---

With the growing digitization of various aspects of society and the exponential increase in the amount of data “exhaust” that most of us produce, data privacy has emerged as an important issue of our time.

First, a brief reminder about the amount of data that we produce and that companies such as Google and Facebook, as well as various institutions that we relate to (such as schools, hospitals and ministries) have on us.

Google, through our smartphones, laptops and other internet-connected devices, has complete records of all the searches we have ever made, including images and videos, even if we later delete those searches. And if that were not enough, depending on whether we have the “location” setting on our smartphones turned on, it will know every place we have ever been to. And with other applications such as Google Calendar, it may know every event we have scheduled, and whether we attended it or not. And for those who use Gmail, Google will have every message sent or received and all our contacts.

If we have “special customer” applications, then commercial companies (such as supermarket chains) will have records on everything we have ever bought from them, from which store/branch and when.

Youngsters probably produce even more data because they all use social media — a lot — in addition to data related to their education, i.e., all their courses and grades, which are recorded digitally nowadays, and any assignments or tests they submitted digitally during their education.

Most people are not aware of how much data various companies and institutions have on them and what they do with it.

The problem is that most people are not aware of how much data various companies and institutions have on them and what they do with it. Much of the data is used for advertising and profiling purposes: The details of what you search for, what you buy and the places you go to a lot can be used to target you with ads and for other purposes.

More generally, privacy should be regarded as a personal right, like freedom of belief (religious, political, etc.), freedom of expression, and such. No company or institution should have the right to access your list of contacts, or your location and movements for every hour and day of the last 10 years.

Earlier this year, when WhatsApp, through its owner Facebook, announced that it would be changing its privacy rules to allow itself to utilize users’ “metadata,” many of us objected and decided to stop using the app. When I informed my friends and contacts of that decision, many replied, “I don’t have anything to hide.” I retorted: “I don’t either, but out of principle I do not accept to let any company use my data without my consent; opting out should always be allowed.” Fortunately, because of the uproar, WhatsApp backtracked and allowed users to consent or object to its usage of their data. Thus, I still use the app, but without having agreed to give up my data.

In the field of education, there are similar and possibly even more critical issues related to data privacy. As I have mentioned, educational institutions have important data on students, including grades and health records. Unfortunately, that data is rarely fully secure, as hackers have recently demonstrated through so-called “Zoombombing” and other breaches. Moreover, more extensive use of digital tools during the pandemic, including online examination and proctoring, has not only increased the amount of sensitive student data that now exists, but this data is also managed by third parties — online testing and proctoring companies, in particular. How that data is saved and managed is a question that is rarely asked, let alone satisfactorily answered.

Two weeks ago, Inside Higher Ed, a well-regarded and widely read online news hub covering higher education matters, published the results of a survey that it had just conducted with College Pulse (a startup that specializes in student opinions) of 2,286 students from 120 colleges and universities. It showed that a majority of students do not even think that their institution has a policy on data privacy, and only 12 percent of them have searched for it and read it on their university website.

Students should know that universities typically collect data (using cookies, forms, logs, email backups and the like) on many things, including every website accessed through the university’s internet, every information item entered on a form, every document uploaded or downloaded, every email sent or received using the university’s email system, and more.

Many students were shocked to learn how much personal data is collected and saved. In many cases, no opt-out chance was given; this should be a must in all cases, whether by Facebook, WhatsApp, Company X or University Y.

Data privacy has emerged as a matter of personal freedom and rights (as citizens, consumers, etc.). Indeed, data is now widely used both as commercial currency and for social and political information and records. In 2016, the EU adopted the General Data Protection Regulation, which gives citizens due rights on how their data can or cannot be used by governments and companies. In the US, regulations specifically pertaining to student data are being discussed. And companies are now weighing up the pros and cons of collecting data while upsetting customers versus giving up such data and pleasing and thus attracting more customers.

I think this data privacy issue should be viewed in terms of rights and freedoms. As the 21st century grows more and more digital, data privacy should be added to the list of inalienable human rights.

Nidhal Guessoum is a professor at the American University of Sharjah, UAE. 

This article was originally published on Arab News.
Views in this article are author’s own and do not necessarily reflect CGS policy.