Privacy and Data Protection
Module 4 explores the complex and changing issues of privacy and data protection in the digital era. Students will understand how personal, bodily, informational, and communication privacy are defined and challenged today. The module covers important legal frameworks such as the GDPR, CCPA, HIPAA, FERPA, and GLBA, as well as international and human rights views on privacy, including the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.
Attention is also paid to current issues, such as government and corporate surveillance, the growth of data brokers, and the ethical conflicts between security and privacy. Students will explore how data is gathered, combined, stored, analyzed, and shared, along with the dangers of breaches, identity theft, and fraud. Case studies illustrate the effects of artificial intelligence, biometric data, and international data transfers.
By the end of this module, students will understand privacy as both a legal and social concept, critically evaluate current protections and vulnerabilities, and reflect on the role of trust in digital systems. This foundation will prepare them to engage with debates over personal rights, organizational responsibility, and public policy in the information society.
Learning Objectives
After completing this module, you should be able to:
- Discuss the importance of privacy as a fundamental human right.
- Identify and analyze how cybercrime affects privacy.
- Analyze the connection between security and privacy.
- Critique data protection and breach notification laws and practices in different countries.
- Evaluate state enforcement practices and suggest effective methods to safeguard data.
Summary
Privacy and data protection are critically important topics in today’s digital age, given the increasing collection, storage, and use of personal information by governments, businesses, and individuals.
Privacy refers to an individual’s right to control their personal information and to keep it confidential. It encompasses various aspects, including personal, bodily, informational, and communication privacy. People have the expectation that their personal information will not be accessed, used, or disclosed without their consent.
Data protection, on the other hand, is the set of practices and regulations designed to safeguard personal data from unauthorized access, use, disclosure, or alteration. It involves measures to ensure that data is processed fairly, lawfully, and securely.
Privacy and data protection are essential because they protect an individual’s autonomy and freedom by allowing them to control the sharing of their personal information. They build trust between individuals and organizations that handle personal data. Protecting personal data is crucial to prevent identity theft, fraud, and cyberattacks.
Privacy is recognized as a fundamental human right in many countries, and data protection regulations help enforce and protect this right. Many countries have enacted laws and regulations to protect individuals’ privacy and data. The European Union’s General Data Protection Regulation (GDPR) is one of the most comprehensive data protection laws globally. The United States has various privacy laws at both the federal and state levels, while other countries have their own data protection regulations.
Data protection laws typically include principles that organizations must follow, such as obtaining clear and informed consent from individuals before collecting and processing their data. Limiting data use to the purposes for which it was collected. Collecting only the data necessary for the intended purposes. Implementing security measures to protect data from breaches. Allowing individuals to access, correct, and delete their data.
Despite the legal framework and best practices, privacy and data protection face ongoing challenges. For example, rapid technological advancements create new data privacy concerns, e.g., AI, Frequent data breaches highlight the vulnerability of personal data. In addition, government surveillance and data collection by tech companies raise privacy concerns. Moreover, cross-border data transfer and compliance with data protection laws can be complex.
Individuals also play a role in protecting their privacy by being cautious about sharing personal information online, using strong passwords, and being aware of privacy settings on various platforms. Privacy and data protection are fundamental to safeguarding individual rights and maintaining trust in the digital age. As technology continues to advance, the need for strong privacy laws, ethical practices, and informed consumers is more critical than ever.
In today’s digital world, vast amounts of personal data are collected, stored, shared, and sometimes misused. Protecting privacy remains one of our biggest challenges. This module provides a cursory review of privacy and data protection from four perspectives: (1) law, (2) ethics, (3) sociology, and (3) criminology. Each perspective helps us understand a different part of the puzzle.
