In the 2011 South Park episode “HumancentiPad,” Kyle Broflovski, one of four main characters in the show, agrees to an Apple iTunes update without reading the user agreement. This leads to his forced participation in an experiment that parodies “The Human Centipede,” a film about a mad doctor who sews three people together mouth to anus.
“I just clicked ‘Agree,’” Kyle pleaded. “I didn’t read it! I was in a hurry, you see, and I didn’t know what I was agreeing to!”
“Yeah, right,” a guard responds. “Who just agrees to something they don’t read?”
In real life, people probably don’t need to worry about forced participation in twisted experiments. However, clicking “agree” without reading through the terms and conditions that follow is a bad habit to develop because these conditions help users to understand how their data is being exploited by companies and, more importantly, how this affects individual privacy.
Privacy is a fundamental right that should never be compromised.
“Privacy is very essential,” IT administrator Raj Mahida said. “It has to be protected. Everybody has a stake in it. Sooner or later, everybody will pay the price for it because, in the long run, it’s going to be the company [that] handles the data.”
Companies that handle user data — like Facebook, Google and Microsoft — value their ability to sell access to user information, rather than selling user information directly. This can lead to conflicts of interest for companies focused on profits.
“They don’t really sell your data, do they?” Marisa Benson, associate vice president and university privacy officer, said. “They sell access to your data, and that’s a huge difference, isn’t it? [Companies have] figured out how to give you access to the behaviors and actions inside their application, and you can sell that a million times.”
Other companies that handle more sensitive data, like banks and credit reporting agencies, are no less susceptible to online attacks and breaches of privacy. Companies that handle sensitive user information keep records of their customers, and this increases the chances of data breaches and identities being stolen.
Equifax, one of three main credit-reporting agencies, had a massive data breach in 2017 that exposed the highly sensitive information of 147 million Americans, including “names and dates of birth, Social Security numbers, physical addresses and other personal information that could lead to identity theft and fraud,” according to a July 22 Federal Trade Commission news release.
“But we’re talking about the mass exploitation of data and the mass breach of data,” Mahida said. “That doesn’t fall on the user; that is something where the company is not taking enough measures.”
The collection and use of user data is explicitly stated and available to read in the terms and conditions sections of online platforms, if someone knows where to look.
For example, on the terms of service page within the Chase banking website, in paragraph two it states the user “consent[s] to the transmission, transfer or processing of [provided user] information to, or through, any country in the world, as we deem necessary or appropriate, and by using and providing information through this website you agree to such transfers.”
Chase adds that the “use of this website, including any patterns or characteristics concerning your interaction with it, may be monitored, tracked and recorded.”
This collection of user information and the language used to “disclose” it, raises questions about the right to individual privacy. However, companies selling access to user information are operating within a capitalist-driven market, and privacy laws also operate within this market as well.
“In the U.S., not surprisingly, our privacy laws are very market-driven,” Benson said. “What [companies] are doing is trying not to lose their market [share]. We’re so market-driven in so many different ways, and our privacy is exactly that way: ‘If you don’t like us, then leave.’”
The market allows users to pick and choose who they share their data with, but users may not be truly consenting to all the ways companies will use that information. As Kyle Broflovski experienced in South Park, there might be things hidden within user agreements that users haven’t realized they’ve consented to.
“If you are given notice to something and you consent to it, then there you are,” Benson said. “Well, what is consent? Did you consent knowingly? Was this informed consent? Would you have consented if you knew all the ramifications?”
U.S. companies handle vast amounts of user data every day. For instance, Instagram users totalled one billion as of 2018, according to a Sept. 2 Statista poll. Additionally, two-thirds of Americans use online banking features, according to a September 2017 American Bankers Association article.
The massive collection of user information is valuable to companies because the users themselves are thought of as commodities to profit from.
“When the product is free, you are the product,” Benson said. “That’s everything you’re on in terms of social media. Don’t think for one second that it’s not your behavior and your actions and perhaps even your data that are of value. Of course it is.”
People can do certain things to mitigate privacy concerns by understanding what information they hand out and what user agreements they accept.
“Only when I became a lawyer did I read my first apartment lease,” Benson said. “And I was shocked at the stuff I’ve been signing all these years. Now I am careful about what I do. I’m careful about people asking me who I am. But I read leases, I read contracts and I look at privacy policies.”
In the end, data privacy will be a driving force for the country as users continue to freely give their personal information to companies, and companies continue to collect user information.
“That’s the problem: convenience versus privacy,” Benson said. “Everything is a balancing act. It requires individual effort to decide. The point is it’s all out there. Just pay attention.”