Privacy and Data Protection
Module 4 explores critically the impact of data aggregation, as well as the impact of data collection, storage, analysis, use, and sharing, on privacy and security. The ever-increasing availability of data increases the number of suitable targets from which both criminals and cybercriminals compromise. This module also covers the concept of privacy as a human right and explores the relationship between privacy and security, the imperative of data protection and breach notification laws, as well as the ways in which data is, and can be, protected to safeguard persons, property, and information.
Learning Objectives
After completing this module, you should be able to:
- Discuss privacy and its importance as a human right
- Identify and analyze the impact of cybercrime on privacy
- Critically evaluate the relationship between security and privacy
- Critique data protection and breach notification laws and practices across nations
- Critically assess data protection enforcement practices of states and recommend effective ways to protect data
Summary
Privacy and data protection are critically important topics in today’s digital age, given the increasing collection, storage, and use of personal information by governments, businesses, and individuals.
Privacy refers to an individual’s right to control their personal information and to keep it confidential. It encompasses various aspects, including personal, bodily, informational, and communication privacy. People have the expectation that their personal information will not be accessed, used, or disclosed without their consent.
Data protection, on the other hand, is the set of practices and regulations designed to safeguard personal data from unauthorized access, use, disclosure, or alteration. It involves measures to ensure that data is processed fairly, lawfully, and securely.
Privacy and data protection are essential because they protect an individual’s autonomy and freedom by allowing them to control the sharing of their personal information. They build trust between individuals and organizations that handle personal data. Protecting personal data is crucial to prevent identity theft, fraud, and cyberattacks.
Privacy is recognized as a fundamental human right in many countries, and data protection regulations help enforce and protect this right. Many countries have enacted laws and regulations to protect individuals’ privacy and data. The European Union’s General Data Protection Regulation (GDPR) is one of the most comprehensive data protection laws globally. The United States has various privacy laws at both the federal and state levels, while other countries have their own data protection regulations.
Data protection laws typically include principles that organizations must follow, such as obtaining clear and informed consent from individuals before collecting and processing their data. Limiting data use to the purposes for which it was collected. Collecting only the data necessary for the intended purposes. Implementing security measures to protect data from breaches. Allowing individuals to access, correct, and delete their data.
Despite the legal framework and best practices, privacy and data protection face ongoing challenges. For example, rapid technological advancements create new data privacy concerns, e.g., AI, Frequent data breaches highlight the vulnerability of personal data. In addition, government surveillance and data collection by tech companies raise privacy concerns. Moreover, cross-border data transfer and compliance with data protection laws can be complex.
Individuals also play a role in protecting their privacy by being cautious about sharing personal information online, using strong passwords, and being aware of privacy settings on various platforms. Privacy and data protection are fundamental to safeguarding individual rights and maintaining trust in the digital age. As technology continues to advance, the need for strong privacy laws, ethical practices, and informed consumers is more critical than ever.
Key Takeaways
- Privacy and data protection – These are important topics in the digital age that protect an individual’s right to control their personal information and prevent unauthorized access, use, disclosure, or alteration of their data.
- Data protection laws and principles – Many countries have enacted laws and regulations to protect individuals’ privacy and data, such as the GDPR in the EU and various laws in the US. These laws typically include principles that organizations must follow, such as obtaining consent, limiting data use, and implementing security measures.
- Challenges and solutions – Privacy and data protection face ongoing challenges, such as technological advancements, data breaches, government surveillance, and cross-border data transfer. Individuals and organizations can take steps to protect their privacy by being cautious, using strong passwords, and being aware of privacy settings.
Key Terms/Concepts
Digital Privacy
Fourth Amendment
Human rights
Identity Fraud
Identity Theft
Information Security
Privacy
Security breach notification laws
Warrantless Tracking
Modern Example
The United States Supreme Court ruling that police need a warrant to track your cellphone is a significant decision in terms of privacy rights and protections for individuals. The ruling reaffirms the Fourth Amendment protections against unreasonable searches and seizures.
In today’s digital age, cellphones are essentially extensions of ourselves, containing vast amounts of personal information. Tracking someone’s cellphone location can provide a detailed picture of their movements, activities, and associations. Requiring a warrant for such tracking ensures that individuals are protected from unwarranted government intrusion into their private lives. Therefore, requiring law enforcement to obtain a warrant introduces a level of oversight and accountability. It ensures that police cannot engage in unchecked surveillance or abuse their power to track individuals without valid justification.
While law enforcement agencies argue that warrantless tracking is necessary for investigating crimes and protecting public safety, the court’s decision strikes a balance between these needs and individual civil liberties. It acknowledges the importance of law enforcement efforts while upholding the fundamental right to privacy.
As technology evolves, legal standards must adapt to ensure that privacy rights remain protected. This ruling demonstrates the court’s recognition of the changing landscape of technology and the need to apply constitutional principles in a manner that reflects these advancements. Overall, the Supreme Court’s decision underscores the importance of privacy in the digital age and reinforces the principles of constitutional protections against government intrusion. It serves as a crucial safeguard for individuals’ rights and freedoms in an increasingly interconnected world.
Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone
Read, Review, Watch and Listen
- Listen or read CNET’s (June 2020) Google collects a frightening amount of data about you. You can find and delete it now.
- Read NPR’s After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users.
- Read Confirmed: Apple Caught In Siri Privacy Scandal, Let Contractors Listen To Private Voice Recording (July 30, 2019).
