M.N. Shamika Tissera
How many of us take time to read the data privacy policies followed by companies when we purchase or use their products (For example Google Maps by Google)? Yes, I agree to the fact that most of the time, the list is so long that you can get it down to many A4 sheets, but isn’t it important to know how these companies ‘play’ with your data behind the scene? One of the major methods of income of companies such as Google and Facebook is by providing users with personalized advertisements. The reason for many companies to choose Google and Facebook platforms to display their advertisements is that their value for money spent on advertisements is high when using these services. Nevertheless how are these services so successful in broadcasting advertisements? Let me show you one example, as to how Facebook targets advertisements on its users. Depicted below is a set of conditions that will target people using an algorithm.
“Anyone who lives in Philadelphia studied philosophy in college, is 21, has bought a blue T-shirt in the past year, is neurotic, makes less than $28,000 a year, is likely to buy a minivan in the next six months, is interested in camping and whose interests align with those of African-Americans. Plus, anyone on Facebook who is like them.” (source: The New York Times)
This limited information alone is enough to get an idea about what details about you are known by these tech-giants.
Through this writing, I intend to discuss how data privacy issues can affect both the public and organizations in general. In most cases, Google and Facebook are used to explain operations everyone is familiar with those brand names.
DATA AND DATA PRIVACY
Today’s world is computer-driven. Various positions in which humans used to work previously are now fulfilled by computers. ATM machines can be taken as an example. Computerization is predicted to be increased rapidly in the future. Due to this rapidly increasing rate of computerization, the demand for data is also increasing. Today data has become a very valuable asset for a company. Companies like Google and Facebook earn billions of dollars each year making use of their users’ data. Since data can bring money, companies collect every possible bit of data from their users. They have many ‘excuses’ to do so. As an example,
“We use the information we collect to customize our services for you, including providing recommendations, personalized content, and customized search results.”
The above-mentioned fact is one of the many reasons why Google collects your data. There are also other reasons such as improving services and measuring performance.
In comparison, Google’s terms of services state that Google has got the authority to “host, reproduce, distribute, communicate, and use your content.” It does not end there. Furthermore, it states that it has the permission to “modify and create derivative works based on your content, such as reformatting or translating it.”
Therefore, it is clear that ‘you are Google’s product’. Google offers its users the privilege to use its services for no economic cost, but keep in mind that Google is a ‘profit-seeking company’; therefore it is ‘you’ being ‘sold’ to advertisers.
The other reason Google presents for collecting user data is for improving its services. In this case, I strongly disagree. Even though Google collects data that is personally identifiable, only ‘usage data’ will be used internally for improving its services. Usage data can be collected anonymously as Apple does.
This is the same for Facebook as well. These companies have recognized the fact that user data not only brings money but also increases company power.
Why does data privacy matter after all?
Daniel Solove’s 10 Reasons as to why Privacy Matters:
1. Limit on Power
2. Respect for Individuals
3. Reputation Management
4. Maintaining Appropriate Social Boundaries
6. Control Over One’s Life
7. Freedom of Thought and Speech
8. Freedom of Social and Political Activities
9.Ability to Change and Have Second Chances
10. Not Having to Explain or Justify Oneself
Even though data privacy is a critical factor, usually the public and small businesses take this very lightly. They have failed to understand the fact that data is an asset that wholly belongs to them. Just like any other property, no one has the right to steal it from you. Your data collected by companies may have the risk of getting into the hands of third parties targeting you. These ‘data’ can take many forms. One of the most famous incidents where data (specifically, images) fell into the wrong hands due to the company failing to protect user data, is the Apple iCloud incident which happened on August 31st, 2014.
“Let suppose, if firstname.lastname@example.org’s mobile number is 12345 and when I enter 12345 mobile number to my email@example.com Apple ID account, I could see abc’s data on xyz’s account” (A victim’s dialogue with the THN)
The damages caused were severe. A collection of private pictures of various celebrities were released to the public.
Apple is a company that has adapted data privacy as one of its core values. Being a company dedicated for user privacy, if these faults happen which are inadvertent, think about companies like Google and Facebook where they intentionally collect every possible bit of user data.
Moreover, at present, there are companies known as data brokers. Simply speaking, their job is to collect user data and sell it to companies for various reasons. Surprisingly, this is legal. This data is said to be anonymous in general. But it is hard to believe at times when incidents, like the one below, happens:
Earlier this year, a young woman purchased a few nondescript items such as cotton balls, unscented lotion, and some vitamins. Based on what the company already knew about her, they were able to correctly predict that she was pregnant and began targeting her for baby items by sending her coupons in the mail. The issue? She was a teenage girl, and these coupons alerted her father (much to his dismay) that she was indeed pregnant.
