Andrew Pardieck

DOI: https://doi.org/10.2139/ssrn.4514628

2023-01-01

SSRN Electronic Journal

Abstract:In 1890, when Louis Brandeis and Samuel Warren wrote their seminal work on The Right to Privacy, Japan did not have a word for the concept. Scholars settled on puraibashii a transliteration as opposed to translation, of the word privacy. Today, privacy is closely guarded in Japan; the European Data Protection Board has found privacy protections in Japan “equivalent” to those in the EU. This research explores the evolution of privacy law in Japan, focusing on data breach and the legal rights and obligations associated with it. The writing is broken up into two parts: This first article discusses private enforcement of privacy norms, as it is the courts, in response to civil complaints, that first established and continue to define privacy rights in Japan. A separate article will address the public law regulation of privacy, including discussion of Japan’s Act on the Protection of Personal Information and its regulatory enforcement. Examining the civil litigation that has defined privacy norms in Japan, one finds three distinct periods: early judicial decisions that create privacy rights by weaving together pre-existing legal doctrines in new ways; a period of expansion where courts recognize a legal injury for disclosure of even basic personal information; and a recent Supreme Court decision that expressly recognizes a remedy for the mental distress that arises from a data breach, even without proof of financial harm. In comparison to the public law cases, one also finds a public law-private law divide. While some Japanese courts in data breach litigation suggest individuals possess a “right to control” their own personal information; in cases involving the central government, one finds no more than a right to the “reasonable handling” of that information. A cross-jurisdiction comparison suggests Japan seeks middle ground. Japanese courts define privacy rights more broadly than in the U.S., but not to the extent found in jurisdictions governed by the GDPR. In doing so, Japanese courts use tort law to balance interests: to compensate plaintiffs; to incentivize defendants’ compliance with industry standards and government regulations; and to reward defendants who implement post-incident remedial measures. The result is a set of legal norms that clearly recognize privacy rights, but also limit damages. These legal norms, in turn, have produced stable market norms that now allow parties to settle most data breach claims. Purabashii is no longer a foreign concept in Japan.

Rachael MULHERON

DOI: https://doi.org/10.1017/cel.2015.1

2015-05-29

Cambridge yearbook of European legal studies

Abstract:Abstract Over the course of 2013–15, there have been significant developments in the reform of class actions in Europe. The European Commission published its Recommendation of common principles concerning collective redress in June 2013, whilst the Consumer Rights Act 2015 – which was introduced into the United Kingdom Parliament in January 2014 and obtained Royal Assent on 26 March 2015 – contains a class action for competition law infringements. Although there is some ‘common ground’ between these legislative instruments, their divergences are far more legally significant, and comprise the focus of analysis in this article. Regarding the two topics of standing to sue, and the opt-in versus opt-out approach to forming the class, the approaches of the European Commission and the UK Parliament differ markedly, reflecting the deep policy, political and judicial divisions which have manifested in this area of reform for over a decade. The legislators have also ultimately chosen different scopes of application, with the European Commission preferring a ‘horizontal’ approach to reform, whilst the UK Parliament has pursued a sector-specific reform agenda. In respect of standing to sue and the opt-in versus opt-out debate, there are numerous sound legal and political reasons that manifestly support the UK law-makers’ decision to depart from the 2013 Recommendation. However, in respect of the horizontal-versus-sectoral debate, the topsy-turvy history of reform at both European and domestic levels has resulted, ironically, in both the Commission and UK policy-makers reversing the views which each had initially adopted within the past decade. Undoubtedly, as these reform measures demonstrate, the collective redress landscape is both evolving and controversial.

