Digital privacy has become a hot topic all over the world. A growing awareness of the importance of personal data, and its value, is leading people to open their eyes to both corporate and government abuse of their information. Within the IT sector, personal data is already recognized as a form of currency. Thanks to the media, that perception is simmering over into the general public's consciousness.
This new understanding is encouraging citizens to seize control of their data. People are also starting to closely scrutinize the firms to which they entrust their data. This is starting to make corporations acknowledge that digital privacy has become a unique selling point.
For too long, consumers have been willingly giving away their personal data to firms like Google and Facebook without thinking about the consequences. Those firms both make huge profits by selling consumer data to third parties, spreading private information here, there, and everywhere.
User ‘likes’ on Facebook can reveal political affiliations, sexual preferences, religious beliefs, IQ, and even whether they are substance abusers. What is perhaps most concerning is that this knowledge has been circulating for four years, yet many people are still unaware.
This is largely due to consumer apathy. Unfortunately, that apathy has been seized upon by governments around the world. In many countries, legislation has been passed that forces Internet Service Providers (ISPs) to retain web browsing histories and metadata. In the UK, for example, the ‘Snooper's Charter’ forces ISPs to retain data for 12 months. In Australia, mandatory data retention lasts for two years.
Digital privacy has been eroded at an alarming rate. Often, this allows government agencies to have warrantless access to their electorate's personal data.
The good news is that those overreaching legislative decisions have directly helped to raise public awareness about digital privacy issues. In the UK, the Snooper's Charter caused plenty of bad press. In the US, the decision to allow ISPs to sell consumer data to third parties has done the same thing.
For US citizens, the outcome of repealing FCC rules that protected people's privacy means that ISPs now perform voluntary data retention. In fact, allowing ISPs to profit from private data probably means that web browsing histories will hang around for a very long time. What’s more, that data could wind up with anyone who is willing to pay for it, including government agencies.
This realization has caused digital privacy advocates to kick up a fuss. Digital privacy has become a hot topic. The US, the UK, Australia (and many other countries that have passed overreaching laws) have seen a massive surge in people subscribing to Virtual Private Networks (VPNs) in order to regain control of their privacy. Check out ExpressVPN for more on what is a VPN.
The tides are changing. Corporations are starting to realize that, in order to appeal to a less apathetic and more privacy-conscious crowd, digital privacy needs to be higher up their agenda.
Leading the Way
In the past month, Apple and IBM have both launched PR campaigns aimed at improving their image in relation to personal data. Apple has updated its privacy page to make privacy a key feature within its products:
"At Apple, we believe privacy is a fundamental human right. And so much of your personal information — information you have a right to keep private — lives on your Apple devices.
"Your heart rate after a run. Which news stories you read first. Where you bought your last coffee. What websites you visit. Who you call, email, or message.
"Every Apple product is designed from the ground up to protect that information. And to empower you to choose what you share and with whom. We’ve proved time and again that great experiences don’t have to come at the expense of your privacy and security. Instead, they can support them.”
Meanwhile, IBM’s chief executive, Ginni Rometty, recently met with members of the European Parliament in order to announce data privacy standards designed to raise trust in the firm. That announcement included a pledge from the firm never to disclose personal data to government intelligence agencies. It also incorporated a promise that all personal data will remain consumer property. The good news is that those EU regulations aren’t confined solely to IBM.
New EU Data Protection Legislation
From May 2018, the General Data Protection Regulation (GDPR) will apply to all tech firms located within the EU. The law is designed to toughen up and unify data privacy standards across the economic block. It includes specifications about the way that data can be exported out of the union. It's intended to give citizens much more power over the dissemination of their personal data.
For Facebook and Google, the new data protection rules will cause a fundamental change to the way that business is conducted. Previously, a site-wide opt-in was enough to start collecting and sharing data. From May, GDPR will require those firms to get direct permission far more regularly and for much more specific reasons. What’s more, those services will no longer be able to deny users access simply for refusing to opt-in to tracking.
It is hoped that GDPR will increase trust in Big Tech, by helping to stop the kind of practices that have led to both Google and Facebook receiving fines from watchdogs. Michael Hack, Senior Vice President of EMEA operations has referred to GDPR as "by far the largest shake-up of data protection rules so far this century.”
Fight Not Over
Sadly, the US system - which is modeled around the Patriot Act - still favors the rights of the state over the rights of the individual. What’s more, the US administration’s decision to allow ISPs to sell consumer data stands in stark opposition to the data protection laws that are coming into effect in Europe.
The UK has its problems too. A version of GDPR has been drafted by the government in preparation for Brexit. However, it contains a number of derogations that make it far less effective than the EU version. Privacy International has expressed deep concerns about the UK’s version of the data protection law. It has urged the government to stick more closely to the EU’s regulations.
Head of Privacy International Advocacy and Policy team, Tomaso Falchetta, commented,
"Privacy International welcomes the aim of the Data Protection Bill, which is to introduce a data protection regime in the UK that is ‘fit for the digital age’. However, this aim risks being frustrated. Where the UK government could depart from the requirements imposed by European data protection standards, it has done so. It has made little attempt to re-consider and restrict the conditions for collection and use of people's personal information, such as our political opinions, or to introduce adequate safeguards against decisions made by a system independent of human intervention, such as in credit rating.
"Further, we regret that the government is seeking broad exemptions to the data protection regime on national security grounds. While we are pleased that intelligence services are coming under the rules of data protection, the agencies are being given unfettered freedom to share people’s personal information with other countries’ governments, which is unacceptable.”
Overall, there can be no doubt that the trend toward advertising privacy as a feature is encouraging. Despite this, it remains true that many corporations would prefer to continue extracting profit from their users’ data. GDPR is good news, and the fines that come along with it will certainly help to encourage firms to start doing a better job. On the other hand, the regulations are extremely localized and can only have so much impact. For this reason, consumers must stay awake, they need to be vocal about their wish for data privacy, and they should demonstrate their preference by boycotting services when appropriate.
Opinions are the writer's own.
Title image credit: Maksim Kabakou/Shutterstock.com
Image credits: Stuart Miles/shutterstock.com, Ivelin Radkov/Shutterstock.com, Pe3k/Shutterstock.com