fb-pixel Skip to main content
IDEAS

Why it’s good for you if I protect my privacy

Companies claim obsessive data collection makes their products better. But Carissa Véliz says that obscures how much power they’re amassing.

Carissa Véliz, associate professor in the Faculty of Philosophy and the Institute for Ethics in AI at the University of Oxford.
Carissa Véliz, associate professor in the Faculty of Philosophy and the Institute for Ethics in AI at the University of Oxford.Fran Monks

Why should you care about protecting your privacy online? Tech critic Carissa Véliz says it’s not just a matter of personal preference: It’s a civic duty.

Véliz, associate professor at the Institute for Ethics in AI at the University of Oxford, is the author of “Privacy Is Power: Why and How You Should Take Back Control of Your Data,” which blends philosophical insight and practical advice. Véliz says that guarding your privacy promotes something akin to digital herd immunity. Many companies claim that the more data they have, the better their products will be, but Véliz argues that this personal data ultimately gets transformed into something toxic, which society should regulate much like asbestos. Last year The Economist called “Privacy Is Power” one of the best books of the year, on any subject.

Advertisement



This interview has been edited and condensed.

You argue many companies don’t just want our information to make money but aim to gain and leverage power. What power are they after?

One characteristic of power is that you can transform it from one kind into another. If you have lots of data, you can turn that into money by selling it or exploiting it for personalized ads. And then you can turn that economic power into political power by lobbying, for example. When lobbying is successful, that political power can come back in the form of more economic power.

What’s an example of a company behaving this way?

There’s an element of that in any company that profits from personal data. But Facebook is one of the worst offenders. It spent more on lobbying than any other tech company in 2020.

How exactly does collecting and analyzing personal information provide companies with knowledge they can use to dominate us?

Sometimes we directly give away sensitive personal data. We tell companies our names, phone numbers, addresses, etc. Most other times, companies infer sensitive data from other kinds of data that don’t seem that sensitive. For example, it’s possible to calculate your life expectancy based on how fast you walk, as measured by your phone. It’s possible to infer whether you suffer from depression by how you slide your finger across your phone’s screen. If companies identify you as someone with a gambling problem, they may use that knowledge to lure you back into gambling.

Advertisement



Information about your interests and weaknesses gets used for advertising purposes in very questionable ways. Recently, it was revealed that Facebook allows advertisers to target children as young as 13 who have been profiled as interested in smoking, alcohol, online dating, extreme weight loss, and gambling. Much of the data about you that’s out there ends up in the hands of data brokers. Many of them aggregate it and sell it to insurance companies, banks, prospective employers, governments, and more. Data brokers want to know whether you are planning to have a baby, your religion, health concerns, purchasing power, social media habits, the properties and vehicles you own, and your political views, among other things.

You argue that one way to gain control of our data is to refuse to give it to untrustworthy companies. In your book, you advocate not taking a home DNA test, something many people find fun and educational. Why shouldn’t we?

Advertisement



Home DNA tests are incredibly inaccurate, yielding 40 percent false positive matches [according to a 2018 study]. So almost half of the time, you’ll get misleading information. On top of that, many privacy policies ask you to give up your rights to your genetic data. That means that you have no idea where that data will end up and how it will be used in the future. It could be used to deny you life insurance. Or it could hurt the chances of your family members [to get life insurance], since genetic data is something we share with our kin. And who knows what we might be able to infer from genetic data in 20 years. In general, we should say no to anything that makes us lose privacy unnecessarily.

You also recommend sometimes poisoning data collection processes by providing companies with false, misleading, and ambiguous information. Why is this deception ethical?

Obfuscation is only ethical when the company in question doesn’t have a justified claim to your personal data, and they won’t allow you to remain silent and protect your privacy. An example that happened to me was a clothing shop refusing to sell me a scarf if I didn’t give them my email. In cases like that, you can give a false email or a false name.

Privacy protective tools are often overhyped. Which ones do you endorse?

Some of my favorite ones are Signal for messaging, ProtonMail for email, and DuckDuckGo for search. They show that we can have online services without privacy invasions.

Advertisement



What can we do to avoid becoming complicit in revealing information about others that leaves them vulnerable to exploitation?

We should keep in mind there’s a collective aspect to privacy. Every time you give out data about yourself, you are also exposing others. Your location data, for instance, includes data about your neighbors and co-workers. Your psychological data exposes people who share your psychological characteristics, because companies will use it as proxy information, a model of your and their dispositions. So the first step is protecting your own privacy. The second step is being as mindful as possible about others’ privacy. Don’t upload photos of others without their consent. Don’t pressure people to share more than they are comfortable with. Don’t forward or retweet posts that clearly violate someone’s privacy.

What regulation is necessary?

Legislation should focus on banning personalized ads, not allowing people to buy or sell personal data, and implementing data fiduciaries, which are duties of care that professionals owe to their users or clients in virtue of their position of power. Just like doctors owe their loyalty to their patients and financial advisers must put the interests of their clients before their own, whoever wants to collect or manage personal data ought to take on the responsibility to use that data to benefit data subjects and never to harm them.

Advertisement



Evan Selinger is a professor of philosophy at the Rochester Institute of Technology and an affiliate scholar at Northeastern University’s Center for Law, Innovation, and Creativity. Follow him on Twitter @evanselinger.