Scanning Smartphone & Privacy Issues

Résumé

fter cellphones’ introduction in 1973, Steve Jobs’ first iPhone launch speech in January 2007 is usually taken for smartphones’ historic kick start, representing 6.648 billion smartphone users in 2022. A smartphone is a cellphone with advanced features feeding itself on data collected during usage. These mobile devices are designed to always follow the user, always on, allowing private companies to access to an unprecedented amount of information about their users. Consequently, smartphones are one of the cornerstones of the data collection within the context of the Big Data revolution. In short, this multifunctional tool connects most humans in most accessible places, while processing an exponentially growing amount of data every day. From the constructors to the app platforms, including the app developers, device manufacturers and third parties, these actors are gathering information about our daily habits every second through our personal and professional smartphones. These large-scale data collection and processing are sometimes justified for legal obligations (such as the Know Your Customer regulation or Anti Money Laundering laws), or to execute contract of services, to improve service, for marketing profile, etc. A relatively recent global movement of privacy regulation has emerged to propose a legal frame to these practices. Such norms are meant to protect fundamental individual rights and require professionals to respect multiple principles articulated around data protection and privacy. In this regard, this analysis will not delve into the topic of information security, in order to set the reflection on privacy issues.

Simply put, this research will try to summarize smartphone eco-system, focusing on data collection on a technical level of the hardware, censing the different captors as well as the key role of software with apps and OS. To be perfectly clear, data collection is one form of data processing, oftentimes considered as the first one in the lifecycle of data. Nonetheless, this article shall focus on data collection as the point of this demonstration is that smartphones have a unique ability to absorb personal data. This part is meant to give an overview of which data are being processed and the different possibilities offered by automated algorithms. On a side note, this research will not encompass reflection about data processing as much, as it would require a larger scope of work beyond the goal of catching the essence of how personal data is being captured by smartphone. Nonetheless, reflection revolving around informational privacy widely assumes that automated algorithms are absolutely key to understand data protection laws and their struggle to build effective protection in that sense because of the complexity of these tools.

Then, the analysis will focus on assessing various risks regarding privacy when it comes to data collection through smartphones, giving insights about the way smartphones are absorbing personal data, based on emblematic examples. These different examples tend to erode the public confidence in technologies and could become a major factor hindering technologic progress.

The article argues that smartphone spread overwhelmingly in society to the point that its presence became a natural component of modern reality. On the other hand, smartphones evolved fundamentally and turned into pocket-sized hyper sophisticated sensors surveilling user’s every move. The smartphone shall be understood as a gateway concentrating personal data constituting a powerful and democratized tool for surveillance capitalism. The observation of the dark patterns and nudges at work in the smartphone ecosystem will not appear in this work as it goes beyond data collection, despite the interest of the addictive dimension of smartphone apps and cognitive bias utilized by designers to trick users, notably in sharing their data. On another level, the article connects the lack of defiance from users for smartphone invasive nature to the lack of awareness regarding this personal data feeding item. The democratization of smartphone provided a false sense of privacy for users as the digital technology became increasingly harmful for privacy. In essence, the article argues that the exponential intensity of data collection concentrated in smartphone transformed the digital device into the most invasive tool for privacy. Consequently, this new kind of data collection intensity can fundamentally change the very nature of personal data, in the sense that what used to be considered as regular personal data can become sensitive personal data. This category shift towards more sensitive types of data compels the law to apply more protective measures for personal data that formerly did not require such protection. This article will therefore present two case studies with location and vocal data showing how this intensity shift operates and presents new legal challenges. These challenges are namely the public awareness for data collection, the adaptation of data protection law to propose adequate scope of responsibility for data processors and the rethinking of personal data categories in light of the specific smartphone data collection ecosystem.

Privacy regulations will only be effective as the public is informed about their rights and gains awareness of personal data processing purposes. Therefore, the paper will try to underline how smartphones are particularly threatening users’ privacy in the current state of data protection, notwithstanding the benefits of this resourceful technology. The terms ‘‘data subject’’ and ‘‘user’’ are used interchangeably. Plus, there will be some explanation about status and regime technicities between ‘‘data controller’’, that are traditionally ‘‘app providers, whereas ‘‘data processor’’ are mostly ‘‘app developer’’. These last four terms can be regrouped as Internet service providers throughout this paper. In terms of methodology, the analysis will combine both an earth-to-earth empirical assessment of how a smartphone is technically constituted and how it massively collects data, as well as a more in-depth legal analysis of the privacy threats and the legal challenge modern societies are facing.

Data protection law is advocating to find a compromise between imposing a sufficient level of privacy protection for consumers and enhancing economy development through the digital shift taking place. Finding the right balance to regulate actors’ behavior in the smartphone data ecosystem implies setting clear and actionable responsibility, obligating the said actors to be accountable. Such legal requirement would logically undertake the path towards the necessity of awareness for the public, supported by pivotal legal principles like transparency, intelligibility, accessibility of information. In the same vein, the legal mechanism of communicating the purpose of data collection before it begins, would benefit to be apprehended with a clear taxonomy of acceptable purposes correlated with adapted data protections.

Finally, data collection in the context of smartphone usage is a specific topic that led this article to consider the opportunity of the adaptation of personal data categories, as it challenges traditional typology of personal data under the impact of the intensity of data collection.

These different aspects shall introduce the global context and surrounding challenges for smartphones, shaped by various basic mechanisms and functionalities (1§) constituting the concrete technological implications in modern societies. Consecutively, this presentation should shed the light on privacy threats and legal challenges (2§) for users, app developers and third parties.