Protection of personal data: why is there a hunt for personal information?


Do we always know to whom and for what purpose we transfer personal data, why this information becomes a “sweet piece” in society and how to protect our privacy? Let’s understand these issues together with Anastasia Shkuro, specialist in in-bound marketing at Techwarn.

Congratulations! We are “Reputation Moscow”, an agency that removes negative reviews, videos and slander from the Internet. We help businesses and individuals whose reputation, sales and lifestyle have been affected by unwanted information.

According to the BBC, the Federal Constitutional Court of Germany reviewed the law “On personal data”. If before, the police, investigating crimes, had access to names, dates of birth and even IP addresses, now the government has confirmed that the personal space of German residents needs protection.

What is personal data?

Personal data is any information that can be used to identify a person:

  • Full name, date of birth, address;
  • contact phone number, passport data, identification code;
  • work place;
  • information about relatives;
  • mother’s maiden name;
  • medical history;
  • online identification – IP address;
  • information about activity in social networks, etc.

With the advent of the Internet era, personal data became of interest to cyber fraudsters. For example, most people use their year of birth or their mother’s maiden name as their account password. So, after learning about this information, hackers easily gain access to electronic mailboxes, then enter online banking and withdraw money from accounts. Therefore, the protection of personal data on the Internet is now one of the most important topics of cyber security.

The situation in this area is really critical. To make sure of this, take a look at the statistics.

– A study by the Pew Research Center shows that 79% of American respondents know that large companies collect personal data on the Internet, use it to compile a portrait of the consumer and send targeted advertising. At the same time, the interviewees are very concerned that they are not able to control how personal data is processed on the Internet.

– The Cisco Consumer Privacy Survey report states that 45% of respondents accuse the government of using personal data for its own purposes.

– The UN expresses dissatisfaction with the fact that 18% of developed countries do not have legislation that could regulate the protection of personal data.

The community is now in Telegram

Subscribe and stay up to date with the latest IT news

Sign up

Personal data protection requirements: why are they ignored?

Collecting personal data on the Internet is beneficial to several parties:

  • the state records information that will help to solve crimes in the future;
  • companies buy the personal data we voluntarily share with mobile apps and offer us targeted advertising;
  • hackers arrange DDoS (system denial) attacks to disable computers;
  • cyber fraudsters “pull off” financial scams by gaining access to e-mail or other accounts.

To demonstrate the state’s interest in collecting personal data, let’s give an example that happened recently in Australia. In connection with the outbreak of COVID-19, the government obliged all residents to download the COVIDSafe program on their smartphones, which monitored a person’s condition. When the temperature and other indicators increased, the program, which works via Bluetooth, transmitted the IP address to the police and the hospital. The potential patient had to take the test and, in case of a positive result, report to the hospital. In addition, the program recorded the IP addresses of all people with whom the patient was in contact within 15 minutes, and they also fell into the risk group. Despite the fact that the launch of such an application was a forced measure, many Australians resented the invasion of their personal space, the Guardian reported. The Australian government’s official website says that using COVIDSafe is voluntary.

Another example of how digital personal data can “declassify” any person is related to the use of drones. The Intelligencer states that China has officially launched drones that fly over cities and record the IP addresses of those people who neglect the need to wear masks. According to Reuters, this experience was repeated in California, and in this case it was additionally monitored whether people kept their distance.

Of course, such interference in personal space is justified, but at the same time, not everyone wants any action to be tracked. In order not to reveal your IP address to anyone, you can “change” it by using a VPN, and then it is impossible to determine the identity of a particular person.

When it comes to targeted advertising, we ourselves are partly to blame for the leaks of personal data. When we download applications to our smartphone, we are asked to check the box “I agree to the transfer of personal data to third parties”. Next, the program asks for access to contacts, photos, videos, geolocation. Suppose, in the case of an Uber taxi, access to the location will still have to be given, but it is hardly worth opening your contacts to this application. And, for example, the photo editor will have to open access to multimedia, but it is better to ignore requests for geolocation monitoring.

