CIA-3

CYBER LAW

TOPIC- ETHICS IN DATA COLLECTION

AKSHAT GOGNA

1650303

BA LLB ‘C’
 Ethics in Data Collection

Introduction:

We share information about ourselves and the information that we create online with various
parties without knowing that such information is collected for various purposes that we might
have agreed to while accepting terms and conditions of that particular service or it may be
collected unethically without any prior permission.

The “I’m not a robot” caption that we fill while logging into various online accounts is an
information collection node where we act as programmers for text analyzing artificial
intelligence software. We become part of the Database creators who collectively train the
Artificial Intelligence software to understand which graphic character is to be associated with
which digital character. We contribute to software development and we are not paid for such
service. The question is, whether such Data collection is ethical.

Google are quite transparent about this fact, even admitting on the re-CAPTCHA website that
“Every time our CAPTCHAs are solved, that human effort helps digitize text, annotate images,
and build machine learning datasets. This in turn helps preserve books, improve maps, and solve
hard AI problems.”

Kinds of Data Collection on the Internet:

According to the Association of Internet Researchers, internet research encompasses enquiry

that:

1. Utilizes the internet to collect data or information, e.g., through online interviews,
surveys, archiving, or automated means of data scraping;

2. Studies how people use and access the internet, e.g., through collecting and observing
activities or participating on social network sites, web sites, blogs, games, virtual worlds,
or other online environments or contexts;

3. Utilizes or engages in data processing, analysis, or storage of datasets, databanks, and/or

repositories available via the internet;

4. Studies software, code, and internet technologies;

5. Examines the design or structures of systems, interfaces, pages, and elements;

6. Employs visual and textual analysis, semiotic analysis, content analysis, or other methods
of analysis to study the web and/or internet-facilitated images, writings, and media forms;
 7. Studies large scale production, use, and regulation of the internet by governments,
industries, corporations, and military forces.1

Protection of Personal Data

Privacy by Design:

Regulators have embraced "privacy by design" as a critical element of their ongoing revision of
current privacy laws. The underlying idea is to "build in" privacy in the form of Fair Information
Practices or ("FIPs") when creating software products and services. But FIPs are not self-
executing. Rather, privacy by design requires the translation of FIPs into engineering and
usability principles and practices. The best way to ensure that software includes the broad goals
of privacy as described in the FIPs and any related corporate privacy guidelines is by including
them in the definition of software "requirements." And a main component of making a
specification or requirement for software design is to make it concrete, specific, and preferably
associated with a metric. Equally important is developing software interfaces and other visual
elements that are focused around end-user goals, needs, wants, and constraints.2

Consumer Online Privacy:

Tracking the movements of consumers as they shop for goods is not a new phenomenon.
Marketers have long collected data to assist in making decisions: They have watched while
buyers pick out strawberries and noted the process parents go through to choose a box of cereal.
Consumers do not appear concerned about this invasion of privacy; after all, they are in a public
place and the information being collected-what they have in their cart and ultimately purchase as
well as the products they inspect-can be readily observed. Perhaps this lack of concern is based
on their assumption of anonymity; their shopping behaviors are collected to study patterns in the
aggregate. When information is collected at the cash register, customers can choose to opt in
through the use of a personal shopping card, a credit card, or a check. Presumably, customers
knowingly give up some of their privacy in this transaction in return for some- thing of value-a
product discount, credit, future coupons on heavily used items, and so forth. Anonymity remains,
however, if they use cash and resist requests for their phone number, address, or zip code. This
anonymity changes when consumers move onto the Internet. No longer are their shopping
behaviors available only in the aggregate. Instead, individuals are tracked, and information is
collected from purchasing transactions as they surf through Web sites. The exchange of value
between marketer and consumer becomes less defined in this new retail (now e-tail) setting than
it is in a brick-and-mortar store environment

1
(Markham & Buchanan, 2012, p. 3f)
2
Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents Author(s): Ira S.
Rubinstein and Nathaniel Good
 Case Laws

Case: Google Spain SL v. Agencia Española de Protección de Datos (May 13, 2014):

In Google Spain SL v. Agenda Espanola de Protecdôn de Datos 3, the Court of Justice of the
European Union (CJEU) interpreted the Directive as creating a presumption that Google must
delete links to personal information from search results at the request of a data subject unless a
strong public interest suggests otherwise.

The court then determined that Google Inc.'s presence in Spain was sufficient to subject it to the
Directive. Though all of Google Inc.'s data processing occurred outside Spain, Google Spain sold
advertising space within the country; since advertising is Google Inc.'s main source of revenue,
the court held that the two entities were "closely linked." Google Spain was thus effectively an
establishment of Google Inc., making Google Inc. subject to the directive.

Case: Gonzales v. Google, Inc.

In Gonzales v. Google, Inc., the U.S. government subpoenaed Google to obtain thousands of
search queries entered by its users and thousands of URLs produced by Google searches. The
U.S. District Court for the Northern District of California held that trust in Google would be
unne cessarily eroded if Google was forced to divulge the search queries en tered by its users.
The court compelled Google to provide a sample of 50,000 URLs but did not require Google to
disclose any user search queries.4

Conclusion:

Governmental authorities and democratic institutions are instrumental to safeguarding human

rights in cyber-space. National and international courts also play a crucial role as part of this
cyber regime to protect human rights. Ultimately, human rights oriented cyber governance is a
new trend in which global Internet users aim to uphold their basic human rights through good
cyber-governance principles. Yet there is no global rule of law culture in cyber-space as of yet,
let alone any monitoring or enforcement mechanism based on the multi-stakeholder approach
that would safeguard the rights of Internet users. Equal and universal legal standards are missing;
thus, the claim for rule of law is one to be considered. International jurisdiction, customary and

3
6 Case C-131/12, Google Spain SL v. Agencia Espanola de Protecciön de Datos (May 13, 2014),
http://curia.europa.eu/juris/document/document.jsf?text=&docid=i52o65&doclang=EN
[http://perma.cc/ED5L-DZR
4
Jayni Foley, Are Google Searches Private? An Originalist Interpretation of the Fourth Amendment in
Online Communication Cases, Berkeley Technology Law Journal, Vol. 22, No. 1, ANNUAL REVIEW OF
LAW AND TECHNOLOGY (2007), pp. 447-475
international human rights law, and the shifting role of duty bearer and rights holder towards
more individual responsibility are all part of the recent development towards an open and fair
cyber governance regime. While there is no lack of human rights standards or laws, the measures
and mechanisms that allow us to comply and adhere to these standards are national, not global.
This is where change has to take place. Therefore, the global cyber regime has to develop
innovative ways and mechanisms to monitor and enforce global human rights standards that go
beyond existing national measures. There might be different ways to do so without excluding
existing legal or political mechanism.