Why you should respect people’s right to data privacy

  Jeroen Seynhaeve     2023-06-13

You may be thinking: “To hell with data privacy, what about my profits?” or “I have nothing to hide”. Why shouldn’t we exchange private data for services and products we desire? And why should companies care about my data?

Surely, there is money to be made from people’s private information. Most tech companies monetise the information they collect from people – by selling or exchanging raw data, or by processing it and selling what they learn from its analysis. In fact, these companies often rely on the money they make from data to be able to offer their services and products free of charge. It’s a bizarre state of affairs: more technology collects more data that is traded for money that enables more technology to collect more data etc. It is a state of affairs nobody really had a problem with for many years. After all, weren’t we all collectively ecstatic about our sparkling new devices and convenient new apps?

But this has changed. Data manipulations that exploit people for ulterior purposes – often hidden, sometimes harmful and immoral – have come to light. Only the top of a titanic iceberg, some claim. Only the start of a doomed future in which people will be dominated by those in control of technology, or worse – by intelligent technology itself. In any case, reasons enough, most claim, to motivate a global call for regulation that protects people’s right to data privacy, and in the same breath – human liberties.

While well intended, there seems to be an awful lot of confusion and frustration surrounding these regulations. On the one hand, people invoke them left, right and centre to justify their refusal to share information. On the other hand, companies bombard consumers with dense-looking statements and requests for our consent at the drop of a hat. In reply to this overreaction, it is perhaps good to point out that these regulations never meant to prohibit the processing of private data categorically. The harms and immoralities these regulations aim to protect us from, need to be understood and weighed up in the context of the social and economic benefits data processing generates. What these regulations are in fact meaning to do, is establishing conditions for processing a particular kind of information (“personal information“). These conditions only apply to particular circumstances and fundamentally revolve around the principle of consent. In a nutshell, what they aim to do is give people control over which private information they share with others. For South Africa, the most relevant of these regulations are the Protection of Personal Information Act (POPIA) and the EU’s General Data Protection Regulation (GDPR).

Privacy is something we all value …

But why should privacy be protected at all? While some argue that privacy is bad – its lack of transparency may be used as a cloak to hide social harms or to fence off economic progress and distribution – most agree that people desire to have control over which information they share with others – to some extent, for at least two reasons. Firstly, privacy makes us human. The desire for privacy reveals something about how we relate with other people. Think of the difference between sharing intimate information with a pet, or with a device, as opposed to sharing that information with another person. We wish to keep some information about ourselves away from other people – perhaps because of how people may use that information against us (in ways that pets and devices can’t). Or, as some philosophers claim, because of how sharing information of different levels of intimacy defines our different social relationships, and in the same breath: our humanity. Secondly, if knowledge is power, then knowing something about a person gives power over that person. Privacy gives us power to control who knows what about us, and consequently control over who we allow to interfere with our minds and lives.

OK. But why should a company respect the right to privacy if there are profits to be made from its violation?

While the value of privacy may be obvious for consumers, profit-driven companies may be forgiven to ask “What’s in it for us?” The answer may be found in economic, ethical, and legal arguments.

First of all, carefully verified and well-structured data is a greatly valued business asset for any company. There’s nothing new about this: for as long as people have traded services and products with one another, people have built customer relationship with one another. What is new, is the way in which customer data is collected and processed. Whereas companies had to rely on market surveys and actual sales to build consumer networks in the past, today these networks can be built on the basis of countless data points that are scraped and bought off the internet. But the bottomline remains the same: consumer data is intellectual property that loses (some of) its value when it is not protected, partly because unauthorised access to this information dilutes its unique value, and partly because the lack of data protection violates the trust of your consumers and commercial partners.

Of course, with more data comes more responsibility – especially if this data contains information that people value and care about. This is my second argument for why companies ought to respect people’s right to privacy: consumers value companies they can trust. Whereas this trust historically relates to the credibility of a company and the quality of its services or products, today’s consumer trust relies heavily on a company’s attitudes towards contemporary moral issues, including safeguarding the environment, protections against discrimination of any kind, and respect for people’s personal life choices. A company’s corporate reputation and trust is at stake. A blatant disrespect of people’s privacy, or a malicious data breach that could have been prevented, can harm company’s reputation and consumer trust in ways that may be hard to justify or rectify in today’s ethical landscape.

Finally, there are of course strong legal arguments to protect consumers’ privacy rights, too. The legal fraternity would be keen to point out the investigative, administrative, conciliatory, criminal and civil procedures that may be lodged against you by the Information Regulator in terms of sections 73-109 of POPIA – for not complying with POPIA’s conditions for lawful processing of personal information, for not cooperating with the Information Regulator, or for the harm this has caused. In addition, as part of their own compliance requirements, companies within your supply or service chain may need to ensure that the companies they work with are POPIA compliant. As a start, you would do well to require the companies you work with to be POPIA compliant – especially if they share personal information about third parties with you, or if you share this information with them.

Interested to read more about this topic? Read The Ethics of Data Privacy

The briefest introduction to data privacy ethics

"You’re in control"