Benjamin Avanzi,Xingyun Tan,Greg Taylor,Bernard Wong

2024-06-30

Abstract:Understanding the emergence of data breaches is crucial for cyber insurance. However, analyses of data breach frequency trends in the current literature lead to contradictory conclusions. We put forward that those discrepancies may be (at least partially) due to inconsistent data collection standards, as well as reporting patterns, over time and space. We set out to carefully control both. In this paper, we conduct a joint analysis of state Attorneys General's publications on data breaches across eight states (namely, California, Delaware, Indiana, Maine, Montana, North Dakota, Oregon, and Washington), all of which are subject to established data collection standards-namely, state data breach (mandatory) notification laws. Thanks to our explicit recognition of these notification laws, we are capable of modelling frequency of breaches in a consistent and comparable way over time. Hence, we are able to isolate and capture the complexities of reporting patterns, adequately estimate IBNRs, and yield a highly reliable assessment of historical frequency trends in data breaches. Our analysis also provides a comprehensive comparison of data breach frequency across the eight U.S. states, extending knowledge on state-specific differences in cyber risk, which has not been extensively discussed in the current literature. Furthermore, we uncover novel features not previously discussed in the literature, such as differences in cyber risk frequency trends between large and small data breaches. Overall, we find that the reporting delays are lengthening. We also elicit commonalities and heterogeneities in reporting patterns across states, severity levels, and time periods. After adequately estimating IBNRs, we find that frequency is relatively stable before 2020 and increasing after 2020. This is consistent across states. Implications of our findings for cyber insurance are discussed.

Risk Management,Cryptography and Security

Kerrie Sadiq

DOI: https://doi.org/10.54648/taxi2018044

2018-05-01

Intertax

Abstract:Many jurisdictions face the question of whether to legislate to introduce a whistle-blower protection regime for disclosures of information regarding breaches of tax laws or misconduct relating to an entity’s tax affairs. To this extent, Australia is no exception and is in the process of passing legislation through Parliament to insert a comprehensive regime into the Taxation Administration Act 1953 for the protection of individuals who report breaches of the tax laws or misconduct. Like all regulatory reform, the introduction of the legislation has been a lengthy and controversial process which began with an announcement by the Government as part of their Federal Budget in May 2016. This article discusses Australia’s historical and recent approach to whistle-blower protection, provides an analysis of the processes which resulted in legislation being proposed and analyses some of the fundamental elements of the proposed whistle-blower protection regime for tax matters.

M Jackson

DOI: https://doi.org/10.1071/ah970001

Abstract:The Commonwealth Government and a number of State governments are proposing to introduce legislation based on the Information Privacy Principles contained in the Privacy Act 1988 (Cwlth). This will allow individuals access to any personal information held on them by an organisation or person, including private practitioners, private health facilities and State government agencies. This article discusses this proposed legislation and its implications for the health sector. Although in the public health area patients can already gain access to their medical records through the use of the various Freedom of Information Acts and, in the case of Commonwealth government agencies, the Privacy Act 1988 (Cwlth), the proposed data protection legislation will provide more than access rights to individuals. The effect of the proposed legislation on the private sector, where no obligation exists on the part of the doctor to grant a patient access to his or her records, will be substantial.

Tahu Kukutai

DOI: https://doi.org/10.1126/science.ado9298

IF: 56.9

2024-04-05

Science

Abstract:Concerns about the ethical use of data, privacy, and data harms are front of mind in many jurisdictions as regulators move to impose tighter controls on data privacy and protection, and the use of artificial intelligence (AI). Although efforts to hold corporations to account for their deployment of data and data-driven technologies have been largely welcomed by academics and civil society, there is a growing recognition of the limits to individual data rights , given the capacity of tech giants to link, surveil, target, and make inferences about groups. Questions about whether collective data rights exist, and how they can be recognized and protected , have provided fertile ground for researchers but have yet to penetrate the broader discourse on data rights and regulation.