Laws establish the fundamental rules for how data can be used. Privacy is acknowledged as a human right in international agreements like the UDHR and ICCPR. Countries and states have enacted laws to safeguard this right. For instance, the GDPR in Europe grants individuals strong rights over their data, while U.S. laws such as the CCPA in California, HIPAA (health), FERPA (education), and GLBA (finance) address specific areas. These laws mandate practices like obtaining consent before collecting data and informing people after a breach. However, enforcement remains challenging, especially when data crosses borders.
Ethics goes beyond legality to consider what is right or fair. Even if people click “I agree,” did they truly understand what they accepted? Many companies profit from personal data, a system often called surveillance capitalism. This raises difficult questions: Should companies be allowed to sell user data if people don’t fully grasp the risks? Is it fair to trade privacy for free apps or convenience? Ethics helps us think about these issues even when the law does not provide clear guidance.
Sociology examines how people and societies think about privacy. Many share personal information online because it feels normal or convenient. Younger generations tend to post more online, but surveys (like those from Pew Research) show they still worry about misuse. Different cultures also have varied views on privacy. For instance, Europeans expect strong legal protections, Americans often balance privacy with business and security, and in China, government priorities influence privacy practices. Trust plays a crucial role—people are more likely to share data if they trust the institutions handling it.
Criminology explains why data is misused or stolen. Theories of crime help us see patterns:
- Routine Activity Theory – voluminous amounts of personal data create easy targets.
- Rational Choice Theory – cybercriminals see data crimes as low-risk and high-reward.
- Strain Theory – insiders may abuse data if they feel stress or pressure.
Real-world cases such as the Equifax breach or ransomware attacks demonstrate how these theories are applied. Criminology links data misuse to larger concepts of crime and victimization.
Sometimes these perspectives work together, and sometimes they clash. Laws might permit practices that many view as unethical. National security efforts can conflict with personal privacy. People’s willingness to share data (sociology) creates opportunities for cybercriminals (criminology). Understanding these overlaps helps us grasp why privacy is such a complex and critical issue.
Privacy and data protection go beyond just obeying the law. They raise issues of ethics, social conduct, and crime. Looking at privacy from these four angles gives us a better understanding of the risks and duties in the digital world. As technology advances, safeguarding data will remain one of society’s biggest challenges.
Key Takeaways
- Privacy and data protection – These are important topics in the digital age that protect an individual’s right to control their personal information and prevent unauthorized access, use, disclosure, or alteration of their data.
- Data protection laws and principles – Many countries have enacted laws and regulations to protect individuals’ privacy and data, such as the GDPR in the EU and various laws in the US. These laws typically include principles that organizations must follow, such as obtaining consent, limiting data use, and implementing security measures.
- Challenges and solutions – Privacy and data protection face ongoing challenges, such as technological advancements, data breaches, government surveillance, and cross-border data transfer. Individuals and organizations can take steps to protect their privacy by being cautious, using strong passwords, and being aware of privacy settings.
Key Terms/Concepts
AI and Privacy (training datasets, facial recognition, biometric data)
Breach Notification
CCPA (California Consumer Privacy Act)
Consent (informed, explicit)
Data Aggregation
Data Analysis
Data Breach
Data Collection
Digital Privacy
Data Protection
Data Sharing
Data Storage
Fourth Amendment
GDPR (General Data Protection Regulation)
Human rights
Identity Fraud
Identity Theft
Information Security
Privacy
Privacy as a Human Right (UDHR, ICCPR)
Security breach notification laws
Security vs. Privacy Tension
Trust in Digital Systems
Warrantless Tracking
Modern Example
The USSC Rules – Privacy Rights and the Interest of Public Safety
The United States Supreme Court ruling that police need a warrant to track your cellphone is a significant decision for privacy rights and protections for individuals. The ruling reaffirms the Fourth Amendment protections against unreasonable searches and seizures.
