Smith 1

Bradley Smith

Professor Flores

ENG 1201

4/18/19

Personal Data and Privacy Ethics

The Bureau of Labor Statistics reports, “Employment of computer and information

technology occupations is projected to grow 13 percent from 2016 to 2026, faster than the

average for all occupations.” (Computer and IT Occupations). The glaring growth in technology

and innovation has spiked the growth of IT fields and as stated will continue to grow at an

alarmingly fast rate. This exceptional growth will introduce many concerns and ethical issues

that will be unregulated. A particular and serious concern that stems from this rapid growth in

Information Technology is the concern for Privacy and ethical issues that can and will arise from

it. “Data Privacy is about access, use and collection of data, and the data subject’s legal right to

the data.” (Lee). What is personal data? What does it mean to violate someone’s right to their

own data or privacy? What kind of practices in relation to Privacy would be considered ethical or

would violate Data Protection laws? Would some practices be considered legal but not

necessarily ethical? All of these questions provide curious thought into dangerous scenarios if

not handled properly. Severe dangers through the ethical issues of Privacy stem from practices

involving or related to data collection and mining, spyware, and workplace monitoring. What

constitutes ethical practice in regards to privacy/personal information in Information Technology

techniques used such as data mining, spywares, and workplace monitoring? How do these

practices affect employee/employer relations? The Information Technology industry is highly

unregulated providing employers and those with access to personal data with infinite power with
 Smith 2

not enough legal restriction and the relationship between personal data and privacy rights is

heading down a dangerous route because of this lack of regulation and legislative

implementation. The dangers of practices relating to Personal Data and Privacy such as Data

Mining, Spyware, and Workplace Monitoring go glaringly unnoticed and they can too easily

exploit insufficient regulation or legal repercussions on the matter.

Personal data is defined as any piece of information that can be tied to an identity or

individual. The General Data Protection Regulation in the UK explains this as data that includes

information relating to people that can be directly or indirectly identified by that information.

The main list of identifiers can include things such as a name, identification number, data about

location, or online identifiers and handles including IP addresses, cookies and more. You do not

need someone’s name to directly identify them from personal data and other information

obtained. It can be processed and extrapolated to reveal someone’s identity based on correlation.

Information that can indirectly identify a person can also be considered personal data. This

involves data that “relates to” an individual and provokes questions that must be answered such

as if the content of the data, the purpose you will process the data, and the results or outcomes of

that can reference to or link to an individual. Data mining and processing information can be

tricky because some organizations may process information for purposes that the identity does

not matter while other organizations can process the same information for purposes that can be

invasive or considered unethical.

Jeroen van den Hoven, a professor specializing in the ethics of information technology,

published an extensive article on the Stanford Encyclopedia of Philosophy database on the

evolution of Privacy and Information Technology and how they are related. Hoven articulates the

perceptions and value of privacy and personal data and discusses some regulations on the matter.
 Smith 3

One of the principal regulations implemented through data protection laws involve the

requirement of consent of those whose personal information is being obtained. Hoven continues

by discussing the impacts of IT evolutions on privacy stemming from technologies such as social

media and Big Data. Social media infrastructures have impacted privacy in ways such as

provoking users to provide personal data for access to their platforms. Other functions such as

the ability to “like” things on these platforms can provide information to anyone who can see that

information. A way to counteract the dangers of this is to implement privacy settings but that

does not limit the access of the platform itself to your information. Big Data demonstrates an

even more dangerous thought as user behavior becomes the target of information then. Things

such as browsing history, search terms entered and internet transactions can play a big role in

creating a profile about a specific user. Hoven also expresses later on that evolutions of

Information Technology can also provide solutions to these ethical issues implementing privacy

techniques and algorithms to provide better security for users. Hoven provides insights into the

powers of practices such as data mining and how it is violating privacy and personal data rights.

In summary, the insight and expertise Hoven produces demonstrates the necessity of regulation

and legal implementation on Personal Data and protection over the privacy of that information.

