With countries across the world formulating the data privacy policy, what are the companies doing to protect the privacy of their customers? On the other hand, are the consumers aware of the laws and are they really concerned about their privacy? This blog explores both sides of the data privacy coin.
Did you know that January 28 is the International Data Privacy Day? Since 2007, fifty countries, including the US, Canada, Israel and forty seven European nations, have been observing this day and organizing events to raise awareness about data privacy and security.
The Data Privacy question
It is a topic that is hard to get away from. After the GDPR came into effect, countries across the world are formulating similar laws to govern the way their citizens’ data is collected, stored and used. In the US, a group of tech companies led by Facebook, Google, and Apple is ready to embrace federal regulations on data privacy. Listings for privacy experts and related jobs are seeing a sudden and significant jump. Plus, every website you visit reminds you of data privacy by assiduously asking you to accept their cookie policy before proceeding.
Privacy concerns: real or myth?
The user’s going to pick dancing pigs over security every time.Bruce Schneier, Security Technologist in an interview
A study conducted by IBM’s Institute for Business Value discovered that 81% of respondents said they have become increasingly concerned about privacy online. This concern stems mostly from the stories breaking with alarming frequency about data leakages. But just how concerned are people about their privacy when it comes to practical matters? According to this Fortune article, very little.
In many countries, opening someone else’s mail is considered a felony. But having your own data be monitored doesn’t seem to bother a lot of people. For instance, hardly anyone is alarmed when they are tagged in a photo they didn’t know was taken and it is shared on someone else’s social media profile.
It’s not just about users violating others’ privacy. After the rollout of GDPR, practically every website you visit asks for permission to use cookies to track your activity (and sometimes more). These prompts most often come with two options: “I agree” or “Learn more”. Clicking on the latter leads you to a page crammed with information about how your data is going to be used. Ignoring the cookie prompt results in a less-than-satisfactory browsing experience, with the pop-up often obscuring the screen or prompting you repeatedly to answer. It is practically a Hobson’s Choice.
So it is no surprise that the same IBM study discovered that only 16% of respondents chose to walk away from a company because of suspected privacy issues. More interestingly, 71% said they would give up their privacy in order to experience what new technology has to offer. We give up email addresses and phone numbers for free WiFi or special offers. We share addresses, preferences, and other personal information for convenience (like home deliveries). In essence, we treat our privacy as a commodity to be traded for certain benefits, and organizations everywhere are after that.
What does Big Tech think about privacy?
The moguls of the tech world have all publicly said that they support federal laws related to privacy. But the devil is really in the details. Apple CEO Tim Cook has long been vocal about their staunch stance on transparency. Additionally, Apple advocates data minimization: “companies should be challenged to strip identifying information from consumer data or stop collecting it at all”.
On the other hand, Google and the Internet Association (which represents Facebook, Amazon, Twitter, and Airbnb) believe in transparency but word their statement more cautiously: “Consumers should have control over how their data is collected, used and shared, except in cases where the information is necessary for the basic operation of the business.” Google also believes that while the law should set requirements for the protection