By Nicolás Barahona. Published: February 2022.

A book that should be categorized in the horror genre is Privacy is Power: Why and How You Should Take Back Control of Your Data. Carissa Véliz is the author. She is a professor at Oxford University’s Institute for Artificial Intelligence Ethics. She has found how to steal the sleep of those who have surrendered their data (voluntarily or involuntarily) to companies that only consider it a small part of their portfolio.

The cases that guide the narrative are mainly nightmares that a person runs the risk of living within today’s societies' economic, political, and civil functioning, based on admitting, regulating, and determining with a permanent collection of data.

That is not new in the history of civilizations. The first cities, kingdoms, and empires emerged when humans could store and process large amounts of mathematical data. For example, the Sumerians invented writing between 3,500 and 3,000 BC and discovered how to make variables and their respective records useful. That allowed them to know the amount of barley harvested during a specific period and expanded their possibilities to decide how to feed hundreds and thousands of people.

However, in recent years, what seems beneficial in organizing existence has been overshadowed by the configuration of forms of domination that unite the digital and the virtual to a storm of private interests and permanent, diverse power struggles.

Carissa Véliz’s contemporary horror stories tell us that. They start with everyday things: when we open the doors of our home to artificial intelligence, activate the cameras of our devices in places no one had access to before, carry with us a tracker for 24 hours per day or buy online.

The protagonist of these stories could be any one of us. Throughout the workday, we could be nurturing an almost automatic report of our performance because perhaps the boss believes it is positive to monitor us and that our colleagues do it. That can provoke nervous breakdowns due to excessive control.

The crises can be magnified when we go to the doctor because we fear that our records end up in the hands of pharmaceuticals, hospitals, health apps, researchers, insurers, or, even worse, in those of potential employers. Crises extended to our home, where a random word spoken activates the smartTV connected to our phone and sends private information to third parties, such as a very intimate conversation with our child or partner.

Crises can go with us on business trips and make us vulnerable to immigration authorities: to avoid being flagged as suspected criminals, we allow them to scan our laptop and phone, exposing corporate, professional, personal, and other information that determines part of our identity.

The risks of the story are not part of a dystopia. Look at what happens in China or the West.

In December 2021, advocates raised alarms in the UK over serious indications that its prime minister, Boris Johnson, wanted to sell citizen data to the global market. Alex Stobart, director of Mydex, claimed that everything Cambridge Analytica did would be legal if the UK approved. That is, there would be no problem accessing millions of personal data and using it to manipulate audiences psychologically.

Another creepy case is the one discovered by the European Data Protection Supervisor in January 2022. It found that Europol, the European Union’s police agency, had illegally amassed a vast store of personal information while preparing to become a hub for machine learning and AI applied in policing.

According to The Guardian, the Europol’s cache contains at least 4 petabytes – equivalent to 3m CD-Roms or a fifth of the entire contents of the US Library of Congress. “Data protection advocates say the volume of information held on Europol’s systems amounts to mass surveillance and is a step on its road to becoming a European counterpart to the US National Security Agency (NSA).”

NSA is the organization whose clandestine online spying was revealed by Edward Snowden, former CIA, and it caused, among other effects, diplomatic clashes between world leaders.

This scenario is minimal in the face of the immense struggles that grow in real-time. So, it is not strange that for this beginning of 2022, the Council of Europe reminds us on its website: “You go somewhere, you buy something, you apply for a job, you pay your bills: you live… and at each of those moments of your life, your personal information is used, collected, processed.”

The United Nations recognizes the importance of privacy and data protection as more social and economic activities have been placed online. It affirms progress: 69% of countries had some form of legislation in place, and 10% had draft legislation by 2021.

But concerns remain about the collection, use, sharing, and seizure of personal information with third parties without notice or consent.

The Global Data Protection Index (GDPI) is a survey conducted by Dell to 1,000 IT decision-makers from organizations worldwide. The survey provides insight into participants' confidence in enterprise data protection. The finding of its latest edition: “The threat of a cyberattack looms over organizations – exacerbated by the increase of remote workers – and few are confident in their ability to protect against and recover from them.”

74% of respondents agreed that this risk grew in their companies during 2021.

If this fear is in organizations with the budget to establish a robust digital infrastructure, how do we citizens defend ourselves? The possibilities depend, among other factors, on our practices as digital users, the place we inhabit, and the interest of governments, judges, and legislators.

The Convention for the Protection of Individuals concerning Automatic Processing of Personal Data entered into force 41 years ago. It was the first legally binding international instrument in this field. It requires the countries to adopt the necessary measures in their domestic legislation.

Better known as Convention 108, it was signed for the first time on January 28, 1981, by members of the European Council. Its scope has been extended to 55 countries, of which only three are Latin American, and five are African.

That’s why every January 28th is #DataPrivacyDay, with an immense contribution to remind us why we must remain vigilant. Every day should be a privacy day, as we are constantly exposed.

We share with you below a series of cases, resources, reports, and key players that we believe you should know about the subject.

Spying

Thirty-five civil society members and journalists were spied in El Salvador using Pegasus spyware from the Israeli company NSO between July 2020 and November 2021.

The Citizen Lab and Access Now, in collaboration with Frontline Defenders, SocialTIC, and Fundación Acceso revealed this.

El Faro, one of the most incisive in investigating corruption, abuse of power, and organized crime, was the media outlet that received the most attacks.

Pegasus is the most powerful cyberweapon globally that is only sold to governments. Location, chats, photo gallery, calls are exposed: it can access any data recorded on infected devices.

