Privacy, Surveillance, and The Law of Social Media

Introduction

An individual has the right no to be subject to automated individual decision making, this is as it is stipulated in article 22 of the UK general data protection regulation (GDPR). “a subject shall have the right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning him/ her or similarly significantly affects him/her.”[1] The GDPR is devised to coordinate anonymity laws in the UK for the shielding of subjects against the unlawful processing of personal data and its free circulation coming with it.[2] Personal data, in this case, refers to any information that relates to an unidentified or identifiable living individual.[3] In the UK, data protection law was initially governed by Directive 95/46/EC, and later on, the GDPR which was brought into effect in May 2018. The data protection act applies when personal data is gathered, and stored by an organization or individual for use.

The personal data whose mishandling leads to infringement is usually the data that contains sensitive information about a natural person. This data includes information about an individual’s race, ethnicity, political inclinations, genetics, health status, biometrics, religion, and sexual orientation.[4] Having established this, it’s, therefore, an individual’s right to be appraised on how their data is used, bar the use of the data, request for its removal, update, or portability.

            Serious infringement of this stipulation leads to a fine of ten million euros or 4% of the organization’s annual turnover of a fiscal year whichever is higher. An individual responsible for the use of personal data has to adhere to a set of strict rules referred to as ‘data protection principles. They therefore must make sure that the information is: used in a fair, lawful, and transparent manner, used for the specified and explicit purposes, used adequately, relevantly, and limited to only what is necessary, kept up to date, and kept for no longer than is necessary, handled securely, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.[5]

In direct marketing, the GDPR rules on direct marketing with a focus on calls texts, and emails, to individuals and how they affect lead generation and the use of marketing lists. It will therefore help the responsible organization to operate within the law and maintain their good reputation with customers and set out what enforcement action can take against those who ignore the rules.[6] in this light, the organizations must therefore not send marketing texts or emails to individuals without a prior specific consent there is however an exemption of the previous customer who is known as the soft opt-in. in this case, organizations are required to stop contacting the customers once they opt out.

With the UK and the international community economy revolving around the availability and the use of data, the question of how this provision is affecting the marketers has risen a discussion in recent days. It brought about the questioning of the purpose of its existence and whether it should be removed and replaced with legislation more focused on whether automated decision-making meets a legitimate interest area. In this paper, I will carry out a critical analysis of what this provision does for the society and its effect on the market thereby determining whether it’s in the best interest of the UK, in general, to remove the provision or if it should be kept in place.

Advantages of having the stipulation

There is the question of what pertains to a legitimate test and who is authorized to classify the cause as legitimate or not. To remove such a provision, the definition of a legitimate test must be clear so that trust can be built. Some individuals would not react well to their personal information being shared. “Strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.”[7] Building trust and a safe business environment were what the GDRP aims for, to break it, you have to create an equally safe environment and trust despite what an organization is offering. The EU endeavors to regain the trust put by the society in the business enterprises responsible for the treatment of their data thereby increasing the digital economy across the EU-internal market.[8] The legislation must hence provide for legality, equality and transparency, data restriction, data minimization, accuracy, storage limit inhibition,  privacy, and maintain accountability.[9] The credibility, therefore, has to remain intact whether the provision remains in place or not.

The GDPR provision evens the playing field. Before the realization of the GDPR, the businesses that maintained ethical practices were at a major disadvantage from those that breached the privacy of individuals. The GDPR, therefore, serves to keep fairness in the business practice. “Ethical enterprises fumbled about as they tried to determine how to reach a level of privacy that protected customers and clients without placing their organizations at an untenable competitive disadvantage.”[10] the GDPR provision, therefore, is key in making sure that the business is fair for all parties involved.

This provision also plays a major role in maintaining the credibility of the enterprises and brands. People are not trusting in nature and knowing that there is a set of laws that has your best interest goes a long way in maintaining the credibility of businesses. Besides, it’s a fact that once this provision has been waived, the businesses will act majorly in their interests than those of their customers. Working to maintain that companies are in line with the GDPR standards has become a vital benchmark for enterprises providing products and services to companies, as well as for the companies that seek to differentiate themselves to potential consumers.[11] Its therefore in the businesses’ best interest to make sure that they adhere to this provision so that the consumer can be confident when receiving services from a brand. Responding quickly to data breaches and remaining in compliance with the GDPR, as will inspire ongoing trust with your customers.[12] this provision, therefore, works in favor of both parties involved.

