Data Privacy is Dead
Data privacy used to be regarded as a basic right which no one really talked about because it was simple, expected, and guaranteed, but the Internet changed everything. Today, consumers can never be fully anonymous because almost any form of online activity, including communication and data search, creates data “that can be collected, aggregated, and analyzed”. In some instances, it becomes even possible to retrieve the seemingly de-identified information and use it for unauthorized purposes.
Decreasing difference between private and identifiable data is recognized at the governmental level, which proves that expecting privacy is naïve. In its report published years ago, the Federal Trade Commission raised concerns about “the diminishing distinction” between de-identified and personally identifiable information. Therefore, the “death of privacy” goes far beyond conspiracy theories.
Based on our observations of the latest incidents and trends, consumer privacy appears dead no matter how much consumers expect it or organizations, industry experts, and regulators try to ensure the confidentiality of personal information and reassure consumers that all their personal data is in good hands. As we observe the latest trends and news, we have a hard time reconciling consumer expectation of privacy with consumer behavior as they post so many personal information on social media. That said, we can’t fully blame the consumer for dead privacy as companies and regulators also bear the blame but we have come to believe that regardless of whose fault it is, sadly, data privacy is either dead or on cardiac arrest which will take a huge collective effort to save.
Let’s go over some of the observations and try to make sense of each.
As we all know, there is no shortage of data breach incidents these days and each case seemingly leads to a larger volume of lost or stolen data despite increasing privacy regulations and oversight. To consumers, it doesn’t matter if the data breach was due to a hack or human error, however, due to increasing frequency of data breaches, we have become immune to hearing or reading about millions of data records being compromised. You can easily search for the list of the latest data breach cases from the Internet but a couple of cases include 1) the Marriott International case which got the personal information of 500 million users such as passport numbers, contact info, and credit card numbers into the wrong hands and 2) the 2017 Equifax data breach which resulted in the theft of credit card and driver’s license info, birth dates, Social Security Numbers, and addresses of nearly 150 million people. Equifax settled the case and offered credit monitoring and cash to its victims.
Illegal Data Collection
In September 2019, Google agreed to pay $170 million to settle allegations that its YouTube video service collected personal data on children without their parents’ consent. Despite the agreement, some lawmakers and children’s advocacy groups complained that the settlement terms aren’t strong enough to rein in a company whose parent, Alphabet, made a profit of $30.7 billion in 2018 on revenue of $136.8 billion, mostly from targeted ads.
The company agreed to work with video creators to label materials aimed at kids and said it will limit data collection when users view such videos, regardless of their age.
Also, let’s not forget the zillion of mobile apps that people download on their phones and allow the apps to access a multitude of their cell phone features and data.
Illegal Data Sharing
Some companies may share or sell consumer information with third parties without consent. In 2018, it was revealed that Facebook had provided Cambridge Analytica, a consulting company, access to the personal data of 80 million Facebook profiles without their consent and used the information for political advertising purposes. The fact that the company continues to operate and earns millions of dollars after the scandal without any concrete changes confirms that privacy is dead.
In August 2019, it was revealed that Huawei Technologies Co., the world’s largest telecommunications company which dominates African markets, has sold security tools that governments use for digital surveillance and censorship.
It was revealed that technicians from the Chinese powerhouse have, in at least two cases, personally helped African governments spy on their political opponents, including intercepting their encrypted communications and social media data, and using cell data for tracking purposes.
In another case, the Trump administration applied to reauthorize a National Security Agency (NSA) spying program that had gathered millions of U.S. citizens’ call records. If you can remember, in 2015, following the 2013 Edward Snowden revelations that outlined the NSA’s mass data collection practices, Congress put in place measures to curtail the government’s surveillance powers under the USA Freedom Act. This required federal agencies to seek court orders on a case-by-case basis if they needed to obtain data from telecoms firms.
Whether companies willingly cooperate with the government or by coercion, no one can reasonably expect consumer spying to stop which tells us data privacy is almost dead. Unfortunately, the laws are often ignored by the same people who created them and expect organizations to spend a considerable amount of time and money to comply.
Irresponsible User Behavior
Nowadays, many people are active users of the Internet despite a large number of privacy concerns associated with the traceability and removal of personal information. Internet users’ attitudes toward data protection contribute to the privacy challenges. They continue to post large volumes of personal information online which contradicts their expectation and desire for privacy.
The majority of active social media users list information privacy among their key values but fail to get acquainted with the details of privacy policies prior to signing agreements which result in users giving away their right to privacy, possibly assuming that companies will look after their best interests. But some companies actively take advantage of the average Internet users’ lack of knowledge and privacy rights until an incident occurs.
To be fair to consumers, who has time to read and make sense of the privacy policies of all the companies we do business with? We just hope and expect that businesses do the right thing and keep us informed as things change.
Monopoly Leads to Disregard for Privacy
Therefore any business monopoly leads to lesser “data protection as a service”.
To sum it all up, privacy has greatly diminished due to the emergence of new technologies, such as cookies, canvas fingerprinting, and use of mobile apps. Other factors contributing to the death of privacy are Internet users’ irresponsible attitudes when it comes to making good choices online. Frequent data breach cases, and companies’ willingness to profit from data sharing further diminish our collective privacy. Taking all this into consideration, modern Internet users should not regard privacy as the guaranteed and protected right.
The emergence of IoT and smart devices will make privacy matters even worse as these devices are programmed to collect, store, and share data unless consumers are educated about their rights, device capabilities and features, and, how to improve their digital privacy.
Also, enforcement of privacy regulations like GDPR and CCPA by government authorities is important if we want to save privacy from completely being destroyed if we assume that we still have a slight opportunity. A strict regulatory oversight will align user expectations and lack of knowledge around privacy with a corporate governance and improved ethical business practices which look after customers and their best interests.
Read more of our Blogs at http://www.woodsllp.com