In March 2012, we did a series on information privacy where we looked at:
- What information is and isn’t private before you turn on your computer;
- What information gets collected online;
- What laws protect privacy;
- What are the legal issues; and
- What is HR’s role in protecting privacy.
Seven months later, there has been lots of activity that affects online privacy, but no clear direction. Among the latest developments:
Twitter has partnered with a company to allow access to every tweet ever written for a fee. The government already has it because tweets are being archived by the Library of Congress. Until now, you could only search a rolling database of 3200 tweets per account.
Google is facing fines from the EU because its privacy policies fail to pass Europe’s stricter rules on data collection on users.
The Mobile Device Privacy Act was introduced in Congress to designate all data collected as “private information,” and require all data tracking and collection to be disclosed. So far, data privacy legislation has not passed Congress, probably because it is big business and both government and law enforcement also want the data.
At the same time, the House passed an extension of FISA that allows the government to obtain data and conduct surveillance of people without a warrant. The law has not passed the Senate yet, but probably will in the name of “security.”
Numerous states, including California, have passed laws that prohibit employers and schools from demanding social media passwords.
How to See Who’s Tracking You
Mozilla has developed an extension to Firefox called Collusion, that allows you to track the trackers, and see what sites are collecting information about your online activity. Collusion shows you what websites you contact, then what other sites start tracking you based on the ones you contact. The sites you don’t contact usually get access through retargeting based on cookies, or joint agreements with advertising companies that give all subscribers access to each other’s data. You will be surprised at how many there are, and how much money they make at it. To watch it work, see Gary Kovac’s TED talk on Collusion.
What Can You Do?
First, don’t freak out. Okay, freak out. Then figure out what information is important to keep private and what isn’t, and take steps to protect it.
Check Your Info. You already know to take care with financial and credit card accounts. But what about having your full birthdate and mother’s maiden name on your Facebook accounts? If your parents are divorced and your mom is a friend, chances are you do. Go through your social media profiles and look at the information that’s there. Assume that it is available to everyone. Then eliminate anything you don’t really need or want to be there.
Consider disinformation. Teenagers already have multiple social media accounts so that they can give certain people some information and keep it from others. The fundamental premise of data collection is that people will give accurate information. If you are not required to tell the truth, like on a job or loan application, is there any reason to give accurate information? If you don’t want some marketing company to develop a precise profile of you, then don’t give consistent information. They can collect all the information they want if the profile ends up being a Male or Female, Hispanic, African American or Asian, between the ages of 18 and 60. with an income of $5K to $150K. Disclaimer: I am not suggesting you give false information when you are legally required to give, or represent that you are providing, accurate information. I’m just pointing out that it’s not always required.
Don’t Trust Privacy Settings. Privacy policies and most “privacy” laws don’t require companies to protect your privacy or to keep your information secret. They mostly just require companies to tell you what data gets collected and whether they sell or give it to others. Go read a few privacy policies. My favorite is Skipity whose terms include:
We firmly believe that privacy is both inconsequential and unimportant to you. If it were not, you probably would not have a Facebook, Twitter, or LinkedIn account: and you certainly wouldn’t ever use a search engine like Google. If you’re one of those tin-foil-hat wearing crazies that actually cares about privacy: stop using our services and get a life.
We agree with Mark Zuckerberg when he pithily opined “The age of Privacy is Over.”
1. We are the company that cares about your privacy. Specifically, while most other companies are concerned with protecting your privacy, we care about profiteering and violating it when expedient or useful.
2. You may think of using any of our programs or services as the privacy equivalent of living in a webcam fitted glass house under the unblinking eye of Big Brother: you have no privacy with us. If we can use any of your details to legally make a profit, we probably will.
3. We will track and log everything we can about all the dirty (and clean) things you do and like with cookies, GPS, secure connections and or whatever technology exists today or becomes available at any time in the future.
4. By using any of our services, you grant us permission to surgically implant a tracking microchip of our choosing in your body and sell all collected information to the highest bidder . . . and to all other bidders. You also agree to regular updates and reinstalls of said device entirely at our discretion for up to 50 years after the end of your natural life.
Make Informed Choices. Before you fill out that survey, fill in the blanks, check in on FourSquare, check out that shoe add, or check the “I agree” box, understand what information you are giving out and decide if you care. Also understand that your phone is a GPS tracking device and that it’s relatively easy to get information on where you are, who you are talking to, and what you are doing. So make informed choices about what information you put out in public.
What to Expect
Allowing people to know information about you is not necessarily a bad thing. I like it when Amazon suggests other books I might want to order by the same author or about the same subject. I often buy them. But the Facebook ads for weight loss, wrinke reducers and pole dancing lessons usually just piss me off. Facebook would argue if it had better information on me, I’d get better ads. (And if you want better ads, you can click on the ads and tell Facebook what you want.) But I don’t really want better ads either.
I don’t believe that laws, either through legislation or court decisions will ever be able to effectively handle the issue. This is because the process takes too long, and technology is changing faster than lawyers can introduce laws or file lawsuits.
I expect, in the near future, we will start seeing privacy software that either stops information from being collected or gives you the ability to see it and customize it. The only way to effectively deal with technology is to apply technology. Who needs privacy rights, when you can download the app?