In the digital era, data is considered a very valuable asset. In fact, its value is what makes data a new form of currency, much like US dollars or bitcoin. As we interact with technology in our daily lives, we encounter many situations that involve our personal data. In just a few clicks, we can buy something from Lazada, and it is delivered right at our door without us having to leave the house. On rainy days when a taxi is difficult to find, we can download a ride-hailing application on our phones and request for a car service to immediately show up and transport us. Technology really brings convenience into our lives, doesn’t it? However, we should not forget that before we can use all these services, we are required first to give our personal information such as our name, address, email address, phone number, or credit card number. We might want to ask ourselves: what exactly are we giving up for the convenience of technology?
Technology has become part of our lives so much so that we are getting used to giving out our personal data without caring so much about what happens to it. The majority of us also unaware of how our personal data can be misused or even exploited, and we do not raise questions about it that much either. However, this does not change the fact that there are many different players out there who are trying to misuse or steal our personal data and put our privacy at risk. It is not hard at all for any of us to become a victim of a criminal activity or treated like a guinea pig under a surveillance program. Let’s take a look at what each player can do.
Hackers – Take our personal information and sell it in the dark web
The dark web is the Internet’s black market. It is a set of encrypted networks that is intentionally hidden from normal web browsing and requires a special software to access. Hackers usually sell stolen personal information as a bundle alongside a thousand other individuals’ personal information. Name, birthday, home address, phone number, email address, ID number, and credit card number can all be sold in the Internet’s black market. The price of personal information sold on the dark web is various depends on what kind of information. What happens to the data after it is sold is beyond measurement, as it depends on who buys it.
Data Brokers – We know everything about you including things you don’t want us to know
Data brokers are entities that collect a wide range of personal information from various places, including publicly available information, online sources, and the internet trading marketplace. They collect, analyze, and sell personal data without consent. A digital profile of an individual is created based on the information collected and used or sold for various purposes. The information can be sensitive, which affects our privacy greatly, as it can end up somewhere we do not want it to, like in the hands of prospective employers. Undisclosed sexual orientation or medical records that contain a history of sexual orientation are examples of the types of sensitive information that people would want to keep private.
What is scary is that there have been incidents when the databases of these data brokers have been hacked into, resulting in a lot sensitive information being leaked. Identity theft can be a big deal. This happens when someone knows so much about you that they can use your identity for their own financial advantages.
The data brokering business is very complex, and it is also hard to identify which companies are data brokers. Many of them are in a form of consumer marketing data companies. In Southeast Asia, not much information about the data brokering industry is available yet. However, it does not mean these players do not exist in the region.
Big Techs – We are trying our best to monetize your data
Have you ever wondered why big techs like Facebook and Google are so rich when we don’t have to pay them any money in order to use their products? The answer is that users actually do not pay them with money, but they pay with their data without even noticing. You might think that they sell your data later to other parties. However, this is not the case. Data is too valuable to sell it to anyone. What such companies do is keep the data to themselves, while advertisers pay these companies to tell them who their target customers are. Google and Facebook will place those advertisements to these target users without the information itself changing hands. These big tech companies have gathered a huge amount of information about us, which is the reason why Google and Facebook’s revenues can make a lot of money from advertisements, amounting to 85 and 98 percent respectively of their total revenues in 2018.
How Google and Facebook gather our data raises concerns over privacy. Google actually gathers our information from across all of its products including Gmail, Android operating system, YouTube, Google Drive, Google Maps, and Google Search. The more Google products you use, the more the company has information about you. For example, it scans your Gmail email to get key words to use in other Google products, and it knows everything that you have ever purchased online using the Gmail service. Google Search also records all our search history including those we have already deleted. YouTube, acquired by Google in 2006, has the full history of all the videos we have ever watched, and Google Maps knows where we have been since the very first day we used Google.
Facebook stores every information from our every interaction on its website. This includes our posts, photos, videos, conversations, comments, and likes. We can see what data Facebook has about us here. What should raise a red flag is that Facebook also tracks us when we are offline and not using its platform, and it also collects data of those who are not even Facebook users. This is when the company crosses the line of privacy. How can a business be allowed to collect data of individuals who are not using its products or services?
State Actors – Big brother is watching you
The state has a duty to protect citizens, but that is not always the case. The personal information of citizens is often used by the state for surveillance, which is usually done under the name of national security. The practice violates the right to privacy, and raises concern over the necessity of surveillance, especially mass surveillance, especially when a political agenda is often hidden behind it. We, of course, would prefer that our government, or any government, not to spy on us and know our movements, right?
Government can collect our data from various sources including the national intelligence agency, information we provide to government agencies (e.g. biometric data), from electronic communications and devices, or through requests to technology companies. When existing laws and regulations do not conform with human rights standards, our personal data and privacy are at great risk of being exploited by state actors, especially in a country that is under a repressive regime.
While mass surveillance fueled by personal data in Southeast Asian countries has not been reported on much, it does not mean that it will not happen or that it does not already exist. Recently, it is reported that many countries in the region are interested in the use of facial recognition for the purpose of anti-terrorism. In the region where many countries are currently ruled under repressive regimes, this kind of technology can be too attractive for state actors to ignore. What if we go into a government building – and by scanning our faces without our permission — the government knows everything about who we are, what we have been doing, what are our interests, and the people whom we associate with? Would we be comfortable?
In the digital world, it is impossible to completely leave a zero digital footprint or to remove your own data entirely. We understand that there are also aspects that are simply out of our reach and control. However, the good news is that we can at least mitigate this risk, and there are actions we can do, within our own capability and through our understanding of how digital privacy works. It is not just about ensuring our human rights, but also about protecting ourselves so that we do not become a victim of criminal activity or other wrongdoings.
In Southeast Asia, existing laws, regulations and mechanisms still cannot protect personal data and privacy in the way that conforms with human rights. As such, citizens are left with few options. To go offline completely is not a practical option for most of us in this digital era, nor is it necessarily desirable, as the internet benefit our lives in many ways, such as providing us the freedom to express ourselves. Facebook and Instagram can enhance our lifestyles by letting us share our photos and stories with each other. We use WhatsApp, Line, and Facebook Messenger to directly talk to friends. We watch and discover the latest music videos of artists we like on YouTube, and we use Twitter to keep up with trends and news. E-commerce websites like Shopee and Lazada have also become part of our lives. We use applications like Grab and Go-Jek for the ease of ride hailing and food delivery. It is really impossible for the majority of us to quit. In fact, we are one of the most engaged Internet users in the world, and we actually spend many hours going online every day. Technology helps us to live our lives more conveniently, but it also threatens our rights to privacy, which is why we have to care.
While creating a strong environment for data and privacy protection is still a way off in Southeast Asia, we can take the first step as individuals by learning how to protect ourselves and better understanding our digital rights. Being mindful with your personal data and privacy does not hurt either. It might be less convenient than what we are currently used to, but given what is at stake with our digital rights, we will thank ourselves later for doing it.
This article is published under Creative Commons license CC-BY-NC-ND 4.0.