Introduction
Technology influences the privacy of internet users in two main ways: it changes the accessibility of information and modifies the privacy norms. For many years, the issue of information privacy has been debated, with technology companies being accused of violating their customers’ privacy. Consumers have become increasingly concerned with the obscure ways that companies use to collect, track, and disclose their personal information to third parties. Moreover, the privacy policies of technology companies are usually long and difficult to understand. The recent privacy lawsuit against Facebook is an example of how big technology companies violate the confidentiality of their customers, oblivious of the laws that require them to request for their consent. There is need for more stringent privacy laws that oversee the collection, processing, storage and usage of people’s personal information.
Facebook Privacy Lawsuit Case
Facebook has been implicated in several cases of privacy violations, some of which have involved hefty payouts. In January 2020, the technology company agreed to pay $550 million for the plaintiffs’ legal fees and to more than 1.6 million users as compensation for violating their privacy (Singer and Isaac). The class-action lawsuit centered on the unethical use of the company’s facial recognition technology in the state of Illinois. The litigation raised concerns among privacy groups regarding Facebook’s data-mining practices. The company has a photo-labeling service referred to as Tag Suggestions that uses face-matching software to provide users with suggestions regarding the names of people in their photos (Singer and Isaac). According to the suit, Facebook violated a biometric privacy law that applies within the Illinois jurisdiction. Users’ facial data for Tag Suggestions was obtained from the photographs of millions of users without their consent (Difelciantonio). Moreover, they were not informed about the hold period for the harvested data.
Privacy Law
Privacy law refers to any legislation that governs the regulation, collection, storage, and usage of personal identifiable information, financial information, and healthcare information. This data can be collected by a government agency or a private organization, hence the need for regulation. Privacy laws are considered within the compliance with an individual’s right to confidentiality. Internationally, the Universal Declaration of Human Rights provides each individual with the right to privacy (Burdon 143). The United States’ has not yet enacted a principal federal-level confidentiality law. However, there are several consumer-oriented legislation that vary from state to state. The US Privacy Act of 1974, the Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA) are examples of laws that address people’s confidentiality (Burdon 148). However, they are not comprehensive, hence the rising cases of privacy violation by big technology companies.
Illinois Biometric Privacy Law
In 2008, the Illinois legislature enacted into law the Biometric Information and Privacy Act (BIPA) in order to address the unauthorized collection and processing of biometric data of citizens. This includes fingerprints, retinal scan data, voiceprints, and facial identifiers among others (Burdon 146). This type of data gives the collecting entity a permanent marker that could identify the affected individual. According to the legislation, any person or organization that wishes to collect an individual’s biometric information should obtain their permission before proceeding (Singer and Isaac). The law also provides for a right of action against an entity that violates the statute. Facebook violated the aforementioned law by collecting and storing its users’ biometric data without their approval. This move amounted to a serious violation of the privacy of users, and cost the company millions of dollars in penalties.
Relevance to Privacy Law
Personal information is the foundation for the majority of privacy laws, and is defined differently based on the applicable statute. A confidentiality breach comprises of any action that involves the access, collection, disclosure, or dissemination of such information in contravention of specific privacy legislation (Burdon 144). A breach could occur in two ways, namely intentionally or unintentionally (Difelciantonio). Regardless of the means, the damage caused is serious. Intentional breaches can occur in three ways: theft, manipulation of technologies used to store and protect information, or through hacking (Burdon 146). These activities are illegal, and comprise serious crimes that have not been properly captured in applicable laws. Whether a breach is intentional or unintentional, the organization is responsible, according to the statutes of the applicable legislation. All organizations that handle personal information need to understand their obligations under privacy laws. In addition, they should evaluate their policies in order to ensure that breaches are avoided.