multidisciplinary sciences

A. Waldman

DOI: https://doi.org/10.2139/ssrn.3784667

2021-02-01

Abstract:Privacy law is at a crossroads. In the last two years, U.S. policymakers have introduced more than 50 proposals for comprehensive privacy legislation, most of which look roughly the same: they all combine a series of individual rights with internal compliance. The conventional wisdom in privacy scholarship explains this uniformity by looking to catalyzing precedent: the General Data Protection Regulation in Europe or the California Consumer Privacy Act. This article challenges that emerging consensus. Relying on contemporary sociological and critical studies scholarship, this article develops the concept of the social practice of privacy law and argues that recent privacy proposals in the U.S. look similar because the practices of privacy law are performative: they have socially constructed what we think privacy law is and should be. In other words, we have not only become accustomed to conceptualizing privacy law in a certain ways; we have come to see the rights-compliance model as the normal, ordinary, common sense modality of privacy law. So constructed, privacy law is flawed, with substantial negative effects for privacy, equality, and justice. Individual rights are misplaced weapons against the population-level harms of data-extractive capitalism. They also allow industry to weaponize our rights against us. Privacy law-as-compliance is even more troubling. It is internally inconsistent, protects the interests of the most powerful industry players, and elides informational capitalism’s substantive injustices. This article provides a full critical account of the latest developments in privacy law, focusing on its practices rather than law on the books alone. It details and challenges current privacy law’s focus on individual rights and internal compliance. And it explores potential new directions for privacy law based on the developing law and political economy literature, including new practices and performances that center privacy law around principles of power, equality, and democracy.

Sociology,Law

Tigran D. Oganesian

DOI: https://doi.org/10.17516/1997-1370-0664

2020-10-01

Abstract:The article considers the legality of mass surveillance and protection of personal data in the context of the international human rights law and the right to respect for private life. Special attention is paid to the protection of data on the Internet, where the personal data of billions of people are stored. The author emphasizes that mass surveillance and technology that allows the storage and processing of the data of millions of people pose a serious threat to the right to privacy guaranteed by Article 8 of the ECHR of 1950. Few companies comply with the human rights principles in their operations by providing user data in response to requests from public services. In this regard, States must prove that any interference with the personal integrity of an individual is necessary and proportionate to address a particular security threat. Mandatory data storage, where telephone companies and Internet service providers are required to store metadata about their users’ communications for subsequent access by the law enforcement and intelligence agencies, is neither necessary nor proportionate. The author analyses the legislation of some countries in the field of personal data protection, as well as examples from practice. Practice in many States is evidence of the lack of adequate national legislation and enforcement, weak procedural safeguards and ineffective oversight, which contributes to widespread impunity for arbitrary or unlawful interference with the right to privacy. In conclusion, we propose a number of measures aimed at improving the level of personal data protection in accordance with the international standards. In order to provide guarantees and a minimum level of adequate data protection in the face of new challenges to human rights in an ever-changing digital environment, the author proposes to solve a number of pressing issues. Firstly, States should not have the right to ask companies for and have absolute access to user data without a court order. Secondly, the process of sending a request and receiving data from a telecommunications company should be regulated in detail and transparent. The availability of specialized judges with technical expertise shall be valuable

Stacey A Tovino

DOI: https://doi.org/10.1177/1073110520917033

Abstract:This article focuses on state privacy, security, and data breach regulation of mobile-app mediated health research, concentrating in particular on research studies conducted or participated in by independent scientists, citizen scientists, and patient researchers. Prior scholarship addressing these issues tends to focus on the lack of application of the HIPAA Privacy and Security Rules and other sources of federal regulation. One article, however, mentions state law as a possible source of privacy and security protections for individuals in the particular context of mobile app-mediated health research. This Article builds on this prior scholarship by: (1) assessing state data protection statutes that are potentially applicable to mobile app-mediated health researchers; and (2) suggesting statutory amendments that could better protect the privacy and security of mobile health research data. As discussed in more detail below, all fifty states and the District of Columbia have potentially applicable data breach notification statutes that require the notification of data subjects of certain informational breaches in certain contexts. In addition, more than two-thirds of jurisdictions have potentially applicable data security statutes and almost one-third of jurisdictions have potentially applicable data privacy statutes. Because all jurisdictions have data breach notification statutes, these statutes will be assessed first.

Jeannie Marie Paterson,Elise D. Bant,Henry Cooney

DOI: https://doi.org/10.2139/ssrn.3973199

2021-01-01

SSRN Electronic Journal

Abstract:In Australian Competition and Consumer Commission v Google (ACCC v Google) the Australian consumer protection regulator, the Australian Competition and Consumer Commission (ACCC), successfully argued that Google engaged in misleading conduct about the steps needed to prevent Google from obtaining consumers’ personal data about their location, contrary to prohibitions in the Australian Consumer Law (ACL). This paper discusses this decision and the implications for enforcement of overreaching privacy policies generally.

