Gaduh Data Facebook

This post was first published by Indonesian Daily Harian Republika in its Op-ed column on Monday, 26 March 2018. Reproduced here for educational and non-commercial purposes.

Oleh: Sonny Zulhuda

Berita terungkapnya penggunaan data 50 juta pengguna Facebook di Amerika Serikat (AS) menambah panjang daftar keresahan dan keluhan masyarakat internasional terhadap media sosial yang dipimpin oleh Mark Zuckerberg itu.

Terungkap, data tersebut digunakan konsultan pemilu Cambridge Analytica di AS untuk menganalisa pola dan kecenderungan warga calon pemilih di Pemilu AS. Perusahaan ini juga dianggap menyukseskan kemenangan Donald Trump pada Pemilu 2016 lalu.

Walaupun sepak terjang konsultan Pemilu sudah sering kita dengar, kali ini kita mendapatkan fakta gamblang bagaimana analisis big data dilakukan terhadap jutaan calon pemilih dengan tujuan melakukan pemetaan pemilih serta penyebaran propaganda peserta pemilu secara langsung ke sasaran.

Gambaran mudahnya, jika dalam pilkada daerah X diketahui sejumlah besar warga pemilih dalam di wilayah itu menyukai sepakbola, maka sang konsultan akan mengemas si cagub atau cabup sebagai seorang yang gemar sepakbola serta mengusung agenda terkait sepak bola untuk bahan kampanyenya.

Yang menjadi kegundahan dan kegaduhan adalah data analytics tersebut dilakukan berdasarkan data pribadi pengguna media sosial yang sebelumnya tidak pernah diberitahu bahwa datanya akan dipakai untuk keperluan komersial oleh konsultan pemilu itu.

Dalam konteks etika dan hukum, hal ini bisa dianggap breach of confidence atau breach of privacy, semacam pelanggaran atas privasi dan kerahasiaan yang bisa mengakibatkan kesalahan perdata bahkan pidana.

Apalagi, kita tahu data pribadi kita di Facebook bisa sangat menyeluruh. Mulai dari identitas (nama, tanggal lahir, nomor KTP/Jaminan sosial); data historis (asal daerah, pendidikan, pekerjaan, karier); data geografis (tempat tinggal, perjalanan, komunikasi); biologis (gambar wajah dan anatomi tubuh yang memaparkan tinggi dan berat badan, wana kulit, rambut dan mata); sampai data lainnya, seperti preferensi, anggota keluarga, pilihan politik, pertemanan dan lain-lain.

Continue reading

Advertisements

“Can my lecturer access my personal information?” – And Other Issues of Data Protection at the Higher Learning Institutions 

By: Sonny Zulhuda 

In the past week alone, I spoke about the personal data protection law at two Malaysian public universities; Universiti Sultan Zainal Abidin (UniSZA) Kuala Terengganu and Universiti Malaysia Pahang (UMP) Pekan. While the former was an internal programme, the latter talk was attended by other public universities’representatives who were members of Majlis Tatatertib dan Disiplin Universiti-universiti Awam Malaysia (MATDUM).

In this post, I would like to note some discussions we had on the implementation of the Personal Data Protection Act 2010 at the University environment.

IMG_20170319_095449

The education industry is indeed among those where personal information is highly processed. The data subjects include students (prospective, actual and graduates), university’s employees, as well as any individuals involved in the data processing.

Continue reading

Data Sovereignty vs Data Localisation Law

By: Sonny Zulhuda

Transferring personal data beyond national boundaries has been a point of contention under many data protection laws across the globe. The European Union adopts this restriction that such transfer beyond EU boundaries cannot be done unless to the countries or places which have adequate protection on personal data of individuals.

Cloud-Data-SecurityThis rule is associated with the concept of “Data Sovereignty” which says that a country shall not lose a control or sovereignty over the processing of personal data pertaining to data subjects from that country. It also imposes that information which has been stored in digital form is subject to the laws of the country in which it is located. Therefore, a control over trans-border data flow is a form of upholding data sovereignty.

The concept of Data Sovereignty is reflected in the EU Data Protection Directives 1995 recitals whereas:

  • cross-border flows of personal data are necessary to the expansion of international trade;
  • the protection of individuals guaranteed in the Community by this Directive does not stand in the way of transfers of personal data to third countries which ensure an adequate level of protection;
  • the transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited.

As much as we are concerned with personal data transferred beyond our border, we also appreciate that personal data is inherently needed for the International trade and International cooperation. Hence, when a personal data is subject to trans-border flow, there shall be no discriminatory treatment to the citizen’s personal data despite where it is processed.