GDPR provisions act to make sure the users’ data of users is not misused or misplaced. The point here is that there cannot be a guarantee that data will not be lost or misplaced such that it leaks. When organizations or businesses are being held accountable, they work hard to ensure that data will not find itself in the hands of the wrong people. Since there is no oversite, who is to monitor that the data obtained does not consist of sensitive content? before access to this data is given there has to be undeniable proof that these organizations are being held accountable. In the early years of the internet, it was difficult to hold businesses accountable for misconduct in their data collection and protection practices. This was partly because the law was not sufficiently developed to hold Data Collectors responsible for duties that did not exist at the time.[13] This begs the question, is this not retrogressive? What is the assurance that this data will be treated with care and privacy maintained in the absence of this provision?

This provision also works as a guide for what data should be collected, how much, and how it is stored. This might not look like much on the surface but it guides how the data will be used and therefore takes the decision from the organizations. Article 5 (1) (e) of the GDPR and Article 5 (4) (e) of Modernized Convention 108 both demand that personal data be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data” are processed. The persona. To this end, “this time frame is established by the GDPR to provide the time that is necessary the data be scheduled for erasure or for a review” to ascertain that the personal data is kept for the right amount of time, no more than it should.[14] this stipulation makes sure that only the necessary information is taken and it’s stored properly. Without such regulations, there is bound to be a mishap in how the data is handled and a possible leak that would affect one or many individuals.

Disadvantages of the Stipulation

A free share of data would lead to streamlined services. If data would be shared among the businesses, this would lead to business mapping that in turn leads to streamlined services and products. For instance, if a business manages to identify a gap in the market, based on social media activity, then they would be able to produce a product or a service that is tailored for the specific purpose in that region. this would therefore mean an increase in productivity and a reduction in materials used and hence cost of products would most likely go down. This would favor the consumers and the producers at the same time. “Digging into data and the use of a combination of creativity, psychology, logic, and mathematics would help find the unseen patterns that can help clients reach their goals.”[15] when these techniques are put in place, this would lead to reduced cost of living, increased revenue for the country, and increased profits for the shareholders of the said organization. This all is subject to a review of the provision.

The availability of huge databases would lead to increased security. Most criminal profiling techniques are built on the use of social media arenas to track down and understand the motive and patterns of a suspect. It is this information that assists the investigators to determine the possible whereabouts of the suspect in question and consequent apprehension. Some social media apparatus like Facebook are rich with data that can be used to build a criminal profile. In addition, this step could go a long way in the mitigation of such crimes. Say a person is planning to build a nitrogen bomb. The said person will have to buy nitrogen-based fertilizer in bulk. As soon as this happens, the security agencies can then be notified and they investigate what the purpose of such amount is for and destruction is averted. With free sharing of information, whether the said individual buys be it from one store or many stores then they can be tracked and questioned.  In 2008 72 criminals were apprehended by the US law enforcement who were connected to a renowned gang by obtaining large amounts of data from a social media platform and establishing links between the criminals and their profiles, analyzing that data, and finding links between the gang members and their network.[16]

The sharing of the said data can lead to saving lives. What I mean by this is that since nowadays smartwatches thet take the vitals of their owners have become a common thing, then the data recorded by the owners of those providers can be used to find out even the slightest of body changes that occurs just before a stroke or even a heart attack. They can therefore employ this data in making sure that when it happens to another person they are warned.

Personalized ads have led to the exponential growth of small businesses. This point goes in both ways, say I am shopping for coffee then the business enterprise suggests a packet of sugar for me, then they suggest bread, and so on. They would be using the data obtained to make my shopping easier while still marketing their products. This would be very beneficial for both parties involved one in saving the time they use for shopping and the other in boosting their profits. “Last year a 30-second TV commercial in the US cost an average of 104.7 thousand dollars, and that’s not even including the price of the production.” [17] now imagine a person tweeting a picture of their business and based on the article people like they reach the targeted audience. Then that person has cut through the noise in the market ad advertised their product without spending as much as 5 euros on an advert.