In his article on Towards Data Science, Sidath Asiri defines Data Mining as “collecting

and inspecting data to develop and extract patterns to provide valuable insights”. Asiri has a

Bachelor’s in Computer Science and he studies and publishes articles on all kinds of Data

Science related topics. He continues by explaining that it involves a combination of various data

sources relating to aspects such as market trends, demographics, financial data, etc. Asiri then

goes on to determine that data collection is the first of a four-step process in implementation of

data mining. The following steps include Data Cleaning, Data Analysis, and Interpretation. Data
 Smith 4

collection is as simple as it sounds and that is to obtain large amounts of data to utilize for

analysis. Then, the data cleaning phase involves determining what data is valuable and worth

using further and removing any data that is not necessary or could falsify conclusions based on

the data obtained. Third, the data analysis phase reviews and analyzes the “cleaned” and filtered

data to determine patterns and apply algorithms to the data. Finally, after analysis is completed

the Interpretation phase draws critical conclusions on the data and can be used for predictions

based on the future of related data. There are various ways that data mining and collection can be

utilized and these ways come from many different motivations. He supports his information by

demonstrating the application and result of data mining through a graph displaying which aspects

in business have the most to gain from data mining techniques. The biggest motives for utilizing

data mining practices are in fields of Sales, Marketing and interpreting Customer Behaviors and

trends. Asiri’s studies provide a great foundation on the process and implementation of data

mining and provides critical information into the ways that it can be used and how it can easily

be exploited. One of the major ethical issues in the eyes of the general public is data mining

through social media.

Social Media Mining is “the process of representing, analyzing, and extracting actionable

patterns from social media data”. (McCourt). In her article on Yale’s Media Freedom and

Information Access website, Abby McCourt details a 2017 study “published in the Journal of

Advertising that use social media mining techniques to gauge users’ perception of a variety of

common brand names.” The study utilized programming interfaces and algorithms to analyze

tweets based on company handles as keywords and found some fascinating information. They

determined that 15.7% of tweets about fast-food restaurants were about promotions the chains

were offering and that 66.7% of tweets about Comcast contained a negative statement. It
 Smith 5

demonstrates usage of data mining that provides useful information for these companies to help

determine what they need to focus on or work towards in being more successful businesses.

McCourt goes on to present another study to demonstrate major ethical issues in relation to data

mining and explains that there is a very fine line between what is ethical in data mining and what

is not. This study utilized the same programming interface with Twitter but this time the study

analyzed geotagged tweets revealing locations of those whose tweets were being studied. That

provides major ethical issues and invasion of privacy. This sort of data mining could be a breach

of first amendment rights in relation to freedom of speech and expression. In the second study

explained by McCourt, she states “The researchers continued this practice for one year,

seemingly unbeknownst to the Twitter-using patrons…”. These studies that McCourt presents

demonstrate potential beneficial usage on data mining techniques for corporate business’ to be

better. However, the dangers of these techniques added with the power that they possess and how

easily it could be exploited suggest even further that there must be regulation over theses

practices to prevent incredibly dangerous and invasive exploitation.

According to the International Comparative Legal Guides (ICLG), “Laws protecting data

and consumer privacy are based on the principle that an individual has an expectation of privacy

unless that expectation has been diminished or eliminated by agreement, statute or disclosure.”

This statement along with the statement from McCourt on her studies argues that the second

study is completely invasive and unethical based on the subjects having no knowledge

whatsoever or any consent that their personal data and locations be used for this data mining

study. Data mining seems to have a few beneficial uses to it through certain areas such as

studying Consumer Behavior, sales/marketing, etc. but the lines for ethical practice are clear and

must be followed strictly because personal data is sensitive. However, the relationship of Big
 Smith 6

Data and Privacy is an intriguing element when diving into the discussions of ethical practices

and what we deem to be unethical, illegal or immoral.

