CASE ANALYSIS ON USER DATA

Posted by on Apr 20, 2022 in Uncategorized | 0 comments

Case Analysis on User Data

            In the case “What is GDPR? Everything you need to know about the new general data protection regulations” Danny Palmer explored what General Data Protection (GDPR) means, its effects on businesses and individuals, and how to comply with it. He noted that GDPR is the main digital privacy policy in Europe. It refers to the set of regulations aimed at giving the citizens of the European Union more control over their data (Palmer, 2019). Under the GDPR, the organizations are required to ensure they adhere to the regulations when gathering data. Also, GDPR requires the individuals who gather and manage the collected data to respect data owners` rights and safeguard it from exploitation and misuse. The GDPR applies to all organizations operating in the European Union and those outside it that supply goods and services to customers within the European Union (Palmer, 2019). According to Palmer (2019), each major organization requires the GDPR compliance strategy. Under the GDPR, personal data includes addresses, photos, names, IP addresses, biometric data, and genetic data (Palmer, 2019). The European Commission argued that GDPR would simplify the operations of businesses and allow the member nations to save about €2.3 billion each year (Palmer, 2019). Concerning the individuals, the GDPR offers them a right to be informed by organizations when a data breach has occurred. Also, the organizations are required by GDPR to inform the relevant agencies about data breaches so that appropriate measures may be taken to prevent abuse of their data. In this case analysis, I will argue that deontology shows us that the United States should follow Europe’s lead because following privacy laws is the better route to ethical conduct than realizing the correct results.

            The first central concept from Zimmer’s article is the failure of the “Tastes, Ties, and Time” (T3) researchers to protect the subjects` identity fully. Zimmer (2010) noted that the T3 researchers were aware of the privacy issues inherent in their data and took measures to protect the subjects` identities. For example, the T3 researchers removed the students’ names and identification numbers. They also delayed the release of the subjects` cultural interests and required the others researchers using their study to agree to the terms and conditions they set for the use of their study findings. In addition, the T3 researchers banned the use of the data in a way that may compromise student privacy. Furthermore, they allowed the institutional review board to review their study. Regardless of all these attempts to protect the subjects` identity, some people quickly managed to identify the dataset source (Zimmer, 2010). The T3 researchers had asserted that they had encoded or deleted all the identifying information. Zimmer (2010) revealed that the dataset’s publicly available codebook was used to identify the anonymous university in America. After narrowing down the probable universities, it eventually merged that the dataset source was from Harvard College (Zimmer, 2010).

            The failure of T3 researchers to fully protect the identity of the study subjects shows that it is essential for the United States to embrace the privacy laws like that of the European Union. If the United States had adopted privacy laws similar to the GDPR, the T3 researchers would have ensured they take more caution in protecting the identity of their subjects to avoid penalties for failing to do so. The GDPR, as highlighted by Palmer (2019), provides a higher legal liability level on the processor. Therefore, suppose the US adopts a policy similar to the GDPR, the T3 researchers would have been compelled to ensure they comply with the privacy laws by making sure the identity of their subjects could not be unmasked. Applying the deontology ethical tool to the case, I think the right thing the T3 researchers should have done is to follow the right procedures of concealing the identity of the subjects. In other words, the T3 researchers should have performed their duty of maintaining the anonymity of the subjects by ensuring their dataset contained no revealing information.

            The other central concept from Zimmer’s article is the many conceptual gaps in the T3 researchers` comprehension of the privacy risks of their project. According to Zimmer (2010), some of the conceptual gaps in the study included challenges to the conventional nature of obtaining consent, putting in place adequate strategies for ensuring data anonymity and respecting privacy on the social media sites. Zimmer (2010) highlighted that a detailed codebook of the study was downloadable without necessitating one to submit the application. The codebook contained frequencies and descriptions of different data elements like race, gender, ethnicity, college major, home state, and political views. Zimmer pointed out that the codebook showed that 821 female and 819 male subjects took part in the study. It also revealed the country of origin of the participants. These revelations happened regardless of the T3 researchers taking precautionary measures to protect the privacy and identity of the subjects. The failure of the researchers to adequately mitigate what amounted to the violations of the privacy of the subjects showed that they did not adhere to the ethical standards of research. By the fact that the researchers collected and stored an extensive amount of personally identifiable data in a database, they contradicted the privacy of the subjects. A deontologist will view this as unethical since the deontological view requires one to perform their duty as defined by rational thought. Taking this into account, I believe the right thing the T3 researchers should have done is to ensure the database contained no personally identifiable information that could reveal the database source. The United States should adopt a policy similar to Europe’s new privacy laws to ensure citizens are protected and know how their data is being processed.

