Storing information online has become more popular as the world becomes more technologically advanced. For many individuals, privacy provides boundaries of protection so that they feel secure with any data that is stored online. In the United States, there are very few laws that protect an individual’s privacy. Most of the time the right to privacy is protected by statutory law. For example, HIPAA protects an individual’s health information and records. In other countries, information and data protection is taken more seriously. In Europe, the General Data Protection is a new set of rules that provides citizens control over their data. In the article, “What is GDPR? Everything you need to know about the new general data protection regulations” by Danny Palmer, he states that Europe will extend the definition of “personal data” so that more information can be protected. For example, information that is considered personal could be: names, addresses, and photos. However with Europe extending the definition, information such as IP addresses and bio metric data are also protected. This goes to show the extent Europe will go to provide their citizens the highest protection for any data that is stored online. The GDPR goes as far as giving citizens the right to know if their information has been hacked. In this Case Analysis, I will argue that consequentialism/utilitarianism shows us that the United States should follow Europe’s lead because it would provide individuals more security knowing that their personal data is being protected.
Information on social media is public to many. Therefore, when researching on social
media accounts, it is important to understand expectations of privacy and the nature of consent. In the article, “But the Data is Already Public”: on the ethics of research” by Micheal Zimmer, he addresses the ethical concerns that arise when doing research on public social media accounts. He stated that a research group in 2008, publicly released profile data from many college student’s Facebook’s account. The main issue that arose was that the data from the Facebook accounts was quickly identified. While the researchers tried protecting the student’s information, the privacy of the students was put at risk. While the information is public, there is that possibility of some of the college students not wanting their information to be used for research. In the ethical tool, “consequentialism/utilitarianism” it states that in order to do the right thing, you need to do the thing that increases the total amount of good in the world. In regards to the researchers accessing the college student’s information, it is morally right that they should have asked for permission to use the information. Although they did not do anything illegal, asking for permission to use the information would have been the right thing to do. After the researchers discovered that the college student’s privacy was at risk, they attempted to fix the situation. They stated, “all the data is cleaned so you cannot connect anyone to an identity”. However, a few days after the researcher’s statement, Fred Stutzman stated that, “no two networks will be exactly similar, meaning individuals may be able to be identified in the datasets post (Stutzman, 2008)”. This shows that the researchers did not do as much as they could to fix the situation.
In Micheal Zimmer’s, “But the Data is Already Public”, the situation of the researchers putting college student’s information at risk, it was shown that they did not do much to fix the situation. Instead of avoiding this entire situation by asking the college student’s personally if they were willing to participate in the research, they asked the college itself for permission. In
Micheal Zimmer’s article it stated that “all data were collected with the permission of the college being studied”, this being said the college students had no idea that their information was being used. The entire situation of using someone’s information without permission, is morally wrong. What should have been done in this situation, was the researchers sending out emails or letters to the college students. In that letter or email, there should have been an option to choose from whether they are agreeing to participate or if they are not. This would have been the most ethical way to get people to participate in the research. In the ethical tool, “consequentialism/utilitarianism”, it states that, “an action is right if the consequences of that action were good”. In this case, the action that was taken in the first place was not right, and there were negative consequences that came out of that. There are people who take their privacy very seriously, some to the point where they do not want people knowing their name or email addresses. This whole situation perfectly describes why the U.S. needs to have more policies in place to protect the privacy of individuals. The GDPR that is used in Europe, is something that definitely needs to be adopted in the United States. If it were to be adopted in the U.S, the college students would have been notified that their information was being used.
A number of privacy issues arise when information such as: medical history, search history, social history, and more. According to Arvind Narayanan and Vitaly Shmativok’s, “Myths and Fallacies of Personally Identifiable Information”, the digital economy relies on this information that for many is considered private. That goes to say that the United States relies on using individual’s personal information in order to fuel the digital economy. In order for the United States to use this information legally, the U.S. founded the Privacy Act of 1974. With this act, it allows the collection of personal information by government agencies. Compared to the
EU, an act like this does not exist. With the GDPR in place in the EU, it allows a process called “right to be forgotten”, which allows citizens the rights and freedoms to have any personal information they do not want stored to be deleted. A process like this needs to be enforced in the United States. Almost everyone can agree that information as sensitive as medical records, should not be used regardless of the situation. Information like this is so valuable to hackers, if that information is accessible to them, they have access to all other information as well. The effects of having private information stolen is extremely negative. The United States needs to have more policies in place to protect this private information instead of worrying about how it relies on the digital economy. The EU has much more policies in place because they understand that a person’s personal information should not be able to be accessed as easily as it is in the United States.
When it comes to companies storing personal information from users, they will always assure their users that the information would not be released. Some of the personal information that could be used is information that is able to identify a person. If the information were to be released, it would only be released in a “non personally identifiable” form. According to the article, “Myths and Fallacies of Personally Identifiable Information”, companies will claim that once data has been “de-identified” it is then suddenly okay to release the information because there is no way to identify these individuals. This is not always the case, as individuals still have that risk when their data is used by companies. Going back to the ethical tool, “consequentialism/utilitarianism”, it states that the right action is the one that maximizes the amount of happiness and minimizes the amount of suffering. This relates to an individual’s information being accessed by an unauthorized individual. The amount of suffering an individual
will go through if their information were to be hacked into is significant. More needs to be done to protect sensitive information. This goes back to the United States needing to implement more policies in regards to protecting the information of individuals. If the United States were to implement more procedures such as the ones that are in place in the EU, less information would be hacked.
Private information is important to individuals, as it provides a sense of security. With the world becoming more technologically advanced, more people are becoming confident enough to store their personal information online. It allows an individual to have all their information in one place and provides them security knowing that it is all there. Therefore, making sure that their information is protected is of high importance. The United States does not have enough policies implemented in order to protect individuals’ privacy. Compared to the EU, they have the GDPR which provides citizens more control of their privacy that they stored online. With this policy in place, it allows citizens more access to their information and it informs them if their information were to be hacked. In the ethical tool, “consequentialism/utilitarianism”, it states that in order to promote the least amount of suffering, the right action is needed to be taken. In conclusion, the United States needs to provide citizens more policies and tools to protect their personal information, in order to reduce the amount of suffering.
Citations
Zimmer, M. (2020). “but the data is already public”: On the Ethics of Research in facebook. The Ethics of Information Technologies, 229–241. https://doi.org/10.4324/9781003075011-17
Narayanan, A., & Shmatikov, V. (2010). Myths and fallacies of “personally identifiable information”. Communications of the ACM, 53(6), 24–26. https://doi.org/10.1145/1743546.1743558
Palmer, D. (2019, May 17). What is GDPR? everything you need to know about the new General Data Protection Regulations. ZDNet. Retrieved October 3, 2021, from https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/.