology, Gori, 2019, 13, see: https://bit.ly/3wrH2Ja
[8] BBC News, Facebook data: How it was used by
Cambridge Analytica, 2018, see: https://bbc.in/3IoylUp [09.07.2022]
[9] Manfredsson
A., We Traded Our Privacy for Comfortability, Sweden, 2020, 11, see: https://bit.ly/3yTIMfq
[10] Manfredsson A., We Traded Our Privacy for Comfortability, Sweden,
2020, 13, see: https://bit.ly/3yTIMfq
[11] Petriashvili L., Surguladze G., Modern technologies of data
management, Tbilisi, 2017, 90, see: https://bit.ly/3nRoyN4
[12] Varma N., Bubere Z., Personal Privacy on
Social Media, International Journal, 2021, 10, see: https://bit.ly/3uBtLMK
[13] Manfredsson A., We Traded Our Privacy for Comfortability, Sweden,
2020, 18, see: https://bit.ly/3yTIMfq
[14] Andreas Kirchner A., Reflections on Privacy in the Age of Global
Electronic Data Processing with a Focus on Data Processing Practices of
Facebook, Masaryk University, 2012, 8, see: https://bit.ly/3yrxqOq
[15] Petriashvili L., Surguladze G., Modern technologies of data
management, Tbilisi, 2017, 70, see: https://bit.ly/3nRoyN4
[16] Shegalov
G., Hadoop filesystem at Twitter, 2015, see: https://bit.ly/3ySo4MN [09.07.2022]
[17] FACEBOOK STATISTICS AND TRENDS, 2022, see: https://bit.ly/3c4T4jG [09.07.2022]
[18] Pan S., Facebook’s Tectonic Filesystem:
Efficiency from Exascale, Columbia, 2021, 2, see: https://bit.ly/3nRCZ3K
[19] Andreas Kirchner A., Reflections on Privacy in the Age of Global
Electronic Data Processing with a Focus on Data Processing Practices of
Facebook, Masaryk University, 2012, 9, see: https://bit.ly/3yrxqOq
[20] Dellinger AJ.,
Personal Data Of 533 Million Facebook Users Leaks Online, 2021, FORBES, see: https://bit.ly/38BXT2M
[09.07.2022]
[21] Office of the
Personal Data Ombudsman, What we need to know about the EU Data Protection
Regulation, 2018, 3, see: https://bit.ly/3c1OP8S
[22] European Union
Agency for Fundamental Rights and Council of Europe, Guide to European Data
Protection Law, Luxembourg, 2018, 418, see: https://bit.ly/3G1G8Go
[23] The Office of the
Personal Data Protection Inspector, What we need to know about the EU Data
Protection Regulation, 2018, 7, see: https://bit.ly/3c1OP8S
[24] Statista, Number of
global social network users 2018-2027, 2022, see: https://bit.ly/3Pjgxfl [09.07.2022]