Tom Price, a journalist published articles for research databases focusing on public

affairs involving technology and science, reports and analyzes the impacts of Big Data on

Privacy and outlines the relationship between the two. He begins by explaining the evolutions of

technology and how Big Data has provided positive changes in the world such as medical

advances and scientific breakthroughs and also aiding in business modeling. He also explains

how governments utilizing Big Data have evolved into using it in fighting terrorism and crime.

Price also provides a fascinating statistic that in 2000, only 25% of the world’s information was

digital while that number today is up to 98%. This articulates the infinite power of information

and control over the digital world and domains even more supporting the crucial impacts of data

protection and privacy. Price goes on to weigh the pros and cons of big data to determine the

effectiveness versus the harm that it can generate. He provides support by showing that 55% of

Americans believe data collection is a negative and invasive practice. He repeatedly refers to life

today as living in a surveillance state as everything we do is monitored in some way. He

demonstrates that the U.S. invokes laws to protect certain kinds of data such as financial or

medical information. Price continues by providing background on the history of Big Data and its

relationships with aspects of life such as politics. Then he discusses an intriguing debate on

introducing new laws to prevent collection of personal data. The positive arguments lay out that

companies and search engines have the capabilities to protect your information but simply are

not required to do so suggesting that we have the means but there are no regulations or laws to

enact them. The negative arguments examine counterarguments to the ideas that new regulation

puts users in the driver’s seat. These arguments suggest educating users on how their data is
 Smith 7

obtained and showing them how to protect it with the current regulations implemented already.

They also explain the serious dangers and why implementing regulations over such practices is

necessary as some of these practices can yield terrifying results if not controlled in an ethical

way with clear legal implementation and expectation of conduct.

Veracode defines spyware as “any software that installs itself on your computer and starts

covertly monitoring your online behavior without your knowledge or permission.” Based off of

that definition alone it can be inferred that any spyware would be deemed unethical in the

definitions of the data protection and privacy laws by the ICLG. Veracode goes on to explain

spyware further mentioning that it gathers personal information such as your name, address,

browsing habits, etc. and relays that information to third-parties. There are also more severe

types of spyware called a “keylogger” that steals your username, password or other credentials.

Not only is this unethical but it is illegal and would be deemed cybercrime. Main motivations for

utilizing spyware would be similar to data mining such as marketing strategies however most

intentions are malicious and intend to steal personal information to commit crimes such identity

theft. Spyware is a dangerous practice yielding even more dangerous results.

Consider this account published in an article by Laura Sydell. She presents a terrifying

usage of malware from an incident in early 2018 in Ohio. “A 28-year-old man who allegedly

hacked into thousands of computers to watch and listen to users has been indicted in Ohio.”

(Sydell) The article continues by explaining that the man has been hacking into computers for

over 13 years working out of the basement of his parent’s house. It also mentions that this man

was able to remotely access computers that he had infected with malware, named FruitFly, and

turn on the cameras and microphones of the computers as well as record keystrokes. For extra

measures the man also programmed the malware to alert him if a user was watching
 Smith 8

pornography. This sort of case is a bone-chilling example of just how dangerous and unethical

spyware can become. In summary, based on the definition of what spyware is and how it

functions there are no ethical cases or usage for it because it intends to function without the

knowledge of those whose computers are infected with the software. Sydell’s report

demonstrates the danger and power of these practices and how they must be regulated and

monitored to protect people’s personal privacy.

However, workplace monitoring may have the most ethical issues and implications when

it comes to personal data and privacy. Workplace surveillance or monitoring can be defined as

employers monitoring or watching activity through channels such as mobile devices, computers,

etc. There are different versions of workplace monitoring and some may be a little more

extensive such as keystroke monitoring. Major motivations behind workplace monitoring include

monitoring employee productivity, location of employees in company vehicles, and intention to

protect corporate resources and assets. Another motivation for workplace monitor would be to

study habits of employees and develop strategy based on the information received work towards

their business goals. Ethical and legal use of workplace monitoring can be enforced as employers

can require consent of potential employees to allow for workplace monitoring upon agreement.