Not sure if it’s that important? Four years ago, The American Press published an investigation in which it was reported that Google was conducting unauthorized surveillance of users’ movements. As a result, Google was awaiting legal proceedings. And Quartz found that Android users are under close scrutiny – the platform tracks the locations we visit, even if geolocation services are turned off.

By the way, if you want to check who you share personal data with, open Settings, select Security and Privacy – and then decide which applications should open access to the location and which should not.

But let’s return to the transfer of personal data to third parties. If the information “leaks” to the marketers of different companies, it becomes easier to form an offer based on the collected information. This becomes a problem if hackers break into the company’s database – then all personal data falls into the hands of fraudsters. And we don’t even know about it! You can check whether your mail has been hacked as a result of the information leak on the HaveIBeenPwned website.

Legislation in the field of personal data protection

There are many holes in the legislative side of the issue. So, only in 2016, the General Data Protection Regulation (GDRP) was adopted at the level of the European Union, according to which every person has two fundamental rights in this area:

  • to find out from company representatives which personal data of a specific person are being used;
  • decide whether the use of this data can be consented to.

Accordingly, by 2016, a number of laws were adopted that covered only some legal aspects:

  • In 1981, the European Convention on the Protection of Individuals with Automated Processing of Personal Data was adopted – from that moment on, access to personal information became possible only by court decision;
  • The Electronic Communications Privacy Act dates back to 1986, which required banks to request permission to use personal data;
  • The Graham-Leach-Bliley Act (1999) makes it a criminal offense to use personal data to discriminate against a person;
  • The Children’s Online Privacy Protection Act (2000) prohibits the collection of personal information about children without the permission of a parent or guardian.

At the same time, it is possible to refer to the GDRP law only if the case of information leakage takes on an international scale. In domestic cases (financial fraud or theft of a profile in social networks), it is recommended to contact the local administrative court or any other special authority. It turns out that the law on the protection of personal data at the local level looks rather vague and leaves many opportunities for cybercriminals.

For example, I recently came across a story on a forum about an online payment system that transferred money to its own account instead of making the required transaction. Users said that they repeatedly appealed to the court to resolve the issue, but they were told that a whole stack of claims had been filed regarding the fraud of this payment company, but no one was dealing with them.

However, in order to defend your rights, you need to know which laws to appeal to in court in case of problems with personal data. Personal data in Russia is regulated by the following laws:

  • Federal Law “On Personal Data” No. 152-FZ;
  • Federal Law “On Information, Information Technologies and Information Protection” No. 149-FZ;
  • Code of the Russian Federation on administrative offenses;
  • Criminal Code of the Russian Federation;
  • Labor Code of the Russian Federation;
  • Civil Code of the Russian Federation.

Ways to protect personal data

In order not to bring the case to court, it is necessary to observe precautionary measures:

  1. Remember that cyber fraudsters often use the information that we publish on social networks for their own purposes, so it is better to close profiles.
  2. Criminals seek to learn personal data in order to hack bank accounts. To do this, they can register on social networks under a fake account and start a conversation with you. Moreover, even in the LinkedIn social network, there have been cases when hackers presented themselves as employees of promising companies, offered a potential victim a job and, having received some personal data, disappeared with someone else’s money. This means that you need to be vigilant and not share private information with strangers.
  3. It is necessary to read the principles of operation of applications and then decide whether you want to transfer personal data to third parties. Also, you should not open access to the functions of the phone to those programs that do not need it for their operation.
  4. Don’t forget strong passwords for your accounts, and keep track of your profile activity on the sites you shop at! By the way, you should not use old, long-forgotten passwords – they are easy to crack.
  5. Do not neglect two-factor authentication – it is better to spend extra time on security checks than to become a victim of fraudsters.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2022 - Theme by WPEnjoy · Powered by WordPress