by Lynette Owens
Nine years ago, I wrote a piece to coincide with Data Privacy Day 2011. It listed my top five hopes for how the industry could evolve to better protect the privacy of everyday consumers and their families. Fast forward to 2020, and as we mark the same event on January 28, much has changed for the better. Yet that wish list remains largely unfulfilled.
The bottom line is that we all have a responsibility as parents to ensure our kids are privacy literate — that they know the potential risks of over-sharing online and how their data is collected. But so do the companies that harvest, use and/or sell this data on to others, often without our knowledge.
Privacy goes mainstream
First, the good news. Privacy is now much more widely discussed than it was back in 2011. We live in a digital-first society where most of the population has at least one social media account, and we use online services for everything from shopping and banking to healthcare and entertainment. True, the reason why many consumers are now more privacy-aware is because of a catalog of major incidents that have shattered our faith in the organizations that collect and use our personal data. Over the past two years alone, the Facebook-Cambridge Analytica scandal and the Equifax data breach to name just two, resulted in highly sensitive data ending up with others that we did not entrust it to.
Yet out of this has grown broader public awareness of the privacy risks associated with our increased dependency on the internet and concrete steps which could help protect us and our families online for the decades to come. Facebook boss Mark Zuckerberg pledged to build a “privacy-by-design” culture at the social media giant following a massive $5 billion FTC fine, while YouTube agreed not to collect data from children without parental consent after a $170m settlement.
Legislators have also sharpened their teeth to protect people’s personal information, with the GDPR in Europe, which applies to all global organizations with EU customers, and the CCPA in California. These legal requirements promise to introduce more accountability and transparency in how personal data is collected and managed, while arming consumers with greater powers over how their info is used. Because of other public and legal pressure, companies have also designed privacy policies that are somewhat easier to understand (although they are still quite lengthy) which help individuals provide informed consent for how their data is used.
Still a way to go
Despite these positive trends, more data is collected on consumers today than ever before — especially through wearables and IoT devices. There’s always been a trade-off for consumers between the amount of personal data they’re prepared to give up and the quality of the service they receive in return. For free, ad-driven services and a high degree of personalization, we’re more likely to be OK with a relatively high degree of data sharing. But in the new world of IoT, things become more complicated.
How do we know if a virtual assistant like Alexa or Siri is overstepping the mark on what it collects? A recent backlash against such AI-powered tech indicates that the debate is starting to heat up. Vendors are scrambling to respond. Ring recently introduced new features to allay privacy and security concerns from users, including its sharing of customer doorbell footage with local police departments.
My 2020 privacy wish list
With this in mind, then, here is my 2020 wish list this Data Privacy Day:
- A keener focus on internet safety, digital privacy and media literacy in the school curriculum. While more schools are beginning to embrace these topics as part for their curriculum strategies, we are still far behind in many parts of the world on this front. In addition to all areas of digital citizenship, digital skills and media literacy, our children should be taught to understand how their personal information is collected and used once they begin to use the internet, what their privacy rights are, why they should respect the privacy of others and what the implications of sharing information online are.
- An easy-to-use and access tool that could display at the time of sign-up all the personal data that online services/websites/apps require and why. Privacy policies may be getting simpler, but are still often jam-packed with legalese. Such a tool would do wonders for online transparency and help parents explain in-context where the boundaries of digital privacy lie.
- Back in 2011 I wished for a way that consumers could refuse permission for organizations to use their data, or else be rewarded somehow if they allowed it. We’re getting there, with marketing opt-outs in the CCPA and GDPR. The former mandates that companies present a “Do Not Sell My Personal Information” link in a clear and conspicuous location on their homepage. Yet the law still does not cover enough areas and only applies to certain companies.
- A blueprint and enforcement for every new upstart app that kids might use, to protect their privacy. Apps like TikTok which was fined $5.7million for illegally collecting all kinds of data about their biggest user base – kids, a violation of the existing COPPA laws in the U.S. Given the number of companies who made similar mistakes before them, there really should have been no reason to allow this to happen. Nor should it happen again.
- That friends, family and acquaintances don’t post pictures or share personal stories of my kids online without asking me first. As we all spend more of our lives online, and the routes to posting highly personal content grow, it’s increasingly important that we all remember some basic rules of online etiquette.
- That we can see all of the above become a reality by the next Data Privacy Day. We’ve come so far already. Now that lawmakers, journalists, consumer groups and consumers themselves are starting to wake-up to the challenges of online privacy in the 21st century, there’s real momentum for improvement.
As a glass-half-full kind of person, I believe things are moving in the right direction. But as parents we need to remain vigilant and demand more. That means first understanding the challenges ourselves and then teaching our kids about the importance of online safety in the digital age. If we do our jobs right, it’s a message that will hopefully resonate down through future generations. So for now, let’s end the apathy and do the little things we can to protect our family’s privacy today.
For more tips and advice about online privacy, visit internetsafety.trendmicro.com