Privacy, Surveillance, and The Law of Social Media

Introduction

An individual has the right no to be subject to automated individual decision making, this is as it is stipulated in article 22 of the UK general data protection regulation (GDPR). “a subject shall have the right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning him/ her or similarly significantly affects him/her.”[1] The GDPR is devised to coordinate anonymity laws in the UK for the shielding of subjects against the unlawful processing of personal data and its free circulation coming with it.[2] Personal data, in this case, refers to any information that relates to an unidentified or identifiable living individual.[3] In the UK, data protection law was initially governed by Directive 95/46/EC, and later on, the GDPR which was brought into effect in May 2018. The data protection act applies when personal data is gathered, and stored by an organization or individual for use.

The personal data whose mishandling leads to infringement is usually the data that contains sensitive information about a natural person. This data includes information about an individual’s race, ethnicity, political inclinations, genetics, health status, biometrics, religion, and sexual orientation.[4] Having established this, it’s, therefore, an individual’s right to be appraised on how their data is used, bar the use of the data, request for its removal, update, or portability.

            Serious infringement of this stipulation leads to a fine of ten million euros or 4% of the organization’s annual turnover of a fiscal year whichever is higher. An individual responsible for the use of personal data has to adhere to a set of strict rules referred to as ‘data protection principles. They therefore must make sure that the information is: used in a fair, lawful, and transparent manner, used for the specified and explicit purposes, used adequately, relevantly, and limited to only what is necessary, kept up to date, and kept for no longer than is necessary, handled securely, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.[5]

With the UK and the international community economy revolving around the availability and the use of data, the question of how this provision is affecting the marketers has risen a discussion in recent days. It brought about the questioning of the purpose of its existence and whether it should be removed and replaced with legislation more focused on whether automated decision-making meets a legitimate interest area. In this paper, I will carry out a critical analysis of what this provision does for the society and its effect on the market thereby determining whether it’s in the best interest of the UK, in general, to remove the provision or if it should be kept in place.

Advantages of having the stipulation

There is the question of what pertains to a legitimate test and who is authorized to classify the cause as legitimate or not. To remove such a provision, the definition of a legitimate test must be clear so that trust can be built. Some individuals would not react well to their personal information being shared. “Strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.”[7] Building trust and a safe business environment were what the GDRP aims for, to break it, you have to create an equally safe environment and trust despite what an organization is offering. The EU endeavors to regain the trust put by the society in the business enterprises responsible for the treatment of their data thereby increasing the digital economy across the EU-internal market.[8] The legislation must hence provide for legality, equality and transparency, data restriction, data minimization, accuracy, storage limit inhibition,  privacy, and maintain accountability.[9] The credibility, therefore, has to remain intact whether the provision remains in place or not.

This provision also plays a major role in maintaining the credibility of the enterprises and brands. People are not trusting in nature and knowing that there is a set of laws that has your best interest goes a long way in maintaining the credibility of businesses. Besides, it’s a fact that once this provision has been waived, the businesses will act majorly in their interests than those of their customers. Working to maintain that companies are in line with the GDPR standards has become a vital benchmark for enterprises providing products and services to companies, as well as for the companies that seek to differentiate themselves to potential consumers.[11] Its therefore in the businesses’ best interest to make sure that they adhere to this provision so that the consumer can be confident when receiving services from a brand. Responding quickly to data breaches and remaining in compliance with the GDPR, as will inspire ongoing trust with your customers.[12] this provision, therefore, works in favor of both parties involved.

This provision also works as a guide for what data should be collected, how much, and how it is stored. This might not look like much on the surface but it guides how the data will be used and therefore takes the decision from the organizations. Article 5 (1) (e) of the GDPR and Article 5 (4) (e) of Modernized Convention 108 both demand that personal data be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data” are processed. The persona. To this end, “this time frame is established by the GDPR to provide the time that is necessary the data be scheduled for erasure or for a review” to ascertain that the personal data is kept for the right amount of time, no more than it should.[14] this stipulation makes sure that only the necessary information is taken and it’s stored properly. Without such regulations, there is bound to be a mishap in how the data is handled and a possible leak that would affect one or many individuals.