            Similarly, in Elizabeth Buchan’s article, there are some central concepts that apply to the case. One central concept that Buchan discussed is using social media platforms like Twitter to identify individuals linked to terrorism or supporting terrorist organizations like ISIS/ISIL. Buchanan (2017) noted that intelligence and law enforcement organizations are determined to enhance their prowess in using big data and social media to detect and disrupt communications for security purposes (p.1). Therefore, these agencies perform data mining to identify the social media users linked to terrorist groups. Nevertheless, privacy advocates and ethicists have opposed the intelligence and law enforcement agencies’ extensive data mining and analysis (Buchanan, 2017, p.1). Buchanan further opined that the foci and context of the data mining and analysis are well-defined, but ethics of these methods are less clear (p.2).

The issue of data mining and analysis is critical in this digital age since it touches on the privacy of social media users. Relating Buchanan’s arguments to Palmer’s case, it can be deduced that there is a need for the United States to create legislation similar to that of the EU to ensure the data owners are protected. Although the police and other law enforcement agencies engage in extensive data mining for security purposes, it is pertinent to have a comprehensive law governing their work to protect social media users. Furthermore, ethics requires that researchers obtain consent from the subjects before using their data. In this vein, the intelligence and law enforcement agencies have an ethical obligation to seek the consent of the social media account users before using their data.

Drawing from the deontological ethical tool, it can be argued that the extensive data mining and analysis by the intelligence and law enforcement agencies are unethical. This can be attributed to the fact that these agencies often do not seek consent from social media account users. Although some individuals can postulate that seeking informed consent from many account users is impracticable, it is challenging for these agencies to forecast and plan for the adverse effects of the data mining and analysis technique (Buchanan, 2017, p.3). The deontological perspective emphasizes following the right rules. Thus, if the United States adopts a policy similar to GDPR, the privacy of the social media users will be protected since the intelligence and law enforcement agencies will follow the right rules in performing their duties. Also, considering that GDPR may be viewed as a universal law because the international organizations operating within the EU are to observe it, a similar law in the US can work. The Kantian thinkers hold that an action or law should be universalized. So, the US should establish privacy laws that are universal – laws that are reversible and consistent. Simply put, the US should adopt a law that promotes equality of individuals.

            Another central concept in Buchanan’s article is the research of big data. As per Buchanan (2017), this research may disclose much information regarding the person and their relationship networks (p.3). She described this type of research as pervasive since it makes individuals be data subjects and points (p.3). Furthermore, she asserted that now networks are utilized to gain more insight into people. Consequently, this trend has displaced the researchers and subjects or a participant, implying the role of the subjects has become less important (Buchanan, 2017, p.3). Buchanan raised a fundamental question regarding whether the data subjects are accorded the same responsibilities and rights as the human subjects. She observed that the ethics boards deal with complex questions relating to big data (Buchanan, 2017, p.4). Relating this concept to Palmer’s case, it can be underscored that the EU’s privacy laws were meant to protect the consumers by ensuring the businesses acted ethically. Therefore, I believe the right thing the United States should do is to create a policy similar to GDPR to govern how the security agencies collect and analyze data from social media networks. Principally, this will ensure these agencies operate within the confines of the law and act ethically.

            Based on the deontological perspective and the merits of GDPR, I believe the United States should create privacy laws similar to that of the EU. Primarily, such policies will ensure that intelligence and law enforcement agencies adhere to the ethical principles of research in this digital era. The deontological framework perceives ethical actions as the ones that follow the rules. Thus, it is indisputable that ethics should guide the researchers, including the law enforcement agencies engaging in data mining. The United States can achieve this by adopting a policy similar to the EU’s GDPR. The policy will compel all the organizations carrying out data mining and analysis to act within the ethical precincts. As Zimmer articulated, researchers should ensure their research methodologies are grounded on the established ethical principles. Equally, Buchanan calls for researchers to protect their subjects from harm. Accordingly, the United States ought to adopt a policy similar to GDPR to ensure researchers protect subjects’ rights. In this context, the researchers may include the government agencies that engage in data mining and analysis to identify people supporting terrorist organizations.

References

Buchanan, E. (2017). Considering the ethics of big data research: A case of Twitter and ISIS/ISIL. PLOS ONE12(12), e0187155. https://doi.org/10.1371/journal.pone.0187155

Palmer, D. (2019, May 17). What is GDPR? Everything you need to know about the new general data protection regulations. ZDNet. https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/

Zimmer, M. (2010). “But the data is already public”: On the ethics of research in Facebook. Ethics and Information Technology12(4), 313-325. https://doi.org/10.1007/s10676-010-9227-5

Leave a Reply

Your email address will not be published. Required fields are marked *