When is it okay to breach privacy and when is it not - an interesting question which has been on my mind lately. In the electronic world today a lot can be inferred from your steps online. Let us first look at some categories of applications and what can be inferred from them:
Gaming applications: Typically every morning I play the game of Wordle. I have been musing about what information can be gleaned from all those who play Wordle on the server side. The ones that immediately come to mind are:
- IP address of the device that I play on
- Location via IP to location databases
- Who I may share my scores with when clicking on the share button i.e. my connections
- The fact that I must enjoy a game of words
- My playing trend could tell a lot about how much I know english i.e. am I just trying random words or playing skill fully
- Has it been a good morning for me could be probably inferred from how many moves I took to figure out the word whilst comparing to my past average.
- Am I an impatient player i.e. do I continuously refresh to check for a new wordle ?
So much information from just a simple game of Wordle. Wordle itself is a very simple interface, much more could be gleaned as applications become more complex.
Educational learning online environments: Let us take another example - for instance educational applications. During the pandemic most children have been using some form of online learning. From such applications you can infer
- Location via IP address
- Is the child browsing during the lectures i.e. attention span is split - this is probably a difficult one to infer but maybe there are ways such as checking if their camera is off, are they engaged in the lecture etc or maybe ways via tech such is there simultaneous activity on other sites from the same ip address during the class time.
- The children's home environment - Is it a noisy environment indicating a large family or a small one.
- Their wardrobe - this is apparent if they are not wearing uniforms during lectures.
Medical applications: Take for example applications which are used for ordering medicines / setting up a medical checkup. These applications would typically store information such
- What is the ordering trend for a particular customer i.e. what medicines does he/she rely on ? This can tell a lot about the medical problems a customer may have.
- How often does he/she consume these medicines ?
- How many customers are these medicines being ordered for ?
- The doctor the customer goes to - based on the prescriptions uploaded.
Transport applications: These include applications such as Uber which are used to book taxis. These typically provide trends such as
- Places you visit often
- Whom do you travel with ?
- Which class of cars you typically book
- Who do you book Ubers for ?
- Whom do you share your location with ?
As such a lot can be told about you , your preferences, your travel history, medical history etc from your online digital footprint which sits about in a backend database on a server probably in the cloud. Now most of this data typically should be stored in accordance with compliance laws e.g. HIPPA compliance in the case of medical data. But we often hear news about privacy breaches which could have resulted from a breach in security of the backend infrastructure. One must question as such when is such a privacy breach okay and when it is not.
- Let us take the scenario of a medical emergency - a patients medical record may be stored in a secure record which can be accessed only on consent from the respective authorities. In the case these authorities are not present what should be done ? Should breach of patient privacy in order to ensure appropriate treatment be allowed or not ?
- It is quite possible that as children enter the adolescence stage they may be attracted towards browsing websites which may not be suitable for their age. Should a parent breach privacy of a child (in the process of loosing some trust the child has in the parent) in order to prevent the child from getting into any cyber trouble ?
- The corporate world may have ways to incentivise employees in a company to give out information in order to get gains in a business deal - this is probably stepping into the dark side of this domain and may go against business ethics in my view.
- Matchmaking in probably another such world where privacy breaches could occur - for instance folks may want to know complete medical history of an individual before continuing with a match. In such cases my take is for both parties involved to be transparent with each other before entering into any such marriage.
Many such questions exist which can be delved deeper into but I will pause here and leave you with a question to think about.
Food for thought: What are ways that consent for privacy breach can be provided in case the individual concerned is unavailable at the given point in time ?
Striving to be a humanist-technologist, with "Technology in Harmony with Human Needs” being the core of what I attempt to do. Take a look at my thoughts in my first published book "Anecdotally Yours".
2 年Brilliant article !! How easily we give away information in daily activities we conduct . Should we be cautious or this is the way privacy would be breached inadvertently. Thanks Sujata, for bringing Privacy in a realms which we understand and conduct ourselved daily .
Member, Governing Board ,Mahindra United World College of India
2 年Dr Sujata Very lucid and thought provoking Keep writing!
Vice President, Infrastructure @MakeMyTrip Devops | Site Reliability | Observability | Cloud |Cyber Security | Risk & Compliance | DevSecOps IT Budget | Procurement | Cost Optimization Management | Leadership | Speaker
2 年The article and the question is super relevant in current landscape of E-Commerce where almost everything is digital and has apps. Also I feel all these things are the base for features like personalization of user experience, cross selling etc. However agreed that it's not at all controlled today, that when this data starts getting abused and basically converts into privacy breach. Big M&A are happening just bcoz to get user database and their atrributes to take advantage. Another risk.
Founder & CEO - Cy5.io | Advisor | Ex-CISO @MakeMyTrip/goibibo
2 年Wow, a very interesting side to privacy “breach”. Thanks for the write-up Dr. Sujata G.