However, workplace monitoring is a hot topic right now as a lot of it is unregulated so while

much of it may not be considered ethical, it could still be legal. Again, this provides another

concerning thought as the power given to these employers can be exploited in dangerous ways. A

recent study reported in April 2018 describes ethical issues that arise from “the electronic

surveillance of nurses in the workplace.” (Wallace) According to Rodney Wallace, “Employers

have always had legal justification for electronic workplace surveillance, as the U.S. courts have

consistently ruled in the employer’s favor Wallace outlines the tools used in workplace
 Smith 9

surveillance and discusses the benefits and consequences of them. He also provides ethical

consideration on these practices. Recent data claims that around 78% of U.S. businesses monitor

their employees in some way or another. He explains that civil liberties groups fighting

workplace monitoring struggle to make progress in their efforts. Later, Wallace begins to outline

the benefits of it such as increased security, risk management, and enhanced productivity. He

details that electronic monitoring severely cuts employee theft cases and misuse of time as well

as deterring unprofessional behavior. Electronic surveillance can also increase productivity based

on employees working harder and using their time more wisely. Wallace then gets into the

negative impacts of workplace monitoring discussing issues such as diminished privacy, impacts

on mental health, increased distrust and abuse of power. He outlines that humans have rights to

their privacy and not being used by others and sometimes need that personal space and time to

just be alone with their thoughts which can foster innovation and creative thinking. The mental

health issues that can plague employees from stress and emotional issues stemming from a sense

of always being watched is a dangerous impact that should not be messed with. Employees may

also view electronic monitorization as an indication of mistrust from the company which can

lead to a high-tension and hostile work setting. He explains the abuse of power that employers

have when implementing such practices through coercion, blackmail, discrimination and more.

Wallace concludes that employers have an immense amount of power from practices such as

workplace monitorization and that employees must be aware of when it is justified and if not

take necessary action. Furthermore, this reinforces the thought that a Code of Conduct or

regulation must be implemented to prevent such issues from occurring.

Wanbil Lee presents an ethical approach to Data Privacy Protection and ideas to solve the

problems facing the Information Age today. Lee articulates the process of a person’s legal rights
 Smith 10

to their personal data and describes the protection process of these elements. He details ways to

implement data privacy protection and the complexities of developing these methods. Lee gives

his thoughts and inputs for technical and social solutions as to creating international principles to

provide data protection. Lee provides thoughts such as implementing safeguarding data and

creating a sense of awareness on the dangers of protecting personal data. Lee explains that an

issue on this matter is that countries have different regulation and explains the different

implementations of these in the world such as the U.S., Europe, Asia and internationally. Lee

lays out a regulation provided by Hong Kong detailing Six Data Protection Principles of PDPO

that many countries reference on the matter. He concludes that implementation of a Code of

Conduct is necessary for providing guidance in creating data privacy standards to allow ethical

and professional ways of obtaining data. He finishes with stating that the two reasons this is a

necessity are information security will continue to become more complicated stemming from

new risks and the dangers of privacy infringement becoming more frequent due to these

technological advances. Lee provides in great detail some wonderful food for thought on ways to

move forward in the vastly growing industry of IT although the dangers still highly outweigh the

legal protection and regulation overseeing them.

Take a look at these statistics researched by the Pew Research Center; who conducts

research and social science analysis on public opinion, content analysis and more. The article,

published in their Internet and Technology area by Mary Madden and Lee Rainie, provides some

fascinating reports and statistics on the public opinions of privacy in our everyday lives. Take a

look at this graph they presented from their research:

 Smith 11

Fig. 1. This chart shows the responses of Americans when asked how important these issues are

to them in relation to their privacy in their every day lives. (Madden and Rainie)

This study demonstrates the strong opinions that Americans have on their privacy and

that 93% of Americans would like to be in control of who has access to information about us.

Unfortunately, that is not the case at all and these statistics support the claims that regulation and

legal implementation over personal data and privacy is necessary because with the right skills

and software anyone can have access to anyone and 93% of America does not like the sound of

that. This report shows that accessing a person’s information without consent would be

considered unethical and that it is too easy to get a hold of currently.