There is also the issue of health and pharmaceuticals in general. If there was data sharing showing the different places and the different diseases that are prevalent, then it’s easy to calculate the correlation and come up with drugs that are needed in that specific region. In addition, when the pharmaceutical companies are producing a drug, they know is meant for a specific region, then that drug will be customized to meet the legislative specifications or standards of the specific country. They can also customize the medication to withstand the prevalent conditions of the targeted area. Thousands of people often view content posted by pharmaceutical companies on social media; users also share company postings making both direct and indirect influence possible.[18] to say the least, shared information would positively impact the pharmaceutical business and help the residents of a certain area.

Lastly, there are other businesses that are based in countries that are not bound by a similar set of provisions, this would mean that the businesses base here and offer the same set of services or products are at a disadvantage.it would be simpler if the rules were fair in all regions not just in the UK. We might be correct in holding these enterprises responsible but there will always be that gap between them and the enterprises that operate in a more unethical manner or a manner that doesn’t pay much interest to the privacy of the customers. This overregulation also impacts innovation. Adding red tape in the form of endless consent prompts for every data process might significantly burden customers in their enjoyment of online services and applications in an age when user-friendliness is one of the key factors in retaining customers.[19]innovation always goes hand in hand with freedom, the more freedom our developers are given, the more creative they are bound to get. And the more creative they get the better our products will be and the ability to rule the international market once more. Its therefore a positive to make sure that we keep up with the external regulations.

Conclusion

To sum up, this argument, having considered the pros and cons of the abolishment of this provision, I would be more inclined to let it stand at least for now. While it is true that the removal of these stipulations would be like the removal of shackles to our organizations, I do not think we are prepared enough to deal with the kind of privacy breaches and leakages that is most likely to come with the removal of the stipulation. In order to do well for the organizations, we must first come up with a panel that will be mandated to make the decision of whether and how much information should a particular organization receive. It would be illogical and naïve to think that this enterprise will be bound by ethics to not share that information or to take good care of it and use it properly.

After the panel has been selected, then it will be easy to monitor what a specific organization will need to ensure the growth of our economy, and benefit the consumer and producer while making sure that the right to privacy holds even if the individuals are not the ones to sign off. In conclusion, this agenda can improve this country but it needs time to be actualized. It is an idea with many advantages but without being ready, the price is just way too high to make people pay for their economy. However, it should be tabled and discussed over time to come up with an oversite that can replace GDPR without losing our rights.

Bibliography

Bygrave LA, ‘Article 22 Automated individual decision-making, including profiling’, The EU General Data Protection Regulation (GDPR) (Oxford University Press 2020) <http://dx.doi.org/10.1093/oso/9780198826491.003.0055> accessed 7 May 2022

Government Digital Service, ‘Data Protection’ (GOV.UK, 15 November 2011) <www.gov.uk/data-protection> accessed 7 May 2022

Edwards J, ‘6 Business Benefits of Data Protection and GDPR Compliance’ (14 January 2021)

Direct marketing code of practice; draft code for consultation p 26

Sharma S, Data Privacy and GDPR Handbook (Wiley & Sons, Incorporated, John 2019) p 61

Jennifer Tyrawski and David C DeAndrea, ‘Pharmaceutical Companies and Their Drugs on Social Media: A Content Analysis of Drug Information on Popular Social Media Sites’ (PubMed Central (PMC)) <www.ncbi.nlm.nih.gov/pmc/articles/PMC4526896/> accessed 7 May 2022.

Coos A, ‘GDPR: The Pros and the Cons’ (Endpoint Protector Blog, 10 December 2020) <www.endpointprotector.com/blog/gdpr-the-pros-and-the-cons/> accessed 7 May 2022

Moore  A.  the GDPR and managing data risk  (john wiley and sons 2018) p 54

General Data Protection recital 39

Alavi T, ‘4 Benefits You Receive by Sharing Your Data to Companies’ (towards data science, 30 November 2020) <https://towardsdatascience.com/4-benefits-you-receive-by-sharing-your-data-to-companies-70ca58e11989> accessed 8 May 2022