Priscilla Regan

DOI: https://doi.org/10.1111/1468-5973.1101003

2003-03-01

Journal of Contingencies and Crisis Management

Abstract:In the online and offline worlds, the value of personal information – especially information about commercial purchases and preferences – has long been recognised. Exchanges and uses of personal information have also long sparked concerns about privacy. Public opinion surveys consistently indicate that overwhelming majorities of the American public are concerned that they have lost all control over information about themselves and do not trust organisations to protect the privacy of their information. Somewhat smaller majorities favour federal legislation to protect privacy. Despite public support for stronger privacy protection, the prevailing policy stance for over thirty years has been one of reluctance to legislate and a preference for self‐regulation by business to protect privacy. Although some privacy legislation has been adopted, policy debates about the commercial uses of personal information have been dominated largely by business concerns about intrusive government regulation, free speech and the flow of commercial information, costs, and effectiveness. Public concerns about privacy, reflected in public opinion surveys and voiced by a number of public interest groups, are often discredited because individuals seem to behave as though privacy is not important. Although people express concern about privacy, they routinely disclose personal information because of convenience, discounts and other incentives, or a lack of understanding of the consequences. This disconnect between public opinion and public behaviour has been interpreted to support a self‐regulatory approach to privacy protections with emphasis on giving individuals notice and choice about information practices. In theory the self‐regulatory approach also entails some enforcement mechanism to ensure that organisations are doing what they claim, and a redress mechanism by which individuals can seek compensation if they are wronged. This article analyses the course of policy formulation over the last twenty years with particular attention on how policymakers and stakeholders have used public opinion about the commercial use of personal information in formulating policy to protect privacy. The article considers policy activities in both Congress and the Federal Trade Commission that have resulted in an emphasis on “notice and consent.” The article concludes that both individual behaviour and organisational behaviour are skewed in a privacy invasive direction. People are less likely to make choices to protect their privacy unless these choices are relatively easy, obvious, and low cost. If a privacy protection choice entails additional steps, most rational people will not take those steps. This appears logically to be true and to be supported by behaviour in the physical world. Organisations are unlikely to act unilaterally to make their practices less privacy invasive because such actions will impose costs on them that are not imposed on their competitors. Overall then, the privacy level available is less than what the norms of society and the stated preferences of people require. A consent scheme that is most protective of privacy imposes the largest burden on the individual, as well as costs to the individual, while a consent scheme that is least protective of privacy imposes the least burden on the individual, as well as fewer costs to the individual. Recent experience with privacy notices that resulted from the financial privacy provisions in Gramm‐Leach‐Bliley supports this conclusion. Finally, the article will consider whether the terrorist attacks of 11 September have changed public opinion about privacy and what the policy implications of any changes in public opinion are likely to be.

management

Isabella Voce,Anthony Morgan

DOI: https://doi.org/10.52922/sr77031

2023-06-27

Abstract:This is the first report in the Cybercrime in Australia series, which aims to provide a clearer picture of the extent of cybercrime victimisation, help-seeking and harms among Australian computer users. It is based on a survey of 13,887 computer users conducted in early 2023. In the 12 months prior to the survey, 27 percent of respondents had been a victim of online abuse and harassment, 22 percent had been a victim of malware, 20 percent had been a victim of identity crime and misuse, and eight percent had been a victim of fraud and scams. Overall, 47 percent of respondents experienced at least one cybercrime in the 12 months prior to the survey—and nearly half of all victims reported experiencing more than one type of cybercrime. Thirty-four percent of respondents had experienced a data breach. Cybercrime victimisation was not evenly distributed, with certain sections of the community more likely to have been a victim, and certain online activities associated with a higher likelihood of victimisation. Most cybercrime victimisation went unreported to police or to ReportCyber, meaning official statistics significantly underestimate the size of the problem. Satisfaction with the outcomes of these reports was mixed, and relatively few reports resulted in an offender being apprehended. Rates of help-seeking varied and were influenced by the perceived seriousness of cybercrime and knowledge of how and where to report it. The financial losses experienced by victims were wide ranging. Some victims reported losing large sums of money, but most victims reported relatively small financial losses. This report measures, for the first time, the harms experienced by individual victims and small businesses that extend beyond these financial costs. Twenty-five percent of respondents were negatively impacted by cybercrime in the 12 months prior to the survey, while 22 percent of respondents who owned or operated a small to medium business said their business was negatively impacted by cybercrime.