 Smith 12

There are numerous ethical implications in relation to privacy practices involving

personal data and information such as data mining and collection, spyware and workplace

monitoring. When analyzing the dangerous practices of data mining and collection it potentially

can be used for beneficial motivations and ethically however regulations suggest users require

knowledge that their personal data is being used for such purposes. Currently there is not enough

regulation to protect users from such practices. In regards to spyware, there does not seem to be

any ethical usage of it as its main intention or purpose is for obtaining information with criminal

motive. When it comes to workplace monitoring, this has been a controversial topic the last few

years as it can generate ethical implication although it is not well regulated and there are

beneficial uses of it. A conclusion to workplace monitoring would be that it allows for ethical

practice upon agreement and consent of employees and awareness throughout the company on

the ethical uses of it. In conclusion, there are too many gray areas and unregulated usages of

these issues in relation to privacy and as innovation and IT rapidly increases this margin will

grow with it. Therefore, awareness must be promoted as it will be critical in striving for ethical

practices when it comes to the protection and privacy of personal data and activities. And finally,

we must push for implementation of laws protecting personal data and privacy because 93% of

America calls for power over who can have access to your information but in today’s world with

the regulation we have over the digital world gaining access to that information is all too easy

and must be regulated for Americans to sleep easier at night.

 Smith 13

Works Cited

“Computer and Information Technology Occupations.” U.S. Bureau of Labor Statistics, U.S.

Bureau of Labor Statistics, 13 Apr. 2018, www.bls.gov/ooh/computer-and-information-

technology/home.htm.

“Data Mining in Brief.” Towards Data Science, Towards Data Science, 23 Dec. 2017,

https://towardsdatascience.com/data-mining-in-brief-26483437f178.

Hoven, Jeroen van den, et al. “Privacy and Information Technology.” Stanford Encyclopedia of

Philosophy, Stanford University, 20 Nov. 2014, https://plato.stanford.edu/entries/it-

privacy/.

“International Comparative Legal Guides.” Data Protection 2018 | USA, Global Legal Group, 12

June 2018, iclg.com/practice-areas/data-protection-laws-and-regulations/usa.

Lee, Wanbil W., et al. “An Ethical Approach to Data Privacy Protection.” ISACA, 2016,

www.isaca.org/Journal/archives/2016/volume-6/Pages/an-ethical-approach-to-data-

privacy-protection.aspx.

Madden, Mary, and Lee Rainie. “Americans' Attitudes About Privacy, Security and

Surveillance.” Pew Research Center, 24 Mar. 2016,

www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-

surveillance/.

McCourt, Abby. “Social Media Mining: The Effects of Big Data in the Age of Social

Media.” Yale Law School, 3 Apr. 2018, https://law.yale.edu/mfia/case-disclosed/social-

media-mining-effects-big-data-age-social-media.
 Smith 14

Price, Tom. “Big Data and Privacy.” CQ Researcher, Sinclair Community College, 25 Oct. 2013,

library.cqpress.com.sinclair.ohionet.org/cqresearcher/document.php?id=cqresrre2013102

500&type=hitlist&num=0.

“Spyware.” CA Veracode, 15 Aug. 2017, www.veracode.com/security/spyware.

Sydell, Laura. “Ohio Man Charged with Putting Spyware on Thousands of Computers.” NPR,

NPR, 13 Jan. 2018,

www.npr.org/sections/alltechconsidered/2018/01/12/577761143/ohio-man-charged-with-

putting-spyware-on-thousands-of-computers.

Wallace, Rodney D. “Electronic Surveillance of Nurses in the Workplace: Ethical

Considerations.” Historical Perspectives on an Expanded Role for Nursing, 17 Apr. 2018,

ojin.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/Co

lumns/Ethics/Electronic-Surveillance-of-Nurses.html.

“What Is Personal Data?” ICO, https://ico.org.uk/for-organisations/guide-to-the-general-data-

protection-regulation-gdpr/key-definitions/what-is-personal-data/.