- Read Digital Age: Is our privacy under threat? (UN Human Rights Office, 2018).
- Read About digital privacy and human rights (UN Human Rights Office, 2021).
- Review How the Global Spyware Industry Spiraled Out of Control (DNYUZ, Dec. 2022).
- Review California lawmakers pass a bill to make it easier to delete online personal data (Queenie Wong, Sep. 2023).
- Watch Apple Responds to Siri Privacy Scandal – also embedded below.
- Watch Human Rights in the Digital Age – also embedded below.
- Read Section 3 (pp. 6-8) of the American Civil Liberties Union (ACLU) Information Privacy In The Digital Age (2015):
- Listen or read A bill aiming to protect children online reignites a battle over privacy and free speech
ACTIVITY 3 – Fractured Identity
Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
Purpose
The purpose of this class activity is to advance your understanding of identity theft/fraud; that is, the misuse of another person’s information with the intent to commit fraud, as one of the fastest growing forms of fraud facilitated by electronic devices and via the Internet. An enhanced understanding of electronic crime improves your ability to protect yourself and prepares you for a criminal justice career. David Birch’s concept of “fractured identities and the need to reduce the degree of personal information provided within each electronic transaction and thereby reduce the incidence of indent theft.
Instructions
- Review the United States Department of Justice’s (DOJ) overview of identity theft: https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud (DOJ, 2021)
- Watch David Birch: A new way to stop identity theft: https://youtu.be/IZjPnaifVIM (TED, 2021)
- Identify, retrieve, and review the contents of those cards that you use every day to complete electronically based transactions, including driver’s license, passport, auto insurance card, university identification card, debit and credit cards, library cards, medical insurance cards, etc.
Answer the following questions:
- Describe how much information is provided two one or more of those cards listed above and explain how those details are needed/required to complete a particular transaction. For example, the last four digits of the card or your account or social security number.
- List information on those cards selected within the previous question, that you believe could be deleted (i.e., omitted) and explain why those particulars are unnecessary.
- Thinking about how many software applications you use daily, e.g., social media, estimate how many software applications are necessary to complete transactions in your daily life.
- Rate your personal information exposure on a scale of 1 (least “fractured”) and 5 (most “fractured”). Explain what you might do to improve that self-assigned score.
Key Terms/Concepts
Identity theft is the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain.
Identity fraud is similar to identity theft, but fraud usually refer to the same crime. Still, one could make the case that the fraud is the actual use of the stolen information for illicit gain.
Information Security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Privacy is the state of being free from unwanted or undue intrusion or disturbance in one’s private life or affairs; freedom to be let alone.
Security breach notification laws data breach notification laws are laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.
Supplemental Resources
- The U.S. Supreme Court Says ‘No’ to Cell-Phone Searches Incident to Arrest (David J. Robinson, September 2014 • Volume 102 • Number 9 • Page 438) [last accessed, February 2024]
- Surveillance Self-Defense Electronic Frontier Foundation (EFF) [last accessed, February 2024]
- Electronic Frontier Foundation (EFF) – “The leading nonprofit defending digital privacy, free speech, and innovation.”
- RAND_RRA108-3-Countering Technology-Facilitated Abuse Criminal Justice Strategies for Combating Nonconsensual Pornography (Amanda R. Witwer, Lynn Langton, Michael J. D. Vermeer, Duren Banks, Dulani Woods, Brian A. Jackson)
- Communications Assistance for Law Enforcement Act (last accessed, February 2024]
- Surveillance Technology Oversight Project (S.T.O.P.) – The Surveillance Technology Oversight Project (S.T.O.P.) is a 501(C)(3), non-profit advocacy organization and legal services provider.
- SEC’s Cyber Disclosure Rule: Prepping for What’s New (As cited but not involved in producing the by The Wall Street Journal) [last accessed, February 2024]
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Digital privacy refers to the protection of an individual's personal information and online activities from unauthorized access, surveillance, and misuse in the digital realm. It encompasses the control individuals have over the collection, storage, and sharing of their personal data online, including information such as browsing history, location data, communications, financial transactions, and any other digital footprints.
The Fourth Amendment to the United States Constitution is a crucial component of the Bill of Rights, ratified in 1791. It serves to protect the privacy and security of individuals by placing restrictions on governmental intrusion into their personal lives. Specifically, the Fourth Amendment states:
" The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (United Nations, 2021).
Similar to identity theft, but fraud usually refer to the same crime. Still, one could make the case that the fraud is the actual use of the stolen information for illicit gain.
The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
The state of being free from unwanted or undue intrusion or disturbance in one's private life or affairs; freedom to be let alone.
Laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature.
Warrantless tracking refers to the surveillance or monitoring of individuals' activities, movements, or communications without obtaining a warrant from a court or other legal authority. This type of tracking typically involves the collection of data through various means, such as GPS tracking devices, cell phone location data, surveillance cameras, or internet monitoring tools, without the explicit permission or oversight of a judicial body.
Warrantless tracking raises significant privacy concerns as it often involves the gathering of sensitive personal information without proper legal safeguards in place. It can infringe upon individuals' rights to privacy, freedom of movement, and freedom from unwarranted government or corporate surveillance.
In many legal systems, including in the United States under the Fourth Amendment, warrantless tracking may be subject to legal challenges and restrictions. Courts may require law enforcement agencies or other entities to obtain a warrant based on probable cause before engaging in certain types of tracking activities to ensure that individuals' rights are protected and that surveillance is conducted in a lawful and accountable manner.
