Data Privacy in 2019, did we learn anything from Cambridge Analytica?
It seems so long ago. When Cambridge Analytica first entered the realm of public consciousness, last year, it was as a shady marketing company that may or may not helped to elect the next President of the United States through illegal means. At the time, it seemed like a breakthrough moment in data privacy.
A year later, though, have we learned anything?
It’s a complex question that deserves a deeper analysis. Data privacy has not left the public consciousness since that incident and had certainly made its way into regular conversations even before then. And yet, in 2019, we’re still fighting a similar battle between convenience and novelty on the one side, and privacy and security on the other. Too often, it seems like the former will win.
It doesn’t have to be that way. And fortunately, there is plenty of reason for hope, on the side of both companies and consumers. You just have to know where to look.
The Cambridge Analytica Scandal
Cambridge Analytica was not the first one to take advantage of the concept, but certainly the most prominent actor. Starting in 2015, the ‘marketing’ company began to harvest consumer Facebook data through apps that enabled privacy sharing, often without the user’s knowledge or direct consent. We’ll let Vox explain what happened:
Kogan built a Facebook app that was a quiz.
It not only collected data from people who took the quiz, but as my colleague Aja Romano writes, it exposed a loophole in Facebook API that allowed it to collect data from the Facebook friends of the quiz takers as well.
None of that is legal. All of it, unfortunately, was way too simple. In total, Cambridge harvested the data of more than 87 million Facebook users. When the extent of the damage was finally discovered, Cambridge Analytica shut down, Facebook was fined $5 billion, and the meaning of “data security” was no longer just a hot topic for tech experts and companies.
The State of Data Privacy in 2019
Read the above summary, then consider this statistic: according to Pew Research, some 80% of social media users are concerned about how companies are using their personal data. Just as importantly, the same study found that more than half of American citizens trust the government to offer increased data protection.
As a result, we get an increasing move toward private profiles. We get a user base conscious of sharing their personal information with anyone beyond their closest friends. And yet, we still get social phenomena that seemingly outdo all of that hard work.
You might remember the FaceApp craze that swept the internet earlier this summer. You might even remember participating in it. After all, what’s more fun than digitally swapping your Face with your nemesis, aging yourself, or looking at your current face as a baby?
Then you realize that the app was ‘ with questionable credentials. You read about the fact that simply by using the app and giving it permission to access your photos and saving your facial features on a remote server, you are actually opening up your phone for potential fraud and identity theft. It only gets worse from there.
But you’ve already used it. That’s where we are with data security today: a basic awareness of the concept has led to more consciousness about openly sharing personal data. The response by bad actors, of course, has not been to stop trying. Instead, they’re just using more elaborate methods to get to the same spot. More drastic steps tend to be necessary for true security.
How to Maintain a Clean Online Presence Today
Translate the above statement to actionable advice, and one thing becomes clear: as everyone around you becomes more sophisticated, it’s becoming more difficult than ever to maintain a clean online presence with no loss of physical data today.
The most obvious advice: don’t go online. Of course, for most of us, that’s simply not realistic. And yet, even credible companies like Target are deep-linking their apps with other data gatherers, adding language to the small print of their terms and conditions like:
We may share your personal information with other companies which are not part of Target.
Being mindful of potential traps is absolutely vital. Websites like simpleoptout.com give you an easy path for opt-outs to many of the most common apps, retailers, and service providers. Simply perusing this site and taking appropriate actions with the providers with which you interact most can make a massive difference.
Of course, you don’t have to stop there. Simply searching for a given company, adding ‘privacy policy’ to that search, and finding the ‘your preferences’ or ‘your choices’ section can help you get to the settings where you can decide whether to share any data and which data you should (or shouldn’t) focus on. Deleting your voice recordings on smart home assistants like Amazon Alexa and Google Home is another simple steps that can go a long way towards data security.
Maintaining an entirely clean online presence today can be difficult, but you can at least get close. You just have to know what action to take. As Cambridge Analytica and FaceApp show, it also doesn’t hurt to be aware of the newest trends, and whether or not they actually come with privacy concerns. More research into these items before you use an app is never a bad thing.
The Benefits of Straightforward Data Policies
Let’s flip the switch for a minute. Until now, this article has focused entirely on consumers looking to better protect their data. Companies in this argument tend to be framed as the bad actors, willing to do anything to get to that personal data and leverage it for better revenues and profitability. Names like Cambridge Analytica, Target, and FaceApps have (somewhat rightfully) become synonymous with this type of unscrupulous behavior.
It doesn’t have to be that way. In fact, you can take a number of steps specifically designed to insulate yourself from this type of image as a company. You just have to know what steps to take, and why you should stay away from becoming an organization with this type of behavior, to begin with.
It’s all about credibility. Study after study shows that consumers are becoming more concerned about privacy, and are taking active steps to protect their data. This article alone is yet another tutorial on how to do so. At the same time, corporate social responsibility has entered the public framework as a potential distinguishing factor that can actually lead to a competitive advantage. Take a closer look at these two statements, and you begin to see the connections.
It’s time to look at CSR as more than just environmental sustainability. That will always be a core part of the concept. However, at its purest form, it goes way beyond. The concept describes anything that ensures your company plays a positive role in its environment. As pointed out by ZDNet, that includes being a responsible steward of personal information:
Customer data protection needs to be right up there with product quality, safety, environmental protection, and anti-corruption processes. Framing it this way will help change people’s mindsets, and elevate the discussion within the organisation.
And of course, there are legal issues to think about as well. Europe is already leading the way with a landmark data privacy law. Violate it, and you can expect massive fines with the potential hurt the long-term sustainability of your business. In the future, we’ll only see more of this type of legal combat.
What Can We Expect in the Near Future?
Most obviously, the near future holds another step towards data security accountability. New laws are coming to the U.S. They have the potential to look much like GDPR, which has already changed the way that companies act in Europe. The past year has seen an increased flow of tech executives to congressional committees, both to investigate security failures and to get insights about these potential new laws.
With these laws comes a continued awareness by the general public that data security is not and cannot be optional. The wild west days of the internet should be over. Yes, the occasional Nigerian Prince might still come knocking. But it’s not out of the realm of possibilities to think that, given everything we’ve witnessed with Cambridge Analytica, questionable terms and conditions like those of Target will soon be a way of the past.
As a consumer, that’s cause for celebration but not complete relief. Bad actors will find ways to gather data, and being conscious of how that occurs will remain a constant part of life online. Don’t download that app or play that Facebook game unless you know what happens to your data. There is no replacement for being mindful.
Companies, meanwhile, have to adjust to both increased public awareness and legal restrictions on data sharing. Yes, in isolation, data is a good thing and can improve business decisions. But is a reckless, indiscriminate pursuit of that data really worth the public and legal jeopardy?
The answer is probably no, but seeing it play out in the near future will be fascinating to watch. Our expertise in data security can help you prepare. Contact us today. Let’s have a chat about your business needs, and how the trend towards security might impact your business operations.