meta data for this page

Data & Privacy in Critical thinking

Task: Select 3 documents (web pages, articles, videos, …) of the topic of the course and explain why those documents are relevant for the course.

“I've got nothing to hide” is typical argument used in discussions regarding data privacy by the people who feel that they are not threatened by government surveillance programs. For example, Bruce Schneier has described it as the “most common retort against privacy advocates.” There are lots of arguments for and against the statement. This article attempts to put an end for the debate by promoting a counter argument which claims that if you have nothing to hide, you should be ok with total stranger rifling through your usernames, passwords, documents, bank accounts etc.

Another much debated issue regarding government surveillance programs is whether they prevent terrorism. This article provides an excerpt from Bruce Schneier's Data and Goliath book where he strongly argues why mass surveillance, practiced by agencies such as NSA, does not work.

This article reminds us that we are not only surveilled by our governments but also by companies such as Facebook and Google, and argues that instead of trying to achieve total privacy we should be discussing about transparency. The article deals with several debatable topics, such as Internet-tracking, marketing and legislation issues, which require critical thinking.

UQx: META101x Philosophy and Critical Thinking

Seminar 1: Nothing to Hide

Presentation for chapters 2 & 3: chapters2_3.pdf

Seminars 2&3: Data and Goliath

Presentation for chapters 8 & 9: dg_chapters8_9.pdf

Digital Services

Task: Find two digital services, study what kind of data they collect, if that data is sold to anyone, if it can be linked with any other data etc.


Spotify is a popular music streaming, video and podcast service based on freemium business model. Free version, referred as Spotify Free, can be downloaded from the official website and then upgraded into Spotify Premium by paying a subscription fee. The premium subscription removes the advertisements, improves the sound quality and also allows users to listen to music offline. As of June 2015 it was estimated that Spotify had more than 75 million active users whereof 20 million are paid users. The number of subscribers reached 30 million in March 2016. [1]

According to Spotify's Privacy Policy [2] the service collects following type of data:

  • Registration Data: If you sign up by creating a Spotify account, they're gonna ask for your username, password, email address, date of birth, gender, address, postal code, and country. You can also sign up by using your Facebook account which means that they're going to retrieve the needed data from there, including your friendlists and profile pictures. You can also hand over your mobile phone number and mobile service provider but this is not obligatory.
  • Usage, log data & cookies: Basically data that is needed for Spotify to work properly such as type of subscription, interactions with the service, query details, posted user content, technical data (IP address, device type/ID, network, OS etc.) and motion sensor data from your mobile device.
  • Your mobile device: Additional data from your mobile device: photos and camera, specific location, microphone and contacts. It is emphasized in the policy document that this data is not collected without a permission.
  • Widget data: When you visit a webpage with a Spotify widget, they can recognize you, get data about that website and show personalized content on the widget.
  • Payment data: For example, if you upgrade to Spotify Premium, your credit or debit card information and other financial data that is needed to process the payment can be collected and stored by Spotify and/or the payment processors that they work with. It is also mentioned that some limited information, such as your postal code, mobile number, and details of your transaction history can be collected if necessary.
  • Data from sweepstakes, contests & surveys: If you participate in surveys/contents/sweeptakes, you might have to provide additional information which may be combined with other account information and used & shared as described in the policy.
  • Data from service providers and partners: Spotify can also get user data directly from their service providers and partners.

So how does Spotify use all the data they're collecting? According to Privacy Policy [2] significant part of the data usage goes to personalizing and improving the user experience (recommendations, advertising, features, localised content etc.), ensuring technical functionality by analyzing user behaviour and communicating with users through email, notifications or other messages for marketing, promotional, service-related and/or research purposes. In the process Spotify can share data with several parties:

  • Marketing and advertising
  • Service providers and others
  • Rights holders
  • Certain Spotify partners

The data provided to these parties is claimed to be in a de-identified format so that it's not possible to personally identify you. In addition to these, a limited number of reasons for other type of sharing are listed, such as a response to legal process (e.g. court order or subpoena) or academic research. Whether you're using Free or Premium version does not affect the data sharing in any way. However, it seems to be possible to opt-out of some of the sharing activities.



Deezer is a web-based music streaming service. As Spotify's rival it also operates on freemium business model offering a free version referred as Discovery and two types of paid subscriptions referred as Premium+ and Elite with a couple of adjustments such as removal of advertisements and unlimited number of track skips. As of November 2013 Deezer had 16 million active users and 5 million paid subscribers. [1]

Just like Spotify, Deezer collects registration data. If you create a regular Deezer account, the minimal amount of information you have to give includes username, password, gender and email address. It is also possible to sign up using your Facebook or Google account but this means that Deezer is going to get its hands on your personal data on those accounts. In the case of Facebook a popup window asks a permission to access your profile, friendlist, email address, birthday and likes. In the case of Google they want to know who you are in Google (whatever that means), your contacts (private and public) and email address. According to Deezer's privacy policy [2] some technical data is also automatically collected such as the IP-address of your device and information concerning the use of the service by installing cookies.

The most notable reasons for data collection are enabling the access to the site and services, personalizing and improving the user experience and analyzing and creating statistics regarding the use of the site. It is mentioned in the policy [2] that data is not shared with third parties without your express consent. If you give your permission, it can be used for the “management of commercial relationships in order to enable Deezer to personalize and improve its services and the information sent to you”. However, your personal information can be disclosed on legal demand if deemed necessary. Also, paid subscribers should notice that their data may be shared with companies in charge of the management, processing and execution of the payment procedure. Furthermore, newsletters and push-notification to your email are allowed by default meaning that your data may be shared with the company Appboy which is in charge of the management, processing and dispatch of them.

There are several types of cookies that can be installed to your device when using the service:

  • Cookies needed for providing the services
  • Analytical cookies for research purposes
  • Advertisement cookies for personalized advertising
  • 3rd party cookies: business partners' advertisement cookies, social media plugin related cookies

It is pointed out that you can change the cookie settings or block cookies permanently on your browser anytime but they don't take any responsibility if the site doesn't work right afterwards. So basically you don't have much options here.

Privacy policy [2] states that Deezer “attaches great importance to the security of the Data and takes all appropriate steps to minimise the risks of loss, deterioration or incorrect use of the data”. It also stated that data will be stored as long as necessary and that you have the right to access and correct your data upon request by contacting Deezer.


Exam Questions

1. Terms. Explain briefly the following concepts.
a) The All-or-Nothing Fallacy
b) Whistleblower
c) Third-party doctrine
d) Weblining
e) Titanic Phenomenon
f) Chilling effect

Typical first exam question that tests the understanding of some of the terms presented in the course books.

2. Privacy. How do you understand privacy? When do you think you should have a “reasonable expectation” of privacy? Justify your views.

The first subquestion tests how the examinee reflects the general problem of defining the privacy that was presented in Nothing to Hide book. The second subquestion brings in the legal aspect and the examinee should be able to point out the problems of the current “reasonable expectation”-concept and explain how it should be modernized.

3. Surveillance. What are the pros and cons of government mass surveillance?

Wide question which pretty much tests how well the examinee is able to dissect the harms mentioned throughout Data and Goliath book and is he able to find anything good about the surveillance.

4. Solutions. Based on the Bruce Schneier's views and your own opinions how would you limit corporate surveillance to prevent privacy breaches and data misuse?

Basically, the examinee reflects on chapter 15 of Data and Goliath book. This topic was also discussed in the meeting session so those ideas can be applied here as well.