Following reports that research firm Cambridge Analytica improperly gained access to the personal data of as many as 87 million Facebook users in the USA, Facebook CEO, Mark Zuckerberg, reassured Facebook users of the firm’s readiness to bolster privacy measures with new data access restrictions.
Quite obviously, the purpose is to ensure that privacy of personal data isn’t compromised.
These measures would perhaps limit the personal data that apps can collect about end users—including their religion and political views—and place heavy approval requirements that third party apps need to fulfill in order to collect data.
Ordinarily, apps allow access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.
Globalisation and borderless electronic communication has brought huge benefits to individuals. At the same time, the increased exploitation of personal data by the private sector via the Internet has caused widespread international concern.
One of the causes of unauthorized access to users’ personal data, in the case of Facebook, is that Facebook’s European regulator, the Irish data protection commissioner, is losing both control over its supervision of American companies and the respect of its regulatory colleagues.
An interesting question is: are relevant institutions up to the challenge of protecting users from information-age problems?
Relevant authorities like police must keep alert and be ready to act to prevent any improper access to data privacy through the internet intermediaries.
While Facebook isn’t able to address privacy issues, relevant authorities along with the internet intermediaries must put in place reliable measures to bolster the security of broader information environment.
According to ICT law [Law N°24/2016 of 18/06/2016 Governing Information and Communication Technologies], especially in Article 124, says that every subscriber or user’s voice or data communications carried by means of an electronic communications network or services, must remain confidential to that subscriber and or user for whom the voice or data is intended.
The provision recognises protection of personal data and privacy. This is, however, unachievable without an active role of electronic communications service providers which have the capability to allow access to information in their wires as well as the right to ask for reasons behind any request for the information.
The electronic communications service providers are under obligation to ensure the safety and security of personal data. They ought to prevent any misuse of computers, electronic signature and technologies in the electronic information society.
Even if there’s risk of turning to more heavy-handed regulatory tools provided that cyber sovereignty is secure and safe to the internet users. Personal data is particularly sensitive, such as location data.
It requires to impose a broad, ‘affirmative prior consent’ restriction on transferring user data to third parties. Transferring personal data must comport with the consent standard to third party.
Indeed, the internet intermediaries must take a leading role in collaborating with relevant authorities to ensure that no loophole to the security of personal information. However, default settings can easily allow such transfer to apps, and so the plain wording of loophole seems to eat up the affirmative consent requirement.
Another mechanism for enforcement comes from the Internet intermediaries’ pledge to create a comprehensive privacy programmes and mitigate risks. Here, it can be argued that the Internet Intermediaries’ failure to audit vulnerabilities would be an unreasonable oversight.
But it is a common practice to entrust other commercial parties with confidential information, subject to contractual promises that data will not be compromised. If one of these mechanisms doesn’t work, imposing administrative sanctions would be quite reasonable.
The Internet intermediaries are duty-bound to bolster integrity of personal data. In a contemporary world, data protection is indispensable. Free flow of personal data can create many benefits not in the interest of data subject but perhaps in the advantage of others.
Data protection law subjects the processing of personal data to defined legal rules, in order to protect the rights of individuals and the interests of society. For example, some data covered by data protection law may not by themselves be particularly "private”, but when combined may serve to identify an individual, with a resultant impact on his or her privacy, family life, freedom of expression, and other important interests.
Work is needed to anchor data protection more firmly in regulatory frameworks. The globalization of society and the pervasiveness of electronic communications make it imperative that data protection rights be applicable and enforceable at an international level.
States, however, bear primary responsibility to work on dual tracks by both beginning discussions on an international legal framework for data protection, while at the same time finding ways for existing frameworks to co-exist and interact.
Data protection is now getting more and more important! Our society has awakened to the reality that personal data can be compromised if vulnerabilities aren’t constantly checked.
The canonical goals of security in an information environment result from the notion of threat. Information security is bolster in three goals: Confidentiality, Integrity, and Availability sometimes called the "CIA triad”.
The writer is a law expert.
The views expressed in this article are of the author.