My privacy – Your safety

A manual for activists to protect your privacy and security online

Table of contents

  1. Chapter 1: Introduction
  2. Overall context
  3. Safety vs Security
  4. The right to privacy and security
  5. Why online security and privacy are relevant for 2021 / Reflection on digital revolution post-pandemic
  6. Why we should pay attention to online security
  7. Chapter 2: Privacy Awareness
  8. “I have nothing to hide” argument and other excuses
  9. The risks of internet privacy
  10. When online surveillance and profiling exploit our democracy
  11. Chapter 3: Tips for online privacy and security
  12. Privacy tips
  13. Surveillance tips
  14. Chapter 4: Collection of resources for activists and organisations
  15. Good habits
  16. List of various resources, guides, tools
  17. Appendices
  18. Appendix 1 – A GDPR mini overview. Learn the law, use the law

Safety vs Security

The concept of safety and security online are often confused; it is important to make some clarity since they both are affected and also affect privacy issues.

Cyber security refers to the physical operation of the networks and computers over which the internet exists. On the other hand, cyber safety concerns the emotional and psychological impact of what you see, read and hear online. Fundamentally, cyber safety focuses on people while cyber security involves information.

In the EU, privacy and data protection are not absolute rights and can be limited under certain conditions according to the EU Charter of Fundamental Rights. The rights to privacy and data protection may need to be balanced against other EU values, human rights, or public and private interests (such as the fundamental rights to freedom of expression, freedom of press or freedom of access to information); or against other public interests, such as national security. The scale of collection, storage and cross-border exchange of personal data between states in crime and terrorism matters is enormous. The increased access to European databases as well as to commercial data for law enforcement purposes are challenging the balance between privacy and security.

Data protection authorities in general have a pivotal role to play in ensuring this balance between privacy and other interests, including in the sensitive domain of security where their role is expanding; for instance on 1 May 2017, the EDPS took over the data protection supervision of Europol, the EU body actively cooperating with law enforcement authorities to combat international crime and terrorism.

Again, many activists and organisations have pointed out how, while it makes sense that the human right to privacy should have some limitations, the consequences of giving up the right to privacy in the name of security, for instance to protect states from terrorism, are quite blurred. We have seen in the last twenty years how this crime-fighting approach has not worked; we have given up our personal data but we still live in a constant state of danger, war, tensions and terrorism.

Big tech companies and lobbies have been consistently pushing back against EU regulations in the direction of privacy and security, creating tensions that are still unresolved. It has been confirmed by many researchers that the majority of digital marketers consider government regulation or the threat of privacy regulation as an obstacle in their ability to leverage user data. To quote Umberto Eco, “Today a country belongs to the person who controls communications – that has been transformed into heavy industry” (“Towards a semiological guerrilla warfare”, 1973). Google is still the second overall biggest EU lobbyist, only second to CEFIC (a chemical lobbying group). Mark Zuckerberg has had to take part in many Congress hearings in the last few years, around topics like the role of Facebook in the Cambridge Analytica scandal or the management of hate speech on its platform.

We also need to keep in mind how the narrative around digital innovation & technological entrepreneurship, centered on the myths of free individual talent, of exceptional individuals that create new jobs and opportunities, shapes how the public judges the behaviour of the big tech giants who are big players in this battle around privacy and security online. These myths try to hide the reality of people, like Elon Musk, that came from privileged backgrounds and had access to elite education and seed funding shaping the structure of the gig economy – that is nothing innovative per se, just a polished version of the same old oppressive economic structures, rooted in inequality, lack of access to privilege and power for women and other minorities, and neocolonial practices. Gig economy jobs are actually precarious and very exploitative: the working contracts get so fragmented it becomes a constant surviving competition for the people trapped in these jobs.