CA2 – Deontology Tool
The article talks explains Europe’s new implementation of GDPR (General Data Protection Regulation). GDPR is the core of Europe’s digital information privacy legislation. GDPR is not only available to organizations and businesses in the EU but are also available to organizations and businesses that are located in other places internationally but also offer goods to the organizations and businesses that are located in the EU. However, there are certain and somewhat strict rules or regulations these organizations need to follow, or they will be given a hefty fine. Some of the rules include reporting breaches within a certain time frame to the people whose information is being kept by that organization which can be name, address, credit cards, social security, and health records. Other incidents that will need to be reported can be losses of money or losses of the rights, and freedom of individuals. In this case analysis, I will argue that the Deontology tool shows us that the United States should follow Europe’s lead because GDPR ensure users information to be used/collected correctly and for the right reasons even to the people’s knowledge.
One of the concepts from Zimmer speaks on the unauthorized secondary use of personal information. He defines secondary use of personal information a concern that the information collected by individuals for one purpose might be used for another secondary purpose without any authorization or consent from that individual. He provides an example with the Smith et al’s (1996) framework, where the loss of control of an individual’s personal information is considered a privacy violation. This relates to the GDPR article because the loss of (or loss of control) over one’s private information is a violation of their terms which would result in that organization getting a hefty fine of either 10 million Euros or four percent of the company’s annual global turnover which could be more than the minimum fine.
More on how this concept related to the GDPR case. Another example provided by Zimmer was in the T3 Project with handling student information. To aid the T3 researchers, the students housing information and email addresses were given to them to help them collect and process their data. The collection of the student’s data was primarily given to the university to facilitate various administrative functions. Instead, the researchers use the student’s person data to help them in finding their profiles on social media (Facebook) and leaking the information from their profiles for others to download and view. The student’s data was made public on Facebook for social networking reasons amongst their friends and colleagues, not for academic research. Relating back to the GDPR article, in the case this University would face a hefty fine because the secondary use of information displayed goes against the GDPR regulations.
Digging deeper into the factors of GDPR and the concept from Zimmer, his concept reveals how GDPR can help ensure good reasoning behind collecting personal information. GDPR being the one of the biggest if not the biggest regulation for EU information security, would be good for this concept because applying GDPR to the University where this situation occurred, it would have most likely prevented the student’s personal information from being leaked by the researchers. GDPR also requesting the organizations or companies to notify when a breach of any kind happens, the students would have been notified when something happened with their information. Legal controllers and processors are also required by GDPR for organizations to ensure the information is being handled properly and for primary use.
With the ethical tool dealing with Deontology and the act of doing things for the right reasons, this example with the T3 research goes against Kant’s Deontology. Kant’s Deontology represents the concept by Zimmer by showing how the T3 research project collected student information with a secondary intended use and wrong reasoning. With the case, and the Deontology ethical tool, I believe GDPR is implementing the data protection regulations with EU companies and organizations with the right reasoning behind it. GDPR adding to the data protection laws only for the sake of making more money and saving more money is out of my picture. The strict rules and regulations of GDPR are good in my opinion because like Kant’s Deontology, they are respecting the people and their privacy and are making sure these companies and organizations are abiding by their rules to ensure no one’s information is being misused under secondary circumstances.
The GDPR require these companies and organizations to report the users stolen or loss of personal information within 72 hours of them even noticing the attack. With my argument, the best thing to do in this case on GDPR was to keep the implementation and apply it to more large-scale companies around the globe, even companies not associated with the EU GDPR should look into implementing data protection similar like theirs.
The big concept Buchanan discusses is considering the big ethics of big data research. He speaks on how companies have fallen back on large scale data mining of their users but the information is provided and readily available by the users so that makes it challenging for the companies. Twitter presents an Iterative Vertex Clustering and Classification model to identify and detect ISIS supporting twitter accounts. To detect and reveal these accounts they use the algorithm containing the following of the accounts, hashtags used, and mentions of the account. Other organizations such as the police and FBI also use this tactic in information security and data mining to find individuals or groups and disrupt the communication via social media.
Benigni describes their Iterative Vertex Clustering and Classification (IVCC) model as a form of social network analysis within the context of ISIS and terrorist activities. Benigni explains how the 21st century terrorist group ISIS has started using technology and social media for the uses of promoting, scouting, and recruiting to increase participation amongst their followers. He also provides statistics with 100 million users that use Twitter daily 100,00+ accounts analyzed in Benigni. This makes it challenging because they are trying to identify the suspicious ISIS accounts within the 100,00 accounts analyzed. What they want to accomplish is the ability to demonstrate new opportunities for intelligence communication experts to gain an understanding in large populations susceptible to extremism.
Buchanan states that as a result, we are seeing in many countries including the United States, that law enforcement and in particular the FBI as participants in training and co-sponsors to events such as the 3I conference. The 3I conference focuses on research regulation and social media/big data. Relating this concept from Buchanan to the case on the implementation of GDPR, even though it is basically part of their job already, it would not be a bad idea to further include law enforcement in regulating people’s data. Making law enforcement technologically savvy and sophisticated with social media can make it easier for these large-scale companies to detected and disrupt communication with organizations or groups who have malicious intent with user data.
With both the concept from Buchanan and the specifics of GDPR, another way to potentially disrupt the communication of malicious groups through social media would be add GDPR into these social media companies to regulate the information and know what is going on (While also making sure the information is collected for its primary use of course). GDPR being the information security regulation for EU laws, this would be great addition to the Iterative Vertex Clustering and Classification model (IVCC) because it would allow there to be more control over the information between both the controllers and the processors.
Using the concept from Buchanan to assess the GDPR case, implementing a type of model like the Iterative Vertex Clustering and Classification model where it can detect potential information breaches will help reduce the number of unknown and unpredicted data breaches for these companies that hold personal information. Kant’s Deontology is relevant with his concept because implementing GDPR with the IVCC model would ensure better surveillance over what is happening in and being done withing these social media site while still staying within the regulations of collecting personal information and data. With the case relating to Deontology, the GDPR is implemented to ensure these companies are collecting and using personal information for the right reasons and primary purpose the information was intended to be used for As for the actions taken in the case, I think the right thing to do in this case was to implement GDPR into organizations that hold personal data even with some of the risks it may come with because regardless with information security there will always be risks.
To conclude about my position in the GDPR case, I hold my position on the United States implementing GDPR into organizations and companies to ensure security of personal information. There can be alternate views of this case where some may feel like GDPR is not as ethical as it seems and may be “too much” or have too many restrictions on companies. Another alternate view could be the GDPR could only be meant to bring in more money and not really be meant for saving peoples personal information. With my position in the case there are some drawbacks or problems to be considered. If the United States followed Europe’s lead with GDPR they could be some friction between companies in the different countries or the countries themselves with having to go by another country’s privacy control regulations. One of the drawbacks of GDPR is the cost and amount of time it would take for the large-scale companies to get their information and databases in check and in compliance of GDPR.