Protection of personal data

According to José van Dijck, we are at the social divide. While Jarvis sees the division of society into industrial, informational, knowledge-based, and learner, van Dijck offers a view with a narrower time perspective, but perhaps even more optimistic. The beginnings of the Internet until almost the end of the 1990s are associated with what can be described as a culture of connectivity. The Internet and its services allow people to connect, collaborate, share and search for information, or work or learn.  

The original protocols on which the Internet was built had no security (IPv4, FTP, HTTP, etc). It was not assumed that the disruption of communication could be of interest to anyone more than just a Canadian joke. The situation began to change rapidly in the 1990s when many users appeared on the Internet and the first major companies started business there. The rapid development of the first business generation on the Internet, which seemed utterly unstoppable, was stopped by the so-called dot.com bubble - the collapse and transformation of critical players around 2000, which enabled the entry of completely new entities into the Internet space. Although it may not seem so strong in the European area, fast-growing Chinese companies have also had a significant influence in the last decade, which, given the specifics of their market, quickly became as important as players like Google or Amazon today.   

After 2000, a critical market transformation occurred. Within ten years, companies whose business portfolio is comprehensive - from the development of artificial intelligence, through trade, cloud services to after business support applications. Traditionally, this includes companies called the five - Apple, Alphabet, Microsoft, Facebook, and Amazon. In our judgment, this should also include IBM. Here we come to what van Dijck calls a platform company. A platform can be considered a company that operates an online service that automatically supports data flow (personal data, finance, data, etc.) between its parts or between users. The goal of platforms is to keep users in them for as long as possible with maximum interaction.       

Van Dijck considers cyberspace, in which there is a relatively limited number of services providing such platforms, to be problematic and dangerous for various reasons; in the Czech environment, we could also give it the label totalitarian. The first problem is that these platforms are not, in principle, regulated by anyone or anything. They have more power and influence over citizens than nation-states. At the same time, they guard their data relatively carefully, so the transition between platforms is very problematic, if at all possible. A social problem that we have already encountered is that the effort to keep users in the online service for as long as possible (with the maximum degree of interaction) leads to it being locked into increasingly powerful information and social bubbles. 

The second remark relates to that power - it turns out that large entities, such as the European Commission of the Alphabet or the US Senate in the case of Facebook and Cambridge Analytica, are not as unlimited as the prism of the middle of last year might have seemed. The previous two issues can only be compared with the restrictions paid by Microsoft about the EU, which concerned the monopoly position on the market. Thus, although the legal and personal levels are weaker than in a possibly “locally available company", there is undoubtedly a relationship to the law, and prominent players are also subject to considerable regulation.

Regulatory measures in non-democratic countries are specific - for example, China and Russia have their advanced regulatory mechanisms, which often lead (especially in China above) to an extremely close connection between the ruling class and business. Here, the user must carefully consider whether the services operated by companies from the given state are bothered or not bothered by possible manipulations or inappropriate handling of data.    

Here you need to make two remarks - while bubbles can be disrupted in an Internet search engine, for example, by using the anonymous mode, such access is impossible in the case of social networks. One is thrown into the need to use the network and be in an increasingly solid bubble or not use the network (and all its benefits). We may encounter in the future that users will have their software agents on social networks, which will have a different discourse than their own, so that once in a while, they can see how the other party sees problems. It is possible to say that the growing social discontinuity or even an inevitable tectonic disintegration of society associated with ideologically homogeneous ruptures is an important social issue.      

At this point, we would like to focus on two phenomena in the field of personal data protection in the context of the Internet and are closely related to how we think about digital competencies. The first topic is the question of the GDPR, i.e. after the search for regulations concerning those who can handle personal data and how. We would like to look at this regulation technically and economically and, above all, sociologically.      

The second topic is closely related to social networks. Though we do not intend to go through individual networks, we would like to mention some aspects of their operation and handling of personal data, which is closely related to security.  

The General Data Protection Regulation (GDPR) is a regulation that must be followed by all entities that process personal data in the EU. It is not essential for us now to go into detail, but we would like to point out some of the principles that the directive works with. Although the media was perceived as an unnecessary bureaucratic regulation working with completely unnecessary regulation, it must be said that the ideas on which they are based cannot easily be described as extreme, formalistic, or purely official. Still, their naming and efforts to legislate are positive concepts.  

At the same time, it must be said that the structure and construction of sanctions for violations show that it primarily targets corporations and large companies.  We could classify institutions as the Big five (but also other social networks, large Chinese companies, etc.) which we wrote about above. So it is a specific reaction to the existence of a platform society, which the EU must reflect in some way.

