Security and privacy are two the main concerns for both providers and end-users of digital services. Service providers claim that citizens’ privacy, the security and services of their infrastructure are top priorities. At the same time, end-users adopt an IT service, only when they are convinced that their valuable data are not at risk. In this landscape, policy makers are trying to regulate the provision of IT services in order to ensure that some minimum security, privacy and data protection standards are met. As a prominent example, as of May 2018 the European Union (EU) has put into force its General Data Protection Regulation (GDPR), which foresees extremely strict penalties for service providers that fail to comply with the mandates of the regulation. In this context, major on-line service providers advertise their strong privacy and data protection features. This is for example the case with Facebook, which promotes its strong and versatile privacy control functionalities, which however come after the famous Cambridge Analytica data breach that caused significant brand damage to the company.
The Role of Data Collection and User Surveillance
Contrary to what IT giants want us to think, the nature of most mainstream on-line services contradicts the provision of strong security and privacy guarantees to the end users. This is because, these guarantees are always provided after the end-users have given away personal data, as the latter are practically used to provide most of the popular on-line services. For instance, Google provides strong security features to all users that it surveils and exploits as data providers for its services. The company processes users’ data as a means of selling ads and other targeted services to its clients. Likewise, Facebook is securing its social network, which is however able to collect and maintain large amounts of personal data by surveilling its users.
Google and Facebook are only two out of numerous examples of on-line services that hinge on collecting data from end-users. A wide array of such services are offered in similar ways, including:
- User-generated content services, which involve end-users as primary content providers (e.g., YouTube). Nowadays, the largest content providers on the planet do not actually produce any content of their own but rather rely on their end-users to do so.
- Crowdsourcing services, which solve problems based on the fusion and integration of information that is provided by the users themselves. In crowdsourcing, end-users act as sensors and/or problem solvers. Relevant services combine solutions and information provided by individual end-users.
- Sharing economy, which is also about sharing and managing information flows among users of services like car pooling and sharing of residencies data.
- Social networking websites, which operate based on user generated content and information about each user’s social graph.
These services have emerged since more than a decade and appear intensified ever since. In particular, on-line service providers are expected to increase the rate of the data they collect from their users in the years to come. This is driven by the following factors:
- The need to offer more personalized services that are tailored to end users’ preferences. Indeed, improved personalization hinges on the collection of more and more accurate data about the end-users, as means of profiling them appropriately.
- The rise of advanced data processing capabilities such as predictive analytics, machine learning and artificial intelligence, which can significantly increase the competitiveness of IT enterprises. A key prerequisite for the successful adoption of these technologies is the availability very large datasets for their training and operation.
- The increased competition among service providers, which in some cases boils down to which one has more and better data assets.
The above trends indicate that we are experiencing an entirely new model for the growth of the on-line economy. This involves users exchanging their data for added-value added services that are offered to them based on the data they provide. This model enables on-line service providers to accrue large amounts of data at virtually no cost, which makes them very wealthy and powerful. In some of her recent works,business theorist and social scientist Shoshana Zuboff refers to this model as “Surveillance Capitalism”. In these works she also analyzes the implications of this novel market model. Specifically, Zuboff states that surveillance capitalism commodifies “reality” through transforming behavioral data for analysis and sales. Likewise, she introduces the terms “surveillance assets” and “surveillance capital”, which she considers as the cornerstone of IT giants’ power.
One of the main implications of surveillance capitalism is that on-line service providers that democratized access to information and knowledge, are gradually becoming so powerful that they can control our lives in a way that threatens core values such as freedom, democracy, and privacy. It may sound ironic, but it seems that large networks that aim at decentralizing control of information and safeguarding individuals’ privacy against the power of large corporate and governmental bureaucracies, could become bureaucratic structures themselves that could jeopardize citizens’ privacy. It looks like that IT giants pretend that they want a secure and privacy friendly internet, yet in practice their interests contradict the existence of 100% privacy-proof platforms.
In this landscape, policy makers are confronted with a serious dilemma about the way they regulate the operation of on-line services. On the one hand, they are thinking of imposing strict regulations (like the GDPR) as a means of obliging service providers to respect fair information practices, while at the same time offer strong security and data protection. On the other, they also realize that regulation can be a set-back to innovation and to the graceful growth of the information economy. Several organizations have been raising concerns about free speech and privacy rights in the era of surveillance capitalism, while most governments are trying to create and enact privacy laws that balance the above trade-offs.
Nevertheless, participation in surveillance capitalism is largely voluntary. Regardless of the regulations that are in place, end-users opt to participate or abstain from on-line services depending on their perception about the value that they get from using such services. In the medium term we expect to see giant IT providers to devise and implement measures that balance regulation with the value given to their users. One way or the other the show of mass-surveillance will most likely go on.
 “Big Other: Surveillance Capitalism and the Prospects of an Information Civilization.” Journal of Information Technology 30, no. 1 (March 2015): 75–89.