Disadvantages of the Stipulation

A free share of data would lead to streamlined services. If data would be shared among the businesses, this would lead to business mapping that in turn leads to streamlined services and products. For instance, if a business manages to identify a gap in the market, based on social media activity, then they would be able to produce a product or a service that is tailored for the specific purpose in that region. this would therefore mean an increase in productivity and a reduction in materials used and hence cost of products would most likely go down. This would favor the consumers and the producers at the same time. “Digging into data and the use of a combination of creativity, psychology, logic, and mathematics would help find the unseen patterns that can help clients reach their goals.”[15] when these techniques are put in place, this would lead to reduced cost of living, increased revenue for the country, and increased profits for the shareholders of the said organization. This all is subject to a review of the provision.

The availability of huge databases would lead to increased security. Most criminal profiling techniques are built on the use of social media arenas to track down and understand the motive and patterns of a suspect. It is this information that assists the investigators to determine the possible whereabouts of the suspect in question and consequent apprehension. Some social media apparatus like Facebook are rich with data that can be used to build a criminal profile. In addition, this step could go a long way in the mitigation of such crimes. Say a person is planning to build a nitrogen bomb. The said person will have to buy nitrogen-based fertilizer in bulk. As soon as this happens, the security agencies can then be notified and they investigate what the purpose of such amount is for and destruction is averted. With free sharing of information, whether the said individual buys be it from one store or many stores then they can be tracked and questioned.  In 2008 72 criminals were apprehended by the US law enforcement who were connected to a renowned gang by obtaining large amounts of data from a social media platform and establishing links between the criminals and their profiles, analyzing that data, and finding links between the gang members and their network.[16]

There is also the issue of health and pharmaceuticals in general. If there was data sharing showing the different places and the different diseases that are prevalent, then it’s easy to calculate the correlation and come up with drugs that are needed in that specific region. In addition, when the pharmaceutical companies are producing a drug, they know is meant for a specific region, then that drug will be customized to meet the legislative specifications or standards of the specific country. They can also customize the medication to withstand the prevalent conditions of the targeted area. Thousands of people often view content posted by pharmaceutical companies on social media; users also share company postings making both direct and indirect influence possible.[18] to say the least, shared information would positively impact the pharmaceutical business and help the residents of a certain area.

Conclusion

Bibliography

Bygrave LA, ‘Article 22 Automated individual decision-making, including profiling’, The EU General Data Protection Regulation (GDPR) (Oxford University Press 2020) <http://dx.doi.org/10.1093/oso/9780198826491.003.0055> accessed 7 May 2022

Government Digital Service, ‘Data Protection’ (GOV.UK, 15 November 2011) <www.gov.uk/data-protection> accessed 7 May 2022

Edwards J, ‘6 Business Benefits of Data Protection and GDPR Compliance’ (14 January 2021)

Direct marketing code of practice; draft code for consultation p 26

Jennifer Tyrawski and David C DeAndrea, ‘Pharmaceutical Companies and Their Drugs on Social Media: A Content Analysis of Drug Information on Popular Social Media Sites’ (PubMed Central (PMC)) <www.ncbi.nlm.nih.gov/pmc/articles/PMC4526896/> accessed 7 May 2022.

Coos A, ‘GDPR: The Pros and the Cons’ (Endpoint Protector Blog, 10 December 2020) <www.endpointprotector.com/blog/gdpr-the-pros-and-the-cons/> accessed 7 May 2022

General Data Protection recital 39

Alavi T, ‘4 Benefits You Receive by Sharing Your Data to Companies’ (towards data science, 30 November 2020) <https://towardsdatascience.com/4-benefits-you-receive-by-sharing-your-data-to-companies-70ca58e11989> accessed 8 May 2022