European Network and Information Security Agency (ENISA) acknowledges there are distinct benefits to social networking and so-called “life-logging”—where users post or disclose ever-more-detailed information about their daily lives to the Internet. However, the practice can also have the effect of creating a Big Brother-like surveillance state wherein aspects of many users’ lives are logged without their knowledge—and once that information is out there, individuals have virtually no control over how it is shared and distributed. To that end, the agency recommends in a new report that governments consider introducing “real sanctions” for cases where companies or other organizations violate privacy laws—or inadvertently disclose personal data through breaches or malfeasance.
The report posits a fictional family in the year 2014 to look at the potential positive and negative effects of online “life-logging.” Among the benefits, the report cites social networking as a source for community-building and reducing individuals’ sense of isolation; individuals can also see professional benefits from building solid online reputations and by promoting/exposing their work through sharing sites. Furthermore, the automatic nature of much data-sharing makes the process easy for individuals. Life-logging can also aid commercial and civic efforts, ranging from providing context-dependent and personalized data and services, to providing real-time analysis of traffic patterns, health care needs, and policy-making.
However, among the top risks cited in the report is users’ loss of control over data once it’s online, and the potential damage that can to do individuals’ privacy, reputation, and even finances if it is misappropriated or misused—and, what’s worse, users have almost no control over data about them once it’s online, and some people can have information recorded about them without their knowledge or consent. Further, life-logging data can tend to “creep” and be used for purposes not explicitly included in the terms and conditions under which it was collected—one need look no further than Facebook’s ever-expanding sense of what ought to be shared with the world for examples.
“This implies threats to privacy, loss of personal data control, harm to your reputation and the possibility of psychological damage from exclusion or the feeling of constant surveillance,” said the report.
The report recommends first and foremost that users educate themselves about the privacy implications of any life-logging services they use, but also that industry and service providers design services with privacy-friendly default settings and provide users access to (and control over) how information about them is being used and shared. The report also champions a “right to be forgotten,” a requirement that businesses, organizations, and others omit collecting data about individuals who have opted out.
And ENISA also recommends there be a stick to back up requirements, saying that European member states should consider imposing “real sanctions” in cases of personal data breaches, and conduct compliance audits to ensure companies are complying with data protection laws.
Of course, one of the most amusing aspects of the report is actually a production goof on page 48: “For additional information on consent, you may refer to risk Error! Reference source not found.”