Surely, there is money to be made from people’s private information. Most tech companies monetise the information they collect from people – by selling or exchanging raw data, or by processing it and selling what they learn from its analysis. In fact, these companies often rely on the money they make from data to be able to offer their services and products free of charge. It’s a bizarre state of affairs: more technology collects more data that is traded for money that enables more technology to collect more data etc. It is a state of affairs nobody really had a problem with for many years. After all, weren’t we all collectively ecstatic about our sparkling new devices and convenient new apps?
But this has changed. Data manipulations that exploit people for ulterior purposes – often hidden, sometimes harmful and immoral – have come to light. Only the top of a titanic iceberg, some claim. Only the start of a doomed future in which people will be dominated by those in control of technology, or worse – by intelligent technology itself. In any case, reasons enough, most claim, to motivate a global call for regulation that protects people’s privacy, and in the same breath – human liberties.
While well intended, there seems to be an awful lot of confusion and frustration surrounding these regulations. On the one hand, people invoke them left, right and centre to justify their refusal to share information. On the other hand, companies bombard consumers with dense-looking statements and requests for our consent at the drop of a hat. In reply to this overreaction, it is perhaps good to point out that these regulations never meant to prohibit the processing of private data categorically. The harms and immoralities these regulations aim to protect us from, need to be understood and weighed up in the context of the social and economic benefits data processing generates. What these regulations are in fact meaning to do, is establishing conditions for processing a particular kind of information (“personal information“). These conditions only apply to particular circumstances and fundamentally revolve around the principle of consent. In a nutshell, what they aim to do is give people control over which private information they share with others. For South Africa, the most relevant of these regulations are the Protection of Personal Information Act (POPIA) and the EU’s General Data Protection Regulation (GDPR).
But why should privacy be protected at all? While some argue that privacy is bad – its lack of transparency may be used as a cloak to hide social harms or to fence off economic progress and distribution – most agree that people desire to have control over which information they share with others – to some extent, for at least two reasons. Firstly, privacy makes us human. The desire for privacy reveals something about how we relate with other people. Think of the difference between sharing intimate information with a pet, or with a device, as opposed to sharing that information with another person. We wish to keep some information about ourselves away from other people – perhaps because of how people may use that information against us (in ways that pets and devices can’t). Or, as some philosophers claim, because of how sharing information of different levels of intimacy defines our different social relationships, and in the same breath: our humanity. Secondly, if knowledge is power, then knowing something about a person gives power over that person. Privacy gives us power to control who knows what about us, and consequently control over who we allow to interfere with our minds and lives.
While the value of privacy may be obvious for consumers, profit-driven companies may be forgiven to ask “What’s in it for us?” The answer may be found in economic, ethical, and legal arguments.
Of course, with more data comes more responsibility – especially if this data contains information that people value and care about. This is my second argument for why companies ought to respect people’s right to privacy: consumers value companies they can trust. Whereas this trust historically relates to the credibility of a company and the quality of its services or products, today’s consumer trust relies heavily on a company’s attitudes towards contemporary moral issues, including safeguarding the environment, protections against discrimination of any kind, and respect for people’s personal life choices. A company’s corporate reputation and trust is at stake. A blatant disrespect of people’s privacy, or a malicious data breach that could have been prevented, can harm company’s reputation and consumer trust in ways that may be hard to justify or rectify in today’s ethical landscape.
Finally, there are of course strong legal arguments to protect consumers’ privacy rights, too. The legal fraternity would be keen to point out the investigative, administrative, conciliatory, criminal and civil procedures that may be lodged against you by the Information Regulator in terms of sections 73-109 of POPIA – for not complying with POPIA’s conditions for lawful processing of personal information, for not cooperating with the Information Regulator, or for the harm this has caused. In addition, as part of their own compliance requirements, companies within your supply or service chain may need to ensure that the companies they work with are POPIA compliant. As a start, you would do well to require the companies you work with to be POPIA compliant – especially if they share personal information about third parties with you, or if you share this information with them.
Interested to read more about this topic? Read The Ethics of Data Privacy
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category . |
cookielawinfo-checkbox-others | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others". |
cookielawinfo-checkbox-performance | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance". |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_MM7N47F8ZT | 2 years | This cookie is installed by Google Analytics. |
_gat_gtag_UA_211894160_1 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |