Sharing Data Online And Some Uncomfortable Questions
Sharing or storing our personal data online is so convenient that it's very tempting to ignore data privacy related questions raised in this article. By not fully knowing answers to these questions, we make unwitting compromises on a regular basis.
This article does not offer any solutions, as I don't have any. However, it does provide you with some interesting food for thought.
IS MY DATA FOR SALE?
In Cambridge Analytica & Facebook scandal, we know that our data allegedly was sold and then was used for psychographic targeting in political campaigns.
In the aftermath of this scandal, congressional hearing took place & Congresswoman Anna Eshoo asked Mark Zuckerberg: "Was your data included in the data sold to the malicious 3rd parties? Your personal data?" Zuckerberg replied: "Yes".
IS MY DATA BEING RENTED OUT?
There is no doubt that our data is becoming more and more expensive. New business models may involve renting instead of selling your data to the third parties.
DO I KNOW WHAT I AM SHARING?
Let's say that you install an app and do not allow it to track your location, but you do give the app the permission to access your photos. Your photos are most likely geo tagged. Therefore, technically the user unknowingly can end up sharing his or her location.
USER DATA PRIVACY POLICY IS HARD TO UNDERSTAND
When was the last time you read and fully understood the Privacy Policy? If you felt discouraged because it was lengthy, complicated or did not have time for, you are not alone. Although Google's updated privacy policy ahead of GDPR (General Data Protection Regulation) is simple and easy to understand, Google is not the only company updating their privacy policies because of GDPR requirements and it gets complicated when you have to deal with a number of privacy policies being updated within a narrow time frame.
PRIVACY POLICY CHANGES
Ahead of GDPR, deadline of 25th of May, 2018, most of the companies are changing their privacy policies. Did you recently receive Privacy Policy update emails from Yahoo, Google, Linkedin, Twitter or any other company, whose services you are using? For most of the people it's not practical to go through all of them and keep up with these changes.
IS MY DATA IMMUNE FROM FUTURE POLICY CHANGES?
Privacy policies can change for good or for bad. Maybe this time, because of GDPR requirement and Cambridge Analytica scandal, they are changing for good. However, change in governments and lobbying, can play a key role in defining either lax or strict requirements for our data privacy.
COMPANY PROFITS AND MY DATA
n the capital economy, which is driven mainly by profits and competition, rather than overall welfare of the society, there is no question that pressure will be on the businesses in delivering maximum profits, which can come at the cost of compromising user data. It will be naive of us to think that a company will not succumb to investor pressure and competition, and would value user data privacy over growth.
DATA BREACHES & COMPANY'S PREPAREDNESS
Technology landscape is changing at a high pace. To ensure security of user data, companies have to be a) proactive in identifying cyber threats, b) invest time, money and resources in addressing vulnerabilities or bugs in their systems on a regular basis, c) be willing to make drastic changes d) employ best data security practices.
Unfortunately, we only find out about a company's cyber security preparedness, after the data breach has occurred. For example, only after Linkedin data breach in 2012, it was found out that allegedly one of the security technique (salting), was not being applied to hashed passwords. eHarmony was also blamed for these lax security measures.
Yes, on their blogs these companies will ask users to change their passwords and use strong passwords after the data breach. These companies will also reassure the users that they use robust security measures, which apparently was not the case. Salting is not rocket science, it's a basic security measure and there is no excuse for not using it.
WILL I BE NOTIFIED OF THE DATA BREACH?
Yahoo notified the public about its massive data breach quite late. Organization will be required to notify within a 72 hour period as per new GDPR requirements, effective May 25, 2018. But these privacy requirements are for EU citizens only. Will the companies still feel obligated to notify public of data breaches in other countries?
CHOICE TO OPT OUT
This is a matter of convenience over security. Most users choose to share more information, for better search results and more personalized experience. Although, most organizations do offer an option to opt out, but we have become so much used to this experience of seeing personalized results, it's hard not to share your information.
GOVERNMENT ENFORCEMENT OF DATA POLICY REGULATIONS
Governments can make all sorts of privacy laws etc. but it's the enforcement that really matters. GDPR for example can impose stiff fine, based on the nature of the breach. What about the government organizations outside of EU? Are they willing to enforce user privacy laws on these companies as well, if data breach occurs?
WHO IS IN CONTROL?
At some point, you might have shared your phone number with some company. That company might have rented out, your data to another company. Perhaps, that's why you sometimes receive robocalls, text messages or spam emails? Do you have the power to stop these annoying calls? I certainly don't.
Do you know if your cloud service provider is applying robust security to your data? Have you ever asked them? If you did, did you get a detailed answer?
Do you know that in the event of data breach, your government will protect you by enforcing the law? Unfortunately, we are not in full control, but we can certainly limit how much control we give away by:
Opting out of unnecessary data sharing practices
Holding company's accountable for lax security measures
Reviewing and questioning data privacy policies
Not blindly saying 'yes' to questions related to data collection
Thanks.