Privacy in the Digital World
You live in an apartment complex, surrounded by towering buildings housing thousands of people. You sleep sound at night, knowing that the security cameras act as a detterent to thieves. You wear a seatbelt in your car because it minimizes the risk of injury or death during an accident. You store your jewellery in a vault at your home or at your bank because it is provides security. In many countries around the world, private guards, walled houses and barbed fences are part of a long list of measures to ensure the privacy and security of ones physical life and assets. We have the police and armies to protect our cities and countries from rogue elements. This helps in safeguarding our physical presence. I’m not saying these aren’t necessary: infact they are critical. But shouldn’t we follow a similar approach to our digital presence? Considering that we spend more of our waking life online as opposed to offline, how can we go about protecting our digital life?
Firstly, it is important to identify “what” we want to protect. Every second of our presence online leaves bits and pieces of what we can call our “digital assets”. Our actions, files, accounts, relationships, profiles etc constitute what we can refer to as our digital identity. And it is our digital identity we should be aiming to shield the way we would like it. Just like we shield our physical self in the physical world, we should be protecting our digital self in the digital world.
Lets get one thing straight. Privacy is not that no entity in the world has any of your data. Privacy is two things: control and transparency.
You are a culmination of hundreds or even thousands of data points in the digital landscape. Your name, age, gender, DOB are just some of the basic which come to mind. However, what or who you like, where you hang out, what you eat, what your sexual fantasies are, who you stalk etc are just some of the others. These are powerful indicators of your hobbies, interests, political affiliations, mental/physical health and so much more. For example, Cambridge Analytica had more than 5,000 data points on millions of Facebook users. Yes, 5,000: Let that sink in. Your computer and its applications know more about you than you do yourself. Your life are all these data points in aggregation.
Lets face it: same applications need specific data points about yourself in order to provide you with the required products and services. For example, a health app monitoring your hearbeat needs to know how many times your heart beats every minute! That is a no brainer. But once it has that data, what does it do with it? It might recommend you certain lifestyle or dietary fixes if it believes your heartbeat is too high or too low. That is for your own direct benefit. But how do you ensure if that is all which the app is doing? This is where control and transparency come in. The service provider needs to inform/or better take permission from you before sharing your data with third party vendors or advertisers. Sometimes, sharing data with third party vendors might be necessary to provide you with a better service. Back to the example of the heart beat. It might have to share an anomaly in your heartbeat with a panel of doctors BUT it needs to take permission from you.
Services which mine, track and use your data for commercial purposes like advertising will need to rethink their business models. As a new generation of start ups and companies emerge to provide services in a completely transparent manner, old incumbents will have to follow. A recently enacted privacy law in Europe called G.D.P.R (General Data and Privacy Regulations) will spearhead this pivot towards privacy sensitive products and services.
At the same time, it is important for consumers to demand more transparency and insight into why companies need specific sets of data from them and how it is going to be used. Concern and interest in data protection is growing but needs further coverage and attention from media, influencers, regulators and privacy protection NGO’s to bring this issue on the mainstream of technological discourse.
According to CSO, 70% of all data generated is by consumers but 80% of all data generated is stored by enterprises. So, consumers only have 20% of the data they themselves have generated. These figures are extraordinary and reflect the poor knowledge users have of how their data is being hoarded and exploited.
A dawn is upon us, where users will have complete control over their data and have an insight into how it is used by service providers. I envision a future where users will be able to provide only as much data as the service provider needs. A user will also be able to port their data amongst various service providers at the click of a button. An update will be given to the user whenever a service provider tries to share any data point with a third party. How will this happen? When every single data point will be dynamic and interactive in nature. It will be treated like an object and the ownership of that object will rest with the users.
Also, the apps of the future will be able to receive information, like updates and notifications but whenever information is to flow the other way, from the user to the app developer, it will ask the user for permissions. This is not going to be built into the application layer but also the platform layer, whether it is an appstore, operating system or a web browser.
Complete privacy is as unachievable as avoiding death. But we must strive to work towards a future where it is honored as a fundamental human right, enshrined not only in national constitutions but etched into the foundation of every product and service.