Arun Mathai

/Home

/Weblog

/Notes

/Tags

/Contact Me

Home > Weblogs > A Birthday Website Gone Wrong: My Journey into Understanding Data Privacy

A Birthday Website Gone Wrong: My Journey into Understanding Data Privacy

#Website #College #Data Privacy #Privacy #Naive

Almost two years ago, I embarked on what I thought was a harmless, even helpful, project. My curiosity and love for programming led me to create a small website, a project that eventually taught me a profound lesson about data privacy.

It all started when I somehow (ahem ahem) got access to the entire student database of my college. Among various columns of data, one caught my attention: the date of birth (DOB) of students. With the enthusiasm of a developer eager to work on a new project, I saw an opportunity to create something that could bring a little joy to me and maybe my batchmates.

The idea was simple. I decided to build a website that would highlight the students with their birthdays on any given day, along with a list of upcoming birthdays for the week. My friend Aryan Kumar made a cute UI for the website and later got involved in maintaining it in good capacity. We worked on it with pure intentions, aiming to foster a sense of community and connection among the students.

Below are some development version screenshots :

Mobile View
Mobile View
Desktop View
Desktop View

The website launched, and to our delight, it quickly became popular among the students. It was a hit! (on average 500+ daily hits from unique IPs). Students visited the website daily to check on their birthdays and those of their friends, sending wishes and spreading cheer.

However, the turning point came when my Head of Department (HOD) summoned me for a meeting one random day. The question was straightforward yet striking: “Where did you get the data for this website?” That moment of inquiry opened a Pandora’s box of ethical considerations I had naively overlooked.

The truth was, I had not obtained consent from the students to use their personal information, particularly their DOBs, in such a public manner. The realization hit me hard. In my eagerness to create and innovate, I had ignored a fundamental aspect of data handling — consent and privacy.

The website was shut down shortly after, and the incident served as a catalyst for my understanding of data privacy rights. It was a hard lesson learned about the responsibility that comes with access to information, especially personal data. Just because data is accessible does not mean it is ethically right to use it, especially without the explicit consent of the individuals it pertains to.

Reflecting on the experience, I now see it as a crucial learning moment in my journey. It taught me the importance of considering the ethical implications of data use and the need to prioritize individuals’ privacy and consent above all else.

It’s imperative to remember that behind every data point is a person whose rights and privacy deserve to be respected.

My Backup Story : Rsync.net
back to top