In the aftermath of the Cambridge Analytica scandal, and with the constant onslaught of privacy breaches reported each week, business morals surrounding consumer data are becoming increasingly important - and are even causing tech workers to quit their jobs.
The EU’s GDPR has paved the way for consumer-central policies that limit the amount of data that hangs around on company servers and restricts the purposes with which data can be exploited. Similar legislation is now beginning to emerge around the world - in New Zealand, Kenya, Brazil, Singapore, Thailand, and Chile, to name a few.
However, in the US, where CCPA is preparing California for similar improvements, firms are lobbying the government to pass a watered-down Federal privacy bill designed to supersede stronger state-level laws. This is concerning because the medical profession is now warning that it is not just consumer privacy that is at stake - but also citizens’ mental health.
A study recently published in the journal of medical ethics by Stanford professor of psychiatry and behavioral sciences, Elias Aboujaoude, reveals that patients often suffer from anxiety, depression, and post-traumatic stress disorder when their personal details are exposed online.
That research reveals that corporations hold more than a trivial responsibility towards civil society. And highlights why it is essential for governments to pass strong privacy laws that address the ongoing distress caused by current data management habits.
Lisa Wolfe, Founder & Clinical Lead at The Purple Octopus Project CIC, suggests the recent study is helping to shed light on concerns that mental health experts have long held. Wolfe told ProPrivacy.com that sensitive personal data has the potential to cause most people distress:
“When our private information gets into the wrong hands, whether it is then used for malicious reasons or otherwise, we would undoubtedly feel an elevation in anxiety. To what level that anxiety increases would be determined by everything else we may be dealing with in our lives at that time, and clearly the sharing of private information would enhance how uncomfortable we feel.
“If the data is medical information for example, it will, in all probability contain things we do not wish shared. Any information that falls into the wrong hands would be seen and felt as a breach of our ‘space’ and right to privacy. An increase in anxiety and distress would, therefore, seem a reasonable response to what our mind determines as a threat.”
Dr. Bonnie Stewart, a writer and researcher from Canada holds a similar opinion. Stewart told ProPrivacy.com:
“Anxiety and distress can be situational and environmental responses, and social media creates environments of amplified risk...especially for people whose identities or opinions are targets for coordinated harassment campaigns. The “online” is part of our daily material lives, and when violations happen there, it’s real and impacts people.”
Right here right now
For most people, the question of where and why their data is being processed may seem like an existential threat. However, in reality, people’s digital footprints harbor information that if made public could cause anxiety or distress and this could happen at any time.
Wolfe is concerned that the actions people take when they are young may have far-reaching consequences into adulthood:
“If you look at the research from the #metoo campaign, and recent suicides of participants in TV shows, coupled with historic posts and comments, now interpreted as insensitive, malicious, racist or threatening, which has cost people their careers. Or comments that have been used in malicious ways, resulting in anxiety, depression or serious mental health concerns; the decisions and the actions we take without thought can significantly impact a person’s mental health.”
For people that are impacted by hacking, leaks, data breaches, or the unfair dissemination of private data; the consequences can be severe. Dr Samar Mahmood, medical advisor at SMM Health Ltd in the UK told ProPrivacy.com,
“There are well-documented cases of individuals whose privacy has been breached via the use of social media or cloud storage (this includes but is not limited to the ‘leaking’ of personal photos or private chats). In some cases those individuals have subsequently developed mental health issues and required medication.”
Kingsley Hayes, managing director at data breach and cybersecurity specialist Hayes Connor Solicitors, told ProPrivacy.com that the firm has experienced cases of consumers having to receive medication due to privacy breaches,
“We are representing clients who have been prescribed medication in the aftermath of a breach in their data protection rights while others have suffered a demotion at work due to the psychological impact. The anxiety and worry that follows a breach in consumers’ data protection rights cannot be underestimated.”
Hayes is concerned that not enough is being done to ensure that consumers are protected:
“There is a significant lack of understanding and recognition of the psychological impact on individuals whose confidential information is not held, and used, correctly. The damage can, in some cases, surpass the resulting – and potential – financial losses as individuals’ mental health and wellbeing is affected leading to a rise in claims for psychological harm following a data breach.”
The Hidden Hand
It is not just data held by corporations, or online services, that threatens to affect people’s mental health, either. All over the world, governments like the UK, Australia, New Zealand, and the US, are calling for backdoors into private messenger services. Last year, former director of the FBI, James Comey, even called for backdoors into citizens’ iPhones and Google accounts.
Add this to previous revelations about Microsoft, Yahoo, and even Apple, working hand in hand with US intelligence agencies to perform PRISM surveillance - and it is easy to understand how government involvement in accessing citizens data can be a trigger for deteriorating states of mind. Psychiatrist and data scientist Carlo Carandang told ProPrivacy.com:
“For milder cases of worry that occur with anxiety and depression, the knowledge of digital surveillance serves to make that baseline tendency to worry only greater, and hence can be associated with worsening anxiety and depressive symptoms."
“On the other extreme spectrum is paranoid delusions, where the surveillance serves to both trigger and maintain acute psychotic episodes in people with psychotic disorders. So when patients present with ‘delusions’ that the government is spying on them, then the psychiatrist has a more difficult time determining if that fixed belief is indeed false.”
While GDPR has definitely been a step in the right direction, Bonnie Stewart told us that she is concerned that it may not be enough:
“GDPR has definitely increased conversation and awareness around data privacy, even outside its European sphere of influence. However, my understanding is there are still loopholes in GDPR that non-European entities could take advantage of, so I don’t know that it’s an entirely solid model.”
With that in mind, it is important for governments around the world - and especially the US - to push for stronger data privacy protections. A failure to do so stands to put the mental wellbeing of citizens at risk.