Recent research studies have revealed a worrying trend regarding the treatment of personal information by technology companies. Many firms collect, store, and share the personal information of their customers with third party organizations without their consent. This can be attributed to the lack of a comprehensive federal-level privacy law to hold these firms accountable (Auxier et al.). Consumer awareness regarding their digital privacy is increasing, even though the majority feels helpless about protecting themselves online. The Facebook lawsuit is relevant to privacy law because it points to a widening gap in existing regulations to protect people’s need for discretion (Difelciantonio). As a result, there is a growing demand for stricter industry regulation, owing to the privacy gap that many online users are experiencing. A study conducted by Ponemon Institute and sponsored by ID Experts exposed these gaps that reveal the increasing risk of using any online service. The study revealed that 74% of consumers feel helpless because there is little they can do to control, the usage of their personal information (Bernard). A small portion (40%) believes that the technology industry can regulate itself and provide better privacy. The risk of confidentiality violation is high because 81% of consumers do not limit the amount of personal information they share online (Bernard). As part of the settlement, Facebook agreed to make changes with regard to its data-collection procedures. For instance, the facial recognition feature will only be turned on if a user decides to opt in, otherwise its default setting is off.
The Facebook case also reveals the extent to which companies violate the privacy of consumers by violating privacy laws. The unauthorized collection of biometric information by Facebook reveals the widening gap between users’ expectations of secrecy and the reality of how their data is collected, stored, and used without their approval. The major challenge is how users of online platforms and social media services can reclaim their digital privacy that is waning by the day (Auxier et al.). In contemporary society, the lives of many people are moving online. Therefore, there is a need for more stringent legislation to protect the digital privacy of users (Bernard). The settlement has been described as one of the largest for a confidentiality violation. It is a monumental victory for consumer privacy that is likely to serve as a deterrent against the use of invasive practices to collect and use customers’ personal information.
The Facebook confidentiality breach is an indication of the manipulative ways that companies use to collect and use consumers’ data secretly in contravention of privacy laws. These firms have several incentives that are aimed at concealing their intentions and practices. Unsuspecting users fall into the trap and give information that they might have not under normal circumstances. For example, Facebook did not give its users the choice to opt in into the new services. It was integrated into its routine updates, even though the feature can be turned on or off. The complexity of Facebook’s privacy policy renders it hard for users to opt out of intrusive practices. Consumers are not informed about the various ways in which their information is used by the organization (Bernard). The existence of privacy laws does not deter technology companies from engaging in intrusive practices as observed from the Facebook lawsuit. It is important for privacy laws to outline the types of information that companies can collect from consumers (Burdon 153). Moreover, they should provide strict disclosure and usage guidelines, and require the firms to inform their customers about the potential drawbacks of providing certain personal data.
Conclusion
Cases of the invasion of citizens’ right to privacy by big technology companies have been on the rise. Facebook agreed to a hefty penalty as settlement for violating the confidentiality of users in Illinois. The company collected, stored, and used biometric information of its users without their approval. This move violated the Biometric Information and Privacy Act (BIPA) that oversees the collection and processing of biometric data, including fingerprints, retinal scan data, voiceprints, and facial identifiers among others. The lawsuit provides evidence of the serious violations of privacy that technology companies engage in. Moreover, it points to deficiencies in existing laws to deter firms from collecting and using personal information without the owners’’ consent. There is a need for more stringent laws to govern the collection, processing, storage, and dissemination of personal information by technology organizations. These firms should be deterred from invading people’s privacy.
Works Cited
Auxier, Brooke, at al. “Americans and Privacy: Concerned, Confused, and Feeling lack of Control over their Personal Information.” Dice, 2019.
Bernard, Allen. “Most Consumers Do Not Trust Big Tech with their privacy.” TechRepublic, 2020.
Burdon, Mark. Digital Data Collection and Information Privacy Law. Cambridge University Press, 2020.
Difelciantonio, Chase. “Facebook Privacy Violation Lawsuit Reaches $650M Settlement.” Government Technology, 2021.
Singer, Natasha, and Mike Isaac. “Facebook to Pay $550 million to Settle Facial Recognition Suit.” The New York Times, 2020.