The first key idea is that the data belongs to the user. There is no situation in which data relating to a particular living person belongs to someone other than them. There are cases where data management is imposed by the state (e.g. basic registers, medical records), but this does not mean that a person ceases to be the owner of the data and that he should not have the right to know who handles the data, when and for what purpose. It is possible to say that many things that were dealt with by professional ethics (for example, that a doctor does not read patient cards unless he has a medical reason to do so) are now formally anchored.   

The principle of free consent follows this - no one must be forced (directly or indirectly) to consent to the processing of data. Thus, there can be no situations where failure to give consent will result, for example, in the impossibility of completing the study or something like that. Conversely, for actions that the processing of personal data must do by law or explicitly include the need to process them based on the user's wishes. For example, the e-shop must process data on name, address, payment of the order that the person wants and can not process. If it fulfills its primary function, the consent does not need to be expressly confirmed.

Consent is always enumerated - it must be clear what it explicitly refers to, so a general proclamation is not enough, but what we know from medicine as “informed consent" is necessary. That means clear and specific information that the user may or may not agree to. The emphasis is on free choice based on knowledge, not pure legalism. A practically problematic area is comprehensibility, for which it will be expected that the text will probably be intended for some “model user", which, for example, is not a lawyer for social networks, but, for example, a high school-educated person.  

Last but not least, the size of the limitations of time - one can not give consent forever, but only for a certain period. This means that the user also has the right to withdraw the consent. He should be able to view all his personal data with the service without undue obstacles and, if necessary, request their shredding. With the withdrawal of consent to processing must be followed - again without delay - data shredding. Here again, the principle applies that the data owner is the person who entrusts them to the service, not the operator of the service itself.

The extent to which the regulation will be practical and functional will only become apparent with the first decisions on possible sanctions. Still, we believe that the EU continues the narrative of reflecting society as a civil society in which individuals need to be protected and given maximum security. We have repeatedly cited van Dijck to add that the platform companies need to regulate and democratize their functioning. An appeal to users who should prefer general values ​​to contemporary convenience is also crucial. Perhaps we can agree with this statement. It is the core of a large part of ethical systems and paradigms, although the question is to what extent it will be practically feasible. 

Social networks, as the name suggests, are based mainly on the idea of ​​sharing personal data. YouTubers give a look at their everyday life, as do Instagram celebrities. However, it is said that social networks have caused a reduction in social stratification. Paradoxically, they create so-called influencers, who are people of common knowledge or typical celebrities created by a specific social network. This is a significant phenomenon that needs to be reflected in the broader perception of social networks - the belief of pragmatic philosophers or connectivity that society will democratize and flatten is not true here. However, there is a chance to become that influencer, motivating many people to move around on social networks.    

Whatever we call influencers, it would be a mistake to see them only as a product of a social network - that is, within which structure of social interactions formed them. The other side of the coin is also critical - it is significant for the functioning of social networks. They are attractive, they share content, and they have a lot of fans. Social networks, of course, try to create content-based algorithms that contribute to user inequality. However, it will be influencers with an enormous global impact or just “local celebrities" that are important for a smaller group of users. 

It is paradoxical that the phrase social network has two meanings: 1) social services that seek to integrate people (whether affected by a problem or disaster, disadvantaged or ostracized) into society and tools that do not contribute to inclusion, and 2) social media service.    

Social networks use the personal data of their users in a very diverse way, which of course, differs from what the service primarily provides. Probably the most illustrative example is GraphSearch from Facebook. Users and their data are points in the graph, and their social interactions, shared interests, and other common data are the edges of the graph. Using appropriately selected algorithms, it is then possible to effectively recommend content that will correspond well with the beliefs of the person, as well as point out that, for example, a particular restaurant might be enjoyed because like-minded friends also appreciate it. GraphSearch does not have to rely only on data about a person's friends but on the whole context given the extraordinary density and size of the entire network.   

At this point, it is possible to mention the company Cambridge Analytica, which tried to analyze Facebook users' data and obtain as much information as possible from them. There are known reports that with the help of a relatively small number of realized interactions (reading, likes, sharing), it is possible to estimate with reasonable accuracy the political beliefs of a given person, his sexual orientation, or religion. The key to various analyzes is also what the person's friends or friends of friends are like. Facebook provided relatively easy access to this and similar data via the API, allowing companies to create effective adverts that could reach a specific segment of users.

To a certain extent, this was a fundamental manifestation of a platform company - the social network preferred its business model to the privacy of its users, who were only later surprised by what data someone else could find out about them and use. The question is whether, with such technologies, we do not see an inevitable demise of one of the pillars of democracy, that is, the assumption that people can make free and informed decisions. For such economically significant topics as elections, this assumption is increasingly undermined in the context of social networks.