izi sat before her computer with all of her apps and avatars just where she wanted them. It was her world, at her command. But on the other side of the screen, invisible, others tracked her every keystroke.
Some of the onlookers were ostensibly benign, profiling her commercial and philosophical preferences based on the websites she visited. Others collected “meta data” to improve their businesses.
A few, however, using “malware,” were trying to steal credit card and personal information. One of them succeeded.
Zizi had visited the site of a new company selling a red-and-mauve scarf she’d seen advertised and which she ordered via credit card. The scarf arrived three days later, but so did a credit card charge for four Baccarat crystal candlesticks purchased by a thief in Venezuela. The scarf website, it turns out, was unprotected, and her credit card number was swiped by a computer hacker.
“Identity theft,” the successful or attempted misuse of credit card, bank or personal information to commit fraud — the cyber equivalent of a heist — is looking for you.
Whether you care that others may be watching you as you surf the net can be a matter of generation, culture, or both. But, like it or not, you’re already on the slippery slope of losing control of your individual privacy. There are simply too many stories of stolen social security numbers, banking account passwords, and credit card numbers for anyone to pretend his or her online life is entirely secure. Denial is not an option.
Young people seem to care less about privacy than their elders, but the real difference in philosophy and approach to identity protection is cultural.
Europe, with its war-torn history, is obsessed with matters of privacy. Abuse of personal information led to casualties through both world wars and in the period of high tension that followed. That hurt produced the European Union’s strong support for human rights principles.
The European Convention on Human Rights, the Charter of Fundamental Rights of the European Union, and the EU Charter itself make the protection of personal data a cornerstone human right. Governments have a compelling duty to protect the privacy of every EU citizen and resident. The obligation emanates from view that “human dignity is inviolable,” found in the first article of the EU Charter.
Protected data includes an individual’s name, photo, email address, bank details, social networking posts, medical records, and computer IP address, and it applies across the board: at home, work, shopping, receiving medical treatment, at a police station or surfing the net.
In 1995, the EU passed the Data Protection Directive to help further guarantee privacy rights. Moves are afoot to modernize and update that legislation based on online advances.
Among the proposed reforms will be a single set of rules on data protection valid across the EU. The rules will also apply to any company outside the EU offering services to EU citizens. They will include the “right to be forgotten,” an individual’s right to have his or her data deleted from a website.
The United States, on the other hand, has no comparable comprehensive law for data protection. It approaches privacy from a different perspective, that of liberty and the First Amendment’s protection of freedom of speech and press. Instead of attempting to limit personal exposure, U.S. history is grounded in fighting for freedom from government intervention.
The word “privacy” does not appear in the U.S. Constitution. Notions of privacy entered law only through a series of U.S. Supreme Court findings in which the Bill of Rights was seen as suggesting “penumbras” of privacy, such as those covering a woman’s right to abortion during the first term of pregnancy (see Commandments and Culture laws).
American privacy notions depend mainly on laws developed in certain industries (such as cable television) and on self-regulation of the private sector. Federal legislation on the subject, when it exists, tends to favor the efficient flow of information over the individual’s right to privacy. In other words, you’re on your own.
Both American and European systems seek ways of protecting privacy that reflect their cultural realities, with exceptions carved out to allow for the invasion of privacy when the issue at hand regards terrorism, criminal justice, taxation, and the like.
As for Zizi, it won’t matter whether she’s in the U.S. or the EU. She won’t get redress directly from the thief who stole her credit card number. Nor do existing privacy laws prevent the unauthorized posting of information or photos she voluntarily shares on the web.
Laws may to some extent direct how our information is shared, but only up to a point. Global citizens of an increasingly non-private world must take personal responsibility for setting up their own computer protection and think twice about what to share with cyber world.
In the end, the first commandment of privacy is “protect thyself.”