(Extracted from an article by NortonLifeLock)
All of us have facts to be kept hidden. Hiding facts is not wrong because we all must have a space of privacy, and that is why we should fight for this fundamental human right.
Can there be any positive returns for your organization on ‘privacy investments’ and in what ways?
Cisco had conducted a study at the beginning of 2020 to ‘explore and quantify privacy spending and benefits to determine the ROI for privacy’. The following is an extract that contains the key findings:
“The findings in this report provide strong evidence that privacy has become an attractive investment even beyond any compliance requirements. Organizations that get privacy right improve their customer relationships, operational efficiency, and bottom-line results.”
(Source: Cisco 2020 Data Privacy Benchmark Study)
Going through this report published by Cisco, a well-known multinational technology conglomerate, investments in privacy has brought an attractive return-on-investment even beyond any compliance requirement. Furthermore, it was revealed that, for every dollar of investment, the company received $2.70 worth of benefit. The reason is not as complicated as it may seem.
The above diagram represents the main factors that affect business profitability. Investing in data privacy affects all of the above.
“Investing in data privacy brings trust because customers expect it; others are unaware of its importance. This improves the brand image. Hence, the company benefits from a competitive advantage. Since more and more customers prefer the product, the product-life cycle increases because it will have a significant market existence and space for growth. This increases market share. Furthermore, there is a chance for the cost of production to decrease because data collection mechanisms are not required to put in place. All of these lead to an increase in profits. This in turn leads to the economic growth of the company. This also brings advantage to the country it is based in, hence the currency strengthens”.
How to protect our privacy?
All of us have the right to access the internet. We must have the freedom to browse without anyone following us. But, in reality, we do not have this freedom, and that is why we must act in a way to at least minimize it. There are several steps we can take. Let me list 8 of the most famous and effective ways:
1. First and the most effective – Check your browser and search engine
Your browser is your ‘window’ to the internet and it is your search engine that fetches the information you requested. Companies like Google track you and provide you with filtered results (biased/dependent) depending on various factors. Google calls this, “Google personalized search”. This puts you in a ‘filter bubble’ where you are stuck only into the information Google provides you. This way, you are ‘limited’ only to certain filtered information. Knowing this fact, why not use a better alternative? For example, you can use Mozilla Firefox, Brave, or Yandex as your web browser. These browsers have built-in tracker blockers. As your search engine, you could use DuckDuckGo, Qwant, or Startpage. Again, these are famous privacy-oriented companies.
2. Use a password manager
As humans, we tend to forget things. Therefore, instead of using unique and strong passwords for every service, we tend to stick to one common password. This is a serious privacy issue. Password managers create strong and unique passwords for each website. Also, it remembers them for you.
3. Make sure that your connection is encrypted.
Always check whether the website has ‘HTTPS’ in the front before you provide your details. This way, you can prevent being a victim of phishing attacks and also ensure that no third party can access your information.
4. Use two-factor authentication wherever possible.
This provides two layers of security for your account.
5. Make sure to give only the necessary permissions for the apps you install on the phone.
Some apps are created to steal your data. Hence always download apps from reputed places such as the app store or play store. Furthermore, ensure that logically, only the required permissions are given to make sure that your data is protected from going into the wrong hands.
6. Hire a Data Protection Officer (DPO) – Applicable to organizations
A DPO is an independent leadership role responsible to ensure that the company follows all rules regulating the privacy of both employees and customers. This is a GDPR (General Data Protection Regulation) compliance requirement.
7. Keep your operating system up to date.
Operating System (OS) updates are released frequently in response to bug-fixes, security patches, and the latest security threats. Hence, for the safety of your data, it is recommended to update your OS whenever an update is released.
8. Use encryption to store sensitive information.
This prevents third-parties from accessing your information.
Privacy is a fundamental human right. All of us require it and all of us take necessary steps to protect it, intentionally or naturally. Protecting our privacy when using technology is not as easy as doing so physically. Technology is very advanced, hence there are many loopholes where people can take advantage to steal our data along with our privacy. Even though this is always unethical, there may be instances where the law may permit companies to do so.
Protecting one’s privacy is his/her responsibility. Knowing this, it is you who must act.