Privacy, Surveillance, and The Law of Social Media

Introduction

An individual has the right no to be subject to automated individual decision making, this is as it is stipulated in article 22 of the UK general data protection regulation (GDPR). “a subject shall have the right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning him/ her or similarly significantly affects him/her.”[1] The GDPR is devised to coordinate anonymity laws in the UK for the shielding of subjects against the unlawful processing of personal data and its free circulation coming with it.[2] Personal data, in this case, refers to any information that relates to an unidentified or identifiable living individual.[3] In the UK, data protection law was initially governed by Directive 95/46/EC, and later on, the GDPR which was brought into effect in May 2018. The data protection act applies when personal data is gathered, and stored by an organization or individual for use.

The personal data whose mishandling leads to infringement is usually the data that contains sensitive information about a natural person. This data includes information about an individual’s race, ethnicity, political inclinations, genetics, health status, biometrics, religion, and sexual orientation.[4] Having established this, it’s, therefore, an individual’s right to be appraised on how their data is used, bar the use of the data, request for its removal, update, or portability.

            Serious infringement of this stipulation leads to a fine of ten million euros or 4% of the organization’s annual turnover of a fiscal year whichever is higher. An individual responsible for the use of personal data has to adhere to a set of strict rules referred to as ‘data protection principles. They therefore must make sure that the information is: used in a fair, lawful, and transparent manner, used for the specified and explicit purposes, used adequately, relevantly, and limited to only what is necessary, kept up to date, and kept for no longer than is necessary, handled securely, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.[5]

In direct marketing, the GDPR rules on direct marketing with a focus on calls texts, and emails, to individuals and how they affect lead generation and the use of marketing lists. It will therefore help the responsible organization to operate within the law and maintain their good reputation with customers and set out what enforcement action can take against those who ignore the rules.[6] in this light, the organizations must therefore not send marketing texts or emails to individuals without a prior specific consent there is however an exemption of the previous customer who is known as the soft opt-in. in this case, organizations are required to stop contacting the customers once they opt out.

With the UK and the international community economy revolving around the availability and the use of data, the question of how this provision is affecting the marketers has risen a discussion in recent days. It brought about the questioning of the purpose of its existence and whether it should be removed and replaced with legislation more focused on whether automated decision-making meets a legitimate interest area. In this paper, I will carry out a critical analysis of what this provision does for the society and its effect on the market thereby determining whether it’s in the best interest of the UK, in general, to remove the provision or if it should be kept in place.

Advantages of having the stipulation

There is the question of what pertains to a legitimate test and who is authorized to classify the cause as legitimate or not. To remove such a provision, the definition of a legitimate test must be clear so that trust can be built. Some individuals would not react well to their personal information being shared. “Strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.”[7] Building trust and a safe business environment were what the GDRP aims for, to break it, you have to create an equally safe environment and trust despite what an organization is offering. The EU endeavors to regain the trust put by the society in the business enterprises responsible for the treatment of their data thereby increasing the digital economy across the EU-internal market.[8] The legislation must hence provide for legality, equality and transparency, data restriction, data minimization, accuracy, storage limit inhibition,  privacy, and maintain accountability.[9] The credibility, therefore, has to remain intact whether the provision remains in place or not.

The GDPR provision evens the playing field. Before the realization of the GDPR, the businesses that maintained ethical practices were at a major disadvantage from those that breached the privacy of individuals. The GDPR, therefore, serves to keep fairness in the business practice. “Ethical enterprises fumbled about as they tried to determine how to reach a level of privacy that protected customers and clients without placing their organizations at an untenable competitive disadvantage.”[10] the GDPR provision, therefore, is key in making sure that the business is fair for all parties involved.

This provision also plays a major role in maintaining the credibility of the enterprises and brands. People are not trusting in nature and knowing that there is a set of laws that has your best interest goes a long way in maintaining the credibility of businesses. Besides, it’s a fact that once this provision has been waived, the businesses will act majorly in their interests than those of their customers. Working to maintain that companies are in line with the GDPR standards has become a vital benchmark for enterprises providing products and services to companies, as well as for the companies that seek to differentiate themselves to potential consumers.[11] Its therefore in the businesses’ best interest to make sure that they adhere to this provision so that the consumer can be confident when receiving services from a brand. Responding quickly to data breaches and remaining in compliance with the GDPR, as will inspire ongoing trust with your customers.[12] this provision, therefore, works in favor of both parties involved.

Disadvantages of the Stipulation

The sharing of the said data can lead to saving lives. What I mean by this is that since nowadays smartwatches thet take the vitals of their owners have become a common thing, then the data recorded by the owners of those providers can be used to find out even the slightest of body changes that occurs just before a stroke or even a heart attack. They can therefore employ this data in making sure that when it happens to another person they are warned.

Personalized ads have led to the exponential growth of small businesses. This point goes in both ways, say I am shopping for coffee then the business enterprise suggests a packet of sugar for me, then they suggest bread, and so on. They would be using the data obtained to make my shopping easier while still marketing their products. This would be very beneficial for both parties involved one in saving the time they use for shopping and the other in boosting their profits. “Last year a 30-second TV commercial in the US cost an average of 104.7 thousand dollars, and that’s not even including the price of the production.” [17] now imagine a person tweeting a picture of their business and based on the article people like they reach the targeted audience. Then that person has cut through the noise in the market ad advertised their product without spending as much as 5 euros on an advert.

There is also the issue of health and pharmaceuticals in general. If there was data sharing showing the different places and the different diseases that are prevalent, then it’s easy to calculate the correlation and come up with drugs that are needed in that specific region. In addition, when the pharmaceutical companies are producing a drug, they know is meant for a specific region, then that drug will be customized to meet the legislative specifications or standards of the specific country. They can also customize the medication to withstand the prevalent conditions of the targeted area. Thousands of people often view content posted by pharmaceutical companies on social media; users also share company postings making both direct and indirect influence possible.[18] to say the least, shared information would positively impact the pharmaceutical business and help the residents of a certain area.

Lastly, there are other businesses that are based in countries that are not bound by a similar set of provisions, this would mean that the businesses base here and offer the same set of services or products are at a disadvantage.it would be simpler if the rules were fair in all regions not just in the UK. We might be correct in holding these enterprises responsible but there will always be that gap between them and the enterprises that operate in a more unethical manner or a manner that doesn’t pay much interest to the privacy of the customers. This overregulation also impacts innovation. Adding red tape in the form of endless consent prompts for every data process might significantly burden customers in their enjoyment of online services and applications in an age when user-friendliness is one of the key factors in retaining customers.[19]innovation always goes hand in hand with freedom, the more freedom our developers are given, the more creative they are bound to get. And the more creative they get the better our products will be and the ability to rule the international market once more. Its therefore a positive to make sure that we keep up with the external regulations.

Conclusion

Bibliography

Government Digital Service, ‘Data Protection’ (GOV.UK, 15 November 2011) <www.gov.uk/data-protection> accessed 7 May 2022

Edwards J, ‘6 Business Benefits of Data Protection and GDPR Compliance’ (14 January 2021)

Direct marketing code of practice; draft code for consultation p 26

Sharma S, Data Privacy and GDPR Handbook (Wiley & Sons, Incorporated, John 2019) p 61

General Data Protection recital 39