Privacy Matters: Your Data, Your Power, Your Responsibility
In a recent engagement with Bank Indonesia’s statistics team, I discussed the critical role of data synthesis in safeguarding privacy within analytics and machine learning. “Privacy” itself is something I’ve been thinking a lot about since 2018, when I really started to see how easy it could be for people to misuse personal information.
Online, it’s a lot like exploring a busy, wild place. There are some people who might misuse your information. Some might try to track where you are or what you’re up to, while others aim to make money by taking your personal data or selling it to others. Then there are those who “doxx” people, which means they share private details about someone online to harm or embarrass them.
It is cancel culture using privacy.
It can be slightly worrying because once something is posted online, it’s tough to completely erase. That’s why protecting privacy is important, as it helps keep online presence under control.
However, the importance of privacy goes far beyond just protecting against obvious misuses or embarrassing disclosures. As Daniel J. Solove argues in his article “Why Privacy Matters Even if You Have ‘Nothing to Hide’”, privacy is not just about hiding bad things. Many people dismiss privacy concerns with the argument that if you have nothing to hide, you have nothing to fear. But this view critically misunderstands the nature and value of privacy.
Privacy is not just about keeping secrets; it’s about power, autonomy, and the dynamics between individuals and institutions. Even when we’re not doing anything wrong, the collection and use of our personal data can still create issues. These include aggregation, where harmless bits of information combine to expose sensitive details; exclusion, where we are unaware of how our data is being used; secondary use, where data is repurposed without our consent; and distortion, where incomplete data presents a skewed or inaccurate picture of who we are.
What is Data Privacy?
Data privacy refers to the practice of handling personal information with care, ensuring that individuals have control over how their data is collected, used, and shared. It is a fundamental aspect of maintaining personal security and autonomy in our digital world. Data privacy involves implementing measures to protect personal data from unauthorized access and ensuring compliance with privacy laws and regulations. This concept is crucial as it helps prevent misuse of personal information and supports the rights of individuals to maintain control over their personal data
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
— Edward Snowden, interview with Glenn Greenwald, 2014
Our daily digital activities, from social media use to online transactions, generate vast amounts of data, contributing to a comprehensive digital footprint that defines our virtual existence (Boyd & Crawford, 2012). Every time we go online, whether we’re posting on social media, shopping, or even just browsing websites, we’re creating a lot of data. This collection of information is often called our digital footprint. It includes everything from the posts we share, the websites we visit, the things we search for, and even the products we buy. Over time, all this data paints a detailed picture of who we are in the online world.
Beyond Password Theft
When we think about privacy risks online, we usually worry about things like passwords or bank details being stolen. However, there’s another, less obvious danger: quasi-identifiers. These are pieces of information that, on their own, don’t seem harmful but can be combined with other data to identify individuals.
A study by Latanya Sweeney (2000) showed how seemingly harmless data can lead to serious privacy risks. She found that by using just three pieces of quasi-identifier information — ZIP code, birthdate, and gender — she could correctly identify 87% of people in the U.S. population. She demonstrated this by taking publicly available health records (with names removed) and cross-referencing them with a voter registration list. Even though the records didn’t have names, combining the quasi-identifiers allowed her to match the anonymous records to real people.
Quasi-identifiers become a privacy concern because they can be pieced together with other public or leaked data. For instance, a ZIP code might not reveal much on its own, but when combined with a birthdate and gender, it can narrow down the list of possible people to just a few. This makes it possible to de-anonymize data that is supposed to be anonymous, meaning it’s no longer private.
Many people dismiss privacy concerns with the argument that if you have nothing to hide, you have nothing to fear. But this view critically misunderstands the nature and value of privacy.
In today’s world, where large amounts of personal information are stored and shared online, this type of data is everywhere. Social media profiles, online shopping accounts, and even fitness apps often ask for and store quasi-identifiers. If this information gets leaked or used in combination with other datasets, it can be used to identify someone, even if more sensitive information like passwords isn’t available.
Anatomy of a Data Breach
Data breaches are unauthorized access events that compromise personal data. The breach of a major corporation, which exposed sensitive customer data, serves as a sobering reminder of the prevalence and impact of such incidents. This means that personal data, like names, addresses, passwords, or even financial details, can be stolen or exposed without permission. When hackers or criminals get access to this kind of data, they can use it for fraud, identity theft, or other illegal activities.
You shouldn’t confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That’s because you want privacy, not secrecy. There are always certain facts about us — say, personal health information, or sexual behavior — that we wouldn’t want the whole world to know, and that’s okay. The need for privacy is legitimate, and that’s what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets. — Privacy Guides (Source)
The effects of a data breach go far beyond the initial theft of information. For individuals, having personal data stolen can lead to stress, financial loss, and identity theft. People might lose money, face legal trouble, or have to spend a lot of time and effort restoring their accounts or credit.
But data breaches don’t just affect individuals — they can also have a huge impact on businesses and society. When a company suffers a breach, it can lose the trust of its customers, face legal action, and suffer financial losses. The average cost of a data breach is in the USD 4.88M. This cost includes not only the financial damage but also the time spent fixing security systems, notifying customers, and dealing with lawsuits. These breaches can even disrupt larger systems, like government services or healthcare, causing widespread problems.
Taking Control: Simple Steps to Protect Your Privacy
There are many easy ways to improve your privacy and keep your data safe online. Being mindful of what we post and with whom we share it is crucial. For instance, before sharing sensitive information, ask yourself if it’s necessary and who might have access to it later. Avoid oversharing on social media, as even seemingly trivial details can be exploited by bad actors or algorithms to build a more complete profile of you. Additionally, be cautious about the permissions you grant to apps and websites. Many platforms ask for more access to your personal data than they truly need — whether it’s your location, contacts, or browsing habits. By actively reviewing and limiting these permissions, you reduce the chances of your data being used in ways you didn’t intend.
Furthermore, make a habit of questioning the necessity of each app or service in your digital life. The fewer platforms that have your information, the more control you maintain over it. When deleting unused accounts, remember to clear any associated data stored by those services.
When I conducted my personal experiment on living without social media, which I wrote about here, it was partially due to privacy concerns, although I eventually reactivated LinkedIn.
The Bigger Picture: Why Privacy Matters for Society
Privacy isn’t just a personal issue — it’s crucial for a healthy society. It’s the foundation of freedom, democracy, and innovation (Zuboff, 2019). Without privacy, people might feel scared to speak their minds, share new ideas, or live their lives freely. For example, in a world where everyone’s personal data is constantly tracked, people may feel watched and restricted in their actions. Privacy allows people to think and act independently, which is vital for personal liberty and social progress.
I hope that in the future, privacy becomes a core part of all digital interactions, not something we think about after the fact. It should be built into the design of apps, websites, and technologies so that everyone’s data is automatically protected. As we move further into the digital age, it’s important for all of us to work together to protect our privacy — not just for ourselves, but for society as a whole.
References:
- Boyd, D. & Crawford, K., 2012. Critical Questions for Big Data. Information, Communication & Society, 15(5), pp.662–679.
- Sweeney, L., 2000. Simple Demographics Often Identify People Uniquely. Carnegie Mellon University. Available at: https://dataprivacylab.org/projects/identifiability/index.html.
- Zuboff, S., 2019. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. New York: Public Affairs.
