Most online services that we use on a daily basis and for which we do not pay money are provided, as everyone thinks, for free. However, this is not the case. Without even thinking about it, we pay for free services every day, but not with money, but with a much greater value – our privacy.
Every day, every minute, and every second we use our phones, laptops, tablets, and other gadgets with Internet access, companies collect our data that we leave there, including our personal information, habits, interests, and other information about our online activity. This data is likely to be sold to insurance companies or other organizations for profit.
The most common example in Ukraine is when certain individuals buy entire customer databases with their names and phone numbers from other companies (e.g. banks) to use this information in cold calls.
How we give away our privacy
The uncontrolled and anarchic collection of personal data from users has long since ceased to frighten not only small companies that do not fall under the gaze of regulators, but also large, international Internet giants such as Facebook, which collects data even from those who are not their users through various methods, including tracking online activities and using cookies – small files stored on our computers or other devices.
The reason for this is that most online companies derive a significant portion of their primary revenue from advertising. For example, by providing content tailored to users’ interests, Facebook aims to improve user experience, show users more targeted ads, and collect more personal information about users. Personal information helps companies draw conclusions about users’ preferences and tailor ads to their actual needs. The closer the match, the more expensive the advertising fee. The price of advertising products that meet the interests of users is higher than that of ordinary products of the same brand. Therefore, Facebook prioritizes investing and developing its departments responsible for increasing the number of users, data analysis, advertising, and lawyers.
In particular, on September 20, 2021, experts of the Ukrainian NGO Internews Ukraine presented the Personal Data Protection Index 2021 – the results of a study of the corporate policies of 20 leading private Ukrainian technology companies regarding personal data of customers. According to the study, 8 out of 20 companies selected for the research scored less than 50%, which indicates a below-average level of personal data protection reflected in corporate policies. Among them are Eldorado.ua, DataGroup.ua, Lifecell.ua, Rozetka.com.ua, Makeup.com.ua, Silpo.ua, Lanet.ua, and Triolan.com.
For example, the websites of Vodafone.ua, Silpo.ua, Triolan.com and Lanet.ua do not contain a note for the user to give permission to process their personal data, although this is a legal requirement. Ten of the surveyed companies do not inform their users how long they will store 
information about them. On the websites Triolan.com, Makeup.com.ua, Silpo.ua, and Lanet.ua, users do not have the opportunity to delete their stored personal data. 15 companies surveyed do not describe the conditions for deleting a user’s account after termination of the contract or in case of non-use of the account. Another 10 do not indicate where and how they store user data, meaning that the location of the servers is unknown.
Given this attitude, as seen in this study, of a large number of Ukrainian businesses that neglect the protection of personal data of their users, as well as the lack of adequate legal regulation of this issue in Ukraine, the question arises of how to compensate for the damage caused by violations of the procedure for using personal data of users.
The current legislation provides for two hypothetical procedures for compensation for damage that can be applied in this situation:
- Compensation for damage caused by failure to fulfill the terms of the contract
- Tort.
Most lawyers will tell you that before using a particular service, you should read all the “platform terms and conditions” (terms and conditions, privacy policy, cookie policy, etc.), as these documents regulate, among other things, the procedure for using users’ private 
information by the service. International court practice and the position of international regulators recognize that from the point of view of contract law, these terms are a kind of public offer and a public contract, and the fact of, for example, registering an account is an acceptance of the platform’s terms. Thus, the provisions set forth in the platform terms and conditions are binding.
At the same time, the reality of today shows that when faced with boring contracts, most users decide to agree to the privacy policy without reading the provisions of such a policy, as they understand that disagreement with the privacy policy means that they cannot use a particular product. Users are willing to provide their personal information to online companies because most of them do not have sufficient knowledge of technology to scrutinize the behavior of companies in using their data. The small number of users who do have the knowledge to understand how a company will use their information may not be able to discern what constitutes a reasonable use pattern, let alone control where their information goes.
confidential information / intellectual property / personal data
