This is a notable entry from the Justis International Law & Technology Writing Competition 2020 in the category of Social media, data and privacy, by Kirsee Ali of Hugh Wooding Law School. Find out more about the competition, the shortlist and winning articles here.
My friends and I were hanging out and discussing Barbie dolls and when all three of them went home that afternoon, they noticed related advertisements popped up on their phones. Another friend of mine was at the bank when a stranger her hit her elbow by mistake. Later that day, Facebook recommended him as a friend even though they had no mutual connections.
‘Reading the fine print’ has become so obsolete that many of us are in such a hurry to open a new app or webpage that we just ‘allow’ our phones and computers to access anything. This includes our microphone, location and contacts without realising it. Some applications are even tracking what you look at on TV and they may not be a television app! According to an article by the New York Times:
Using a smartphone’s microphone, Alphonso’s software can detail what people watch by identifying audio signals in TV ads and shows, sometimes even matching that information with the places people visit and the movies they see….
Will the behaviour of social media companies change in the future? Can legislation do anything to control the freedom they have when it comes to data access? After the Cambridge Analytica Scandal where Facebook was charged for allowing access to persons’ profiles for political advertisement targeting, it seems that companies still aren’t worried. After all, a charge of $643,000.00 might have been a negligible fine to pay for a billion-dollar business.
Looking at the right to privacy in many countries, one may ask where do these companies draw the line? The Constitution of the Republic of Trinidad and Tobago enshrines what it calls ‘The Recognition and Protection of Fundamental Human Rights and Freedoms’ in Chapter I Part I entitled Rights Enshrined. Section 4 states:
It is hereby recognised and declared that in Trinidad and Tobago there has existed and shall continue to exist, without discrimination by reason of race, origin, colour, religion or sex, the following fundamental human rights and freedoms, namely:
(c) the right of the individual to respect for his private and family life;
But can it be argued that privacy is being invaded? According to a journalist who reported on the Scandal, privacy and social media may not be possible whether you, the company or even your friends are the perpetrators:
…Social media privacy is not necessarily an individual choice. Friends are sharing personal information about you, even if you are doing everything possible to protect your social media privacy (even to the extent of deleting your Facebook account or restricting access to personal data in other ways)
Legislators are beginning to sit up and listen. The General Data Protection Regulation of the European Union addressed this issue of data-mining. In particular, Chapter 2 Articles 5-11 deals with lawfulness, consent and accountability:
Article 6: Lawfulness of Processing:
Processing shall be lawful only if and to the extent that at least one of the following applies:
Regions around the world are seeking to follow in Europe’s footsteps when it comes to protecting the privacy of citizens. During a Caribbean Internet Governance Forum, a former Microsoft boss, George Gobin, of West Indian descent, suggested it was time for privacy issues to be considered by local lawmakers. The US has used several laws to encompass data protection. In their book on data protection in the US, Chabinsky and Pittman state:
There is no single principal data protection legislation in the United States. Rather, a jumble of hundreds of laws enacted on both the federal and state levels serve to protect the personal data of US residents.
Furthermore, the European legislation has caused a landslide effect as Asia and the Pacific move towards the same laws. One author claims:
In the wake of Europe’s GDPR implementation, Asia-Pacific governments are likely to become tougher on data protection compliance.
The data protection landscape in the Asia-Pacific region is rapidly maturing compared to just a few years ago, with implementation and enforcement of privacy and data security laws becoming more rigorous and stringent.
The final nail in the coffin came when Google found themselves named in a class action lawsuit over the collection of data. Although they claimed that the case had no merit, the claimants insist that this was done without the knowledge or consent of persons involved and said the judgement was a very clear message to Google and other large tech companies.
One can see why legislators are prompted to bring data mining to the forefront and get an inside look at its use. It is also being restricted as citizens become more concerned about their invasion of privacy. New laws being discussed and passed can prompt companies to make huge changes in their activities and limit the freedoms they have when it comes to collection of non-consented data access.
Kirsee is in her second and final year at law school after having studied and graduated with honours with an LLB from the University of London. She has worked as an intern at the Solicitor General’s Department with the Ministry of the Attorney General and Legal Affairs in her country as part of her mandated in-service training. She previously studied Mechanical Engineering and hopes to work as a State Advocate in the near future. Her particular interests are Contract and Labour laws.
 Alix Langone, ‘Here’s How Facebook or Any Other App Could Use Your Phone’s Microphone to Gather Data’ (Money.com, 30th March 2018) <http://money.com/money/5219041/how-to-turn-off-phone-microphone-facebook-spying/>
 Sapna Maheshwari, ‘That Game on Your Phone May Be Tracking What You’re Watching on TV’ (NYTimes.com, 28th December 2017) <https://www.nytimes.com/2017/12/28/business/media/alphonso-app-tracking.html?_r=1>
 Paolo Zialcita, ‘Facebook Pays $643,000 Fine For Role In Cambridge Analytica Scandal’ (npr.org, 30th October 2019) https://www.npr.org/2019/10/30/774749376/facebook-pays-643-000-fine-for-role-in-cambridge-analytica-scandal
 The Constitution of the Republic of Trinidad and Tobago 1976 , Chapter I Part I s 4(c)
 Nicole Lindsey, ‘New Research Study Shows That Social Media Privacy Might Not Be Possible’ (CPOmagazine.com, 03rd February 2019) <https://www.cpomagazine.com/data-privacy/new-research-study-shows-that-social-media-privacy-might-not-be-possible/>
 General Data Protection Regulation (EU) 2016/379 OJ L 119, 04.05.2016, art. 6
 Mark Lyndersay, ‘Overdue: Regulations for regional data protection’ (newsday.co.tt, 31st January 2019) <https://newsday.co.tt/2019/01/31/overdue-regulations-for-regional-data-protection/>
 Steven Chabinsky, F. Paul Pittman, USA: Data Protection 2019 (Wordplay 2019, 1st ed.) Chapter 1.1
 Alvin Rodrigues, ‘The Data Protection Landscape in APAC’ (fortinet.com, 30th May 2018) <https://www.fortinet.com/blog/industry-trends/the-data-protection-landscape-in-apac-.html>
 Paul Sandle, ‘A London court has given the go-ahead to a class action lawsuit against Google over iPhone data collection issues’ (Business Insider, 03rd October 2019) <https://www.businessinsider.com/london-court-appeal-approves-class-action-google-iphone-data-collection-2019-10>