The target and the perpetrator of the attacks in El Salvador are still unknown.

In addition to assassinations, spying is one of the most brutal ways to muzzle the press and, potentially, any citizen.

Premonitions

Capitalism continues to absorb the way we live. Progressively, it becomes impossible not to have a banking and credit history. Urbanization is expanding. Survival depends on money. Achieving better jobs, education, technology, housing, food, or transportation depends on making transactions.

A project designed at the Media Enterprise Design Lab asked what the state of Human Rights will look like in a wildly capitalist future.

The project is The Rights Market, created by Cee and Tee, a designer and a lawyer who has decided to remain anonymous. Their proposal, complex to understand at first, is not executed today but in 2035. A year in which, according to them, we will have to establish agile and strategic maneuvers to access our rights.

Its website describes a series of critical events to understand the urgency of securing our identity, having mechanisms to prevent the misuse of our photos, and accessing the right to be forgotten.

Cee and Tee presented the project at the last edition of the World Economic Forum. It ultimately seeks to raise the alarm about the vulnerability of individuals and why technology companies and governments need to stop ignoring their responsibility to protect us.

Protest

Fundación Karisma, Dejusticia, and Privacy International created a guide to protect yourself digitally during a protest. It arose from the last cycles of demonstrations in Latin America, marked by human rights violations and abuse of power by the security forces.

The guide is in Spanish and offers explanations and recommendations on four types of surveillance: technological devices, communications, identity, and networks of protesters.

• 🎧 For example, on the case of Colombia, Karisma produced the miniseries “Pistolas con Celulares” (ES). Four episodes in podcast format offer a multidisciplinary vision of the impact of the State’s actions in the technological and digital environments during the National Strike in 2021.

Latin America

Derechos Digitales is a non-profit organization focused on developing, defending, and promoting Human Rights in the digital environment.

Its regional reach and over 15 years of experience make it a benchmark for promoting knowledge, public policy advocacy, and social change in Latin America.

We recommend three of its most recent studies, which will give you a comprehensive view of the management of personal data in Latin America. They are written in Spanish but are totally worth reading:

• 🚨 “Sistemas de Identificación y Protección Social en Venezuela y Bolivia: impactos de género y otras formas de discriminación.” They documented how these systems have affected the rights of women and the LGBTIQ+ population to identity, integrity, dignity, and access to food and health.
• 🦠 “Uso de tecnologías para el combate de la pandemia: datos personales en Latinoamérica.” In partnership with the Global Network Initiative, they analyzed the technological solutions proposed by the governments of Argentina, Bolivia, Brazil, Colombia, Ecuador, and El Salvador to the Covid-19 crisis, particularly concerning the use and protection of personal data.
• 👩‍💻 “¿Quién defiende tus datos?”, an evaluation of how Chilean companies that provide internet services safeguard their customers' data, especially in the face of possible abuses by state authorities.

Do-it-yourself

The Data Detox Kit allows us to describe how and why patterns about our privacy are revealed. It also explains how to control our privacy, security, and well-being in the right way.

The kit offers practical steps, a detailed explanation of various practices you should correct, and well-argued reasons why you should stay away from the products of certain large companies.

The Kit is a project of Tactical Tech, with support from the Swedish International Development Cooperation Agency.

Community

At Datasketch, we have always been delighted to be friends with SocialTIC, an organization focused on promoting technology and information for social purposes. Their research, advocacy, and pedagogy work are admirable, especially for seeking diverse ways to turn knowledge into action.

They have consolidated tools, applications, blog posts, and an info-activist community. Follow them if you want to stay informed and find resources to strengthen your online presence.

We also highlight Cyber Collective, created by women of color and focused on data ethics, privacy, and cybersecurity research. This collective “works to center marginalized voices in the data ethics dialogue, assess their knowledge, and then gather their input to influence change. They also advocate for legislation to protect consumers.” Forbes explained.

Their community began to build during the mass protests in the United States over the assassination of George Floyd, trying to find a solution to the level of digital risk protesters might face. Furthermore, they have realized how powerful it is to unveil and amplify critical viewpoints through networked content, creative research sessions, and educational material.

Are you going to travel?

Best Vpn.org and Chamber of Comerce.org created an Internet Privacy Index, which “shows how seriously privacy concerns are taken in countries all over the world. Norway, which holds the highest privacy score, can serve as an example for other countries looking to improve internet privacy,” they describe.

Countries receive a score from 0 to 100 based on the weighted sum of seven variables (data from international organizations such as Reporters Without Borders, the World Justice Program, and the United Nations):

• Freedom of the press.
• Existence of data privacy laws.
• Democracy Index.
• Effective guarantee for freedom of opinion and expression.
• Absence of arbitrary interference with privacy.
• The government does not expropriate without due process and adequate compensation.
• Legislation on cybercrime.

The Index has data from 110 countries. Therefore, a first step to defend your information, if you are going to travel or do not know how safe the Internet is in your country, is to explore the list, in whose last place is China, with 13 points.

Finally, we recommend that in this exercise, you explore the editions of the Global Legislative Predictions of the International Association of Privacy Professionals (IAPP), which since 2017 exposed possible changes in this area that are expected on a global scale.

Help us!

We want to keep mapping initiatives, organizations, experts, stories, reports, essays, research, news about #DataPrivacy.

Please share it with us through our social networks if you know of any. This way, we will expand the sources and knowledge to disseminate, debate, build with our community, of which, of course, you are already part.