The Fuzzy Line Between Necessary Information and Invasion of Privacy

Government surveillance is a longstanding topic of conspiracy theorists, but there’s something arguably much more widespread that’s concerning: the way companies collect information about customers and often don’t allow them to opt out and continue using the service, putting users’ privacy at risk.

Data Sharing Practices Aren’t Always Visible and Clearly Stated

Many people understandably want to know how a company might share the provided data or whether it’s possible to disallow that possibility.

However, it’s not always easy to find or understand privacy policies. Plus, many of them are vague and state that data sharing with third parties could happen, but the context in which it might isn’t disclosed.

When people are pressed for time or just eager to finish filling out a form, they probably won’t take the time to read privacy policies and thoroughly understand what they mean.

Some Requested Information Doesn’t Seem Off-Base

Individuals also may assume companies have their best interests in mind, but that’s not necessarily the case. In one recent instance, HealthEngine, a medical appointment booking company, shared information with a third-party law firm. Part of the booking form asks people about their medical histories, including whether they’ve been in traffic accidents or gotten hurt at work. Law firms would be very interested in such details.

A statement on the website says HealthEngine will share details of its customers with third-party companies without express permission “except as required or permitted by law, or in those circumstances described in our privacy policy.” Ideally, a company could be more transparent about the explicit use of the information instead of forcing people to find privacy policies and read them if they want to learn more.

The problem with the traffic accident and workplace injury questions is that users would assume their answers constitute need-to-know information for the HealthEngine site.

After all, people are accustomed to providing numerous details before seeing doctors, and it makes sense that HealthEngine would ask about past injuries to share with medical providers—but not law firms.

Data Sharing for Marketing Momentum

A Pew Research Center study found that 33 percent of adults polled said they were not at all confident that the companies they do business with would keep their records private and secure. The percentage of people expressing such doubts was even higher for information given to search engine providers and social media sites.

It’s tricky because many customers might consider some third-party information requests invasions of privacy, but the companies asking for them might argue that the details they want are necessary for marketing to customers effectively. The common line of thought is that the more a company knows about a person, the easier it is to deliver relevant ads to them. But there are concerns that companies ask for too much.

Facebook reportedly approached banking brands to ask them for customer details, including transaction information about account balances and where people bought things. They wanted it to help facilitate banking communications via Messenger.

Some banks declined to give comments about the matter, but a JPMorgan Chase representative said the company doesn’t share off-platform transaction data with companies such as Facebook. Considering Facebook was recently involved in a huge data-sharing scandal, the company doesn’t seem averse to boldly asking for information.

Privacy and National Security Concerns

The Fourth Amendment protects Americans against unreasonable searches and seizures, and courts will not issue search warrants without probable cause. However, there are some exceptions.

For example, if a law enforcement officer believes life is at risk or evidence will be destroyed before a warrant could be issued, those are considered exigent circumstances and warrantless searches are allowed. Such searches can also be performed in vehicles without warrants if there is a probable cause of a crime occurring or that one has happened.

The 1979 Supreme Court ruling Smith v. Maryland interfered with the privacy of telephone records, too. Officials could read records to monitor numbers for incoming or outgoing calls as well as the duration of the communications. They didn’t need warrants to do so unless they also wanted to listen to what was said.

In 2018, the Supreme Court gave an updated ruling based in part on the Smith v. Maryland decision, indicating that police must get warrants if the phone records they look at include location data about a person.

There have been cases where the U.S. government used court orders to gain access to texts and emails—often invading the privacy of innocent Americans in the process.

When experts about national security and privacy weighed in with their thoughts during a 2017 National Constitution Center event, some asserted that companies that have data which could help keep people or a country more secure have a responsibility to help, however possible.

On the other side of the argument was the belief that if companies let law enforcement officials have access to data, privacy becomes weaker for everyone.

Analysts also have noted that reduced privacy due to access granted to law enforcement officials and others could have a chilling effect on people who think or do things that don’t align with the status quo. Some might become less outspoken about their views if they think they might attract unnecessary attention from the police or other entities.

Most Apps Collect Data

Research indicates that 7 out of 10 apps collect location data to share with third parties. Sometimes that’s necessary, such as when using a maps application. However, AT&T, Verizon and Sprint announced that they would no longer share location data with third parties because of incidents that made it clear the information wasn’t sufficiently protected.

Information Disclosure Is Necessary in the Modern World

Most people ask themselves, “Why do they need to know this?” when providing information to companies.

Often, the line between truly necessary information and what’s merely desired is blurry.

It’s not realistic to stop providing information, but members of the public must take responsibility by locating and carefully reading privacy statements to determine what they entail.

Featured eBook
451 Research: Securing Open Source

451 Research: Securing Open Source

In this report, we look at how the boom in OSS adoption has also led to an increase in awareness of open source risks, from licensing issues to security – and the measures required to protect organizations against those risks. We examine two incidents in particular – the Heartbleed vulnerability and the 2017 Equifax data ... Read More
WhiteSource
Kayla Matthews

Kayla Matthews

Kayla Matthews writes about cybersecurity, data privacy and technology for Digital Trends, Cloud Tweaks, TechnoBuffalo and The Daily Dot. To read more of Kayla’s articles, visit her blog Productivity Bytes.

kayla-matthews has 11 posts and counting.See all posts by kayla-matthews