K. Kariyawasam

Abstract:This paper aims to evaluate the adequacy and efficacy of the current statutory regimes, both in Australia and New Zealand, as a means of affording various legal protections to consumers who transact their business affairs online. In this respect, this paper provides an overview of some of the legal issues and related problems involved with online shopping in Australia and New Zealand. The author argues that online consumers are entitled to be afforded the same degree of protection as all other types of consumers. The traditional legal rules may be inadequate to provide consumer protection in the digital environment, as they were created before internet shopping and online commerce were even contemplated. Better enforcement of consumer rights is vital for online shopping but while it is simply too expensive and difficult to enforce existing laws - the rights are, in effect, useless.

Political Science,Law

Suvineetha Herath,Dakota State University,Haywood Gelman,Lisa McKee,

DOI: https://doi.org/10.32727/8.2023.18

2023-10-12

Abstract:In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR).

Ushita Chugh

DOI: https://doi.org/10.36676/ijl.2023-v1i1-07

2023-11-10

Abstract:The proliferation of digital technology has had a significant impact on individuals' right to privacy; as a result, privacy laws have had to evolve in order to address these new challenges and provide enhanced protection for people's legal rights. the ever-evolving path of privacy legislation in the modern period, which highlights the intricacy at the intersection of data collection, technology, and individual rights. We examine the evolution of privacy regulations via the prism of history, beginning with their beginnings in traditional legal systems and ending with their application in contemporary digital domains. the challenges brought forth by the growing adoption of data-driven technologies such as social media, cutting-edge analytics software, and the Internet of Things (IoT). Data breaches, espionage, the use of automated decision making, and the worldwide nature of data flows are all factors that contribute to these challenges. There is also the conflict that results from the competing interests of individuals and organisations that collect and use their personal information. This conflict can be seen as an additional source of contention.

J. Paterson,E. Bant

Abstract:The ‘smorgasbord of remedies’ available to victims of misleading conduct under the Australian Consumer Law (‘ACL’) and parallel legislation is usually regarded as comprehensive, outstripping the remedies offered at common law for equivalent misconduct. Although the primary aim of the damages and ‘compensation orders’ is to ‘compensate’, or ‘prevent or reduce’ ‘loss or damage’ suffered because of misleading conduct, orders of this kind may have a strong deterrent effect, promoting the protective purposes of the statute. These provisions sit alongside an extensive suite of enforcement provisions designed to deter misleading conduct, including allowing the regulator to seek criminal and civil pecuniary penalties for contraventions of the specific prohibitions on ‘false or misleading representations’. While this combination might appear to offer complete and effective deterrent measures apt to change commercial misbehaviours, this article argues that the remedial armoury available to achieve the deterrent purpose of the ACL could be made stronger and more effective. In this sphere, the analogous common law torts and equitable doctrines that respond to misleading conduct provide extensive and invaluable remedial templates for regulators and those concerned with law reform, including disgorgement and punitive damages. Drawing on these insights, we argue that such additional remedial options may prove valuable in promoting the consumer protection purposes of the statute. Additionally, they may serve to provide significant redress to victims in cases where damages and compensatory orders are inadequate.

Law,Political Science

J. Paterson,E. Bant

2019-06-01

Abstract:The Australian Consumer Law ('ACL') provides a comprehensive suite of remedial orders available in response to conduct contravening the statutory prohibitions on misleading conduct. However, the potential remedial awards are constrained by the language of the statute, which appears to have an overriding compensatory focus. This limitation presents a significant challenge to courts seeking to make meaningful reparation to victims of significant or intentionally misleading conduct in cases where their 'loss or damage', as commonly conceptualised, is either difficult to assess or wholly absent. This article explores compensatory and other orders for contraventions of the prohibition on misleading conduct in light of these boundaries. In particular, the analysis considers the broader characterisation taken by courts to the concept of 'loss or damage' under s 23 7 of the ACL, which has underpinned the award of orders akin to rescission and restitution. The article also examines the nature of and justifications for remedies awarded on a 'user principle' for misleading conduct.