In today’s digital age, cellphones are essentially extensions of ourselves, containing vast amounts of personal information. Tracking someone’s cellphone location can provide a detailed picture of their movements, activities, and associations. Requiring a warrant for such tracking ensures that individuals are protected from unwarranted government intrusion into their private lives. Therefore, requiring law enforcement to obtain a warrant introduces a level of oversight and accountability. It ensures that police cannot engage in unchecked surveillance or abuse their power to track individuals without valid justification.
While law enforcement agencies argue that warrantless tracking is necessary for investigating crimes and protecting public safety, the court’s decision finds a balance between these needs and individual civil liberties. It recognizes the importance of law enforcement efforts while upholding the fundamental right to privacy.
As technology advances, legal standards must adapt to protect privacy rights. This ruling shows the court’s recognition of the changing tech landscape and the need to apply constitutional principles accordingly. Overall, the Supreme Court’s decision highlights the importance of privacy in the digital era and reinforces constitutional protections against government intrusion. It acts as a vital safeguard for individuals’ rights and freedoms in an increasingly interconnected world.
Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone
Even more to Consider
Phone Apps Are Selling Your Driving Data to Insurance Companies Make sure to check your privacy settings (Written by Chase Bierenkoven and Edited by Cameron Rogers, June 2024).
Read, Review, Watch and Listen
- Listen or read CNET’s (June 2020) Google collects a frightening amount of data about you. You can find and delete it now.
- Key Terms: Data collection, Data aggregation, Data protection, Consent
- This article illustrates how major tech companies like Google collect vast amounts of user information. It emphasizes individual options to access and delete stored data, linking to the concept of informed consent and personal control over data.
- Read NPR’s After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users.
- Key Terms: Data breach, Breach notification, Informational privacy, Corporate accountability
- NPR reports on Facebook’s refusal to notify users after a massive breach, highlighting gaps in breach notification practices and raising questions about corporate responsibility to protect personal data.
- Read Confirmed: Apple Caught In Siri Privacy Scandal, Let Contractors Listen To Private Voice Recording (July 30, 2019).
- Key Terms: Communication privacy, Consent, AI and privacy, Corporate surveillance
- This case shows how private Siri recordings were shared with contractors without explicit user knowledge, spotlighting the privacy risks of voice assistants and biometric data.
- Read Digital Age: Is our privacy under threat? (UN Human Rights Office, 2018).
- Key Terms: Privacy as a human right, Government surveillance, Trust in digital systems
- The UN frames privacy as a fundamental human right under international law, warning that digital surveillance threatens individual freedoms globally.
- Read About digital privacy and human rights (UN Human Rights Office, 2021).
- Key Terms: Privacy as a human right, Cross-border data transfer, Security vs. privacy
- This resource updates the global discussion on digital privacy, stressing state and corporate obligations to respect privacy across international contexts.
- Review How the Global Spyware Industry Spiraled Out of Control (Los Angles Times, December 2022 as cited in Money Control).
- Key Terms: Government surveillance, Corporate surveillance, Data brokers, AI and privacy
- The article details how spyware technology has proliferated with limited oversight, enabling governments and corporations to intrude on individuals’ private lives.
- Review California lawmakers pass a bill to make it easier to delete online personal data (Queenie Wong, Sep. 2023).
- Key Terms: CCPA, Data protection, Right to be forgotten, Consent
- This piece covers California’s legislative updates expanding consumer control over personal data, reinforcing the role of state-level laws in strengthening privacy protections.
- Review the Electronic Frontier Foundation (EFF) Privacy page.
- Key Terms: Digital rights, Data protection, Government surveillance, Corporate accountability
- EFF provides resources and advocacy updates on privacy issues, highlighting ongoing policy debates and legal battles that shape digital rights in the U.S.
- Review Pew Research Center’s How Americans View Data Privacy:The role of technology companies, AI and regulation – plus personal experiences with data breaches, passwords, cybersecurity and privacy policies (By Colleen McClain, Michelle Faverio, Monica Anderson and Eugenie Park, Oct. 2023).