Data Localisation Law

This data sovereignty is sometimes confused with the rules of “Data Localisation”, which is totally a different thing. Data localisation laws set forth requirements to keep and store data “locally” (i.e., within national or regional borders), and thus not allowing data users to transfer data beyond borders. Consequently, any foreign party who wishes to collect or process personal data of individuals will be required to establish a local data storage facilities in the country of those individuals. Continue reading

Social Media Policy and Regulation: A Network Governance Perspective

By: Sonny Zulhuda

The above is the name of the event in Tsinghua University, Beijing, on December 3-4, 2016, where I came as a speaker to the audience consisted of law, media and Internet governance academia and practitioners. Both Beijing-based School of Journalism and Communication of Tsinghua University and the School of Communication of Hong Kong Baptist University (HKBU) jointly organised this event.

The invitation came to me through Dr. Yik Chan Chin of the HKBU, who is with me at the Global Internet Governance Academic Network (GigaNet). Upon few exchanges of emails, I was then invited to come and present my views on the social media regulations in the Malaysian perspective. I must say that the event was really a rewarding experience; filled with substantial discussions, new perspectives and, of course, new friends and network!

IMG_3014

This can be highlighted from the list of the speakers of the two-day workshop: Continue reading

Whither Digital Privacy: Be afraid, be very afraid!

By: Sonny Zulhuda

imageA quick takeaway from a closed session on Students’ Digital Privacy yesterday at Le Meridien KL (June 7th, 2013), I’d like to share what California-based Jeff Gould presented.

The SafeGov.org CEO told the audience of their research findings, among others:

  • The high significance of Facebook “Like” in profiling the identity of FB users;
  • Real possibility of identifying a person via DNA reconstruction taken from a gum;
  • Telco’s effort to provide some form of customer’s surveillance as their enhanced service;
  • ISP’s role in protecting children privacy through contractual agreements with the users/subscribers

Many things shared which are not new issues but came with novel modus operandi. We just need to be vigilant.

The closed session was attended by representatives from Cybersecurity Malaysia, Parents Action Group for Education (PAGE), FOMCA, Microsoft Corp, India-based CUTS and some local universities. Mr. Rosly Yahil from Cybersecurity Malaysia spoke about various initiatives taken in Malaysian context in dealing with the issues.

During the Q&A session, I managed to share with the floor on several issues and development on data privacy in Malaysia: Continue reading

Consumers to take control of their Personal Data

My Intro: The following passages were published by the Star in their Sunday Edition (6th January 2013) at pp 23-24. The article is about what Malaysian consumers should know and do in relation to their personal data. It is based on another interview the journalist had with me. For the benefit of the readers, I reproduce some parts of the article in this page. Should you want to read it in full, check the newspaper’s page HERE.

======================================

“Consumers, take control of your personal data”

The Personal Data Protection Act 2010 has come into force, but the public will have to do their part to make it effective.

Credit: The Star Online

Credit: The Star Online

EAGER to win the grand prize, Maria (not her real name) did not hesitate to “drop” her name card at the door for a lucky draw at a company dinner. Weeks later, she found herself inundated with phone calls and text messages offering different services and products.

It is an accepted practice in Malaysia to leave our call cards or personal information at the registration counter of public events. But have you ever wondered what your personal data will be used for later? Or how it will be stored?

This has become so common here that no one thinks twice about the risks and implications, says personal data protection law expert Dr Sonny Zulhuda.

Under the newly enforced Personal Data Protection Act 2010 (PDPA), however, this practice will have to be reviewed, particularly for business entities that use these occasions as an opportunity to build their network of potential customers.

Continue reading

PDP Act Compliance Program – Where to Start?

By: Sonny Zulhuda

success manThis New Year was marked by concerns about complying with the Personal Data Protection (PDP) Act 2010 for Malaysian data users: Bankers, Telco’s, Insurers, Hospitals, Marketers, Airliners, Property Sellers, and many more.

For data users, this is what you may consider:

1. Get to know about the law and its implication to you;

2. Make self-assessment on your current business processes to what extent it complies (or not) with the law;

3. Plan a massive personal-data compliance programme.

For the first one, the shortcut is to attend forum, workshops or training on Personal Data Protection law. There are now few such training in the market. Identify them and get involved. There are few types of training you can consider, according to your needs:

Continue reading

  • July 2018
    M T W T F S S
    « Mar    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,596 other followers