Law,Political Science

Jade Luci Andrews

Abstract:Since its humble origins in 1950, artificial intelligence (AI) has experienced exponential growth. In 2020 it seems that there is an AI for just about every aspect of life - from targeted advertising to minimally invasive surgery. It is generally thought that advancements in AI lead to advancements in human life. However, AI is an unprecedented form of technology with the ability to exceed human expectation and act in unexpected manners. This article considers the intersection between AI and bioinformatics with a particular focus on how artificial capabilities may affect the individual's right to privacy. A further question is raised as to whether current Australian laws are equipped to protect the individual's right to privacy, in light of artificial capabilities.

FangBing Zhu,Zongyu Song

DOI: https://doi.org/10.1177/21582440211067529

IF: 2.032

2022-01-01

SAGE Open

Abstract:Big data has an important impact on people’s production and life. The existing legal and judicial protection, sanctions, and mechanisms for the enforcement of information rights have proved insufficient to stem the serious consequences of rampant leakage and illegal activity. Based on Information Full Life Cycle Theory, this article combines qualitative analysis with quantitative analysis, uses data from the Survey Report on App Personal Information Leakage released by China Consumers Association as an example, and finds that illegal access, illegal provisions, and illegal transactions have become important sources of personal information leakage. The main reasons for this problem include limitations of the technologies used, the falsification of informed consent, the lag of legislative protections, and a lack of administrative supervision. Systematic regulation of the right to protect personal information should include a variety of initiatives. First, it should be used to identify who to protect and how to protect them. Second, there needs to be a shift from identifiable subject regulations to risk control. Third, legislation needs to be comprehensive, entailing a shift from fragmented to systemic reforms. Fourth, protection efforts should include supervision, self-regulation, and management. Finally, the jurisdiction of legislation should extend across cyberspace and physical reality as a means to achieve a balance between effective protection and the reasonable use of personal information.

social sciences, interdisciplinary

John B. Taschner

DOI: https://doi.org/10.18034/ajtp.v7i1.484

2020-08-21

American Journal of Trade and Policy

Abstract:Data mining and collecting is increasingly becoming a common practice, in the name of monetization of personal data, progression of national security measures, and politically fueled democratic interferences. Millions of users’ data is constantly being sorted, manipulated, and sold, often without conscientious consent of the consumer. While this practice can result in greater convenience from an innocent consumer level, the vulnerabilities to national privacy and the cyberspace create dangerous territory. The article entitled describes the triangulation of security, monetization, and politicizing in terms of data collection through three primary case studies: Cambridge Analytica and the Facebook scandal during the 2016 United States presidential election, Apple v. FBI, and Edward Snowden and the NSA surveillance activities. It explores how data harvesting and subsequent monetization is embedded in virtually every aspect of our culture and develops understanding of how corporate social responsibility calls for companies to respect and maintain transparency with consumer interests. Current technology policies leaves open spaces for violation both internally and internationally, and why this constitutes certain offensive measures. Future data and privacy legislation, with strong consideration to the varying social contexts, resources, and current international relations. This is done under the underlying assumption that data is an irreplaceable factor in our global progression and is irrevocably embedded into our society. Over-regulation or under-regulation of big tech may lead to negative repercussions to our security or individual privacy rights. These ideas are becoming increasingly understood by the general public and are considered worthy of concern after seeing glimpses of the depth of surveillance and information held by either the government or corporations. While there are intense emotions and opinions on the matter, my article takes an objective and well-rounded perspective to address the interlocking complexities of individual freedoms, need for international cyberspace protection, and continued profitability of data. The idea of personal data and information being manipulated and used against citizens for financial or political agendas is rightfully horrifying the public; my article therefore takes into account these concerns while suggesting further navigating the political, legal, and social process in alignment with the ever-growing power of big data.