- Key Terms: Trust in digital systems, Data breaches, Privacy policies, AI and privacy
- This study provides empirical data on U.S. public attitudes toward privacy, technology companies, and regulation, showing widespread concern about corporate and government handling of data.
- Watch Apple Responds to Siri Privacy Scandal – also embedded below.
- Key Terms: Consent, AI and privacy, Corporate accountability
- This follow-up to the Siri case shows Apple’s attempts to rebuild trust after public backlash, offering insights into how corporations respond to privacy crises.
- Watch Human Rights in the Digital Age – also embedded below.
- Key Terms: Privacy as a human right, Global digital governance, Security vs. privacy
- This video emphasizes the intersection of technology, privacy, and human rights, focusing on the responsibilities of governments and corporations in protecting digital freedoms.
- Read Section 3 (pp. 6-8) of the American Civil Liberties Union (ACLU) Information Privacy In The Digital Age (2015).
- Key Terms: U.S. sectoral laws (HIPAA, FERPA, GLBA), Informational privacy, Legal frameworks
- The ACLU highlights weaknesses in the U.S. sectoral approach to privacy law, contrasting it with comprehensive frameworks like the GDPR.
- Listen or read A bill aiming to protect children online reignites a battle over privacy and free speech (PBS News Hour, July 30, 2024).
- Key Terms: Consent (explicit, informed), Children’s online privacy, Free speech, Regulatory debates
- This resource explores tensions between protecting minors’ privacy online and safeguarding free expression, showing how legislative debates balance competing values.
ACTIVITY 3 – Fractured Identity
STOP!!! Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
Description and Purpose
This chapter presents David Birch’s concept of “fractured identities” and the need to reduce the amount of personal information shared in each electronic transaction, thereby decreasing the incidence of identity theft.
The purpose of this class assignment is to deepen your understanding of identity theft and fraud; that is, the misuse of someone else’s information with the intent to commit fraud, which is one of the fastest-growing types of fraud facilitated by electronic devices and the Internet. A better understanding of electronic crime helps you protect yourself and prepares you for a career in criminal justice.
Instructions
- Review the United States Department of Justice’s (DOJ) overview of identity theft (DOJ, 2021)
- Watch David Birch: A new way to stop identity theft: https://youtu.be/IZjPnaifVIM (TED, 2021)
- Identify, retrieve, and review the contents of those cards that you use every day to complete electronically based transactions and/or to secure services, including driver’s license, passport, auto insurance card, university identification card, debit and credit cards, library cards, medical insurance cards, etc.
Answer each of the following questions:
- Describe the amount of information provided to one or more of those cards listed above and explain why those details are needed to complete a specific transaction. For example, the last four digits of the card, your account, or social security number.
- List the information on the cards selected in the previous question that you believe could be omitted, and explain why these details are unnecessary.
- Thinking about how many software applications you use daily, such as social media, estimate how many are essential for completing transactions in your daily life.
- Rate your exposure of personal information on a scale from 1 (least “fractured”) to 5 (most “fractured”). Describe what you could do to improve your self-assigned score.
Key Terms/Concepts
Identity theft and identity fraud are terms used to describe all types of crimes in which someone illegally obtains and uses another person’s personal data through fraud or deception, usually for financial gain.
Information Security involves safeguarding information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to ensure confidentiality, integrity, and availability.
Privacy is the state of being free from unwanted or undue intrusion or disturbance in one’s private life or affairs; the freedom to be left alone.
Security breach notification laws are laws that require individuals or entities affected by a data breach or unauthorized access to data to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation according to state legislation.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.
Discussion Questions
- Is privacy best understood as an individual right, a collective good, or both?
- Do strong data protection laws like GDPR strike the right balance between privacy and innovation?
- Should governments be permitted to override encryption in the name of national security?
- How should companies be held responsible after large-scale data breaches?
- Compare the EU, U.S., and another country’s (e.g., Brazil LGPD, China PIPL) approach to privacy. What strengths and weaknesses do you observe?
Supplemental Resources
- The U.S. Supreme Court Says ‘No’ to Cell-Phone Searches Incident to Arrest (David J. Robinson, September 2014 • Volume 102 • Number 9 • Page 438) [last accessed, February 2024]
- Surveillance Self-Defense Electronic Frontier Foundation (EFF) [last accessed, February 2024]
- Electronic Frontier Foundation (EFF) – “The leading nonprofit defending digital privacy, free speech, and innovation.”
- RAND_RRA108-3-Countering Technology-Facilitated Abuse Criminal Justice Strategies for Combating Nonconsensual Pornography (Amanda R. Witwer, Lynn Langton, Michael J. D. Vermeer, Duren Banks, Dulani Woods, Brian A. Jackson)
- Communications Assistance for Law Enforcement Act (last accessed, February 2024]
- Surveillance Technology Oversight Project (S.T.O.P.) – The Surveillance Technology Oversight Project (S.T.O.P.) is a 501(C)(3), non-profit advocacy organization and legal services provider.
- SEC’s Cyber Disclosure Rule: Prepping for What’s New (As cited but not involved in producing the by The Wall Street Journal) [last accessed, February 2024]
- The Great Hack trailer (Netflix, 2019).
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Concerns about artificial intelligence systems using personal and biometric data without consent, raising risks to privacy.
Legal requirement to inform people when their data has been compromised.
U.S. law granting California residents rights to know, control, and delete personal data collected about them.
Clear and voluntary permission to collect or use personal data.
Combining information from multiple sources for analysis.
Examining data to identify patterns or insights.
The unauthorized access, disclosure, or theft of sensitive or confidential information, such as personal, financial, or health data.
Combining information from multiple sources for analysis.
Digital privacy refers to the protection of an individual's personal information and online activities from unauthorized access, surveillance, and misuse in the digital realm. It encompasses the control individuals have over the collection, storage, and sharing of their personal data online, including information such as browsing history, location data, communications, financial transactions, and any other digital footprints.
Legal and technical measures to keep personal data secure and used appropriately.
Distributing information with other individuals or organizations.
Keeping information in physical or digital systems.
The Fourth Amendment to the United States Constitution is a crucial component of the Bill of Rights, ratified in 1791. It serves to protect the privacy and security of individuals by placing restrictions on governmental intrusion into their personal lives. Specifically, the Fourth Amendment states:
" The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
EU law that sets strict rules for data use and gives individuals strong privacy rights.
Rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (United Nations, 2021).
Similar to identity theft, but fraud usually refer to the same crime. Still, one could make the case that the fraud is the actual use of the stolen information for illicit gain.
The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
The state of being free from unwanted or undue intrusion or disturbance in one's private life or affairs; freedom to be let alone.
Recognition in international law that everyone has a right to privacy, family life, and protection of personal information.
Laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature.
The tradeoff between ensuring safety and respecting individual freedoms.
Confidence that online platforms and organizations protect data and act responsibly.
Warrantless tracking refers to the surveillance or monitoring of individuals' activities, movements, or communications without obtaining a warrant from a court or other legal authority. This type of tracking typically involves the collection of data through various means, such as GPS tracking devices, cell phone location data, surveillance cameras, or internet monitoring tools, without the explicit permission or oversight of a judicial body.
Warrantless tracking raises significant privacy concerns as it often involves the gathering of sensitive personal information without proper legal safeguards in place. It can infringe upon individuals' rights to privacy, freedom of movement, and freedom from unwarranted government or corporate surveillance.
In many legal systems, including in the United States under the Fourth Amendment, warrantless tracking may be subject to legal challenges and restrictions. Courts may require law enforcement agencies or other entities to obtain a warrant based on probable cause before engaging in certain types of tracking activities to ensure that individuals' rights are protected and that surveillance is conducted in a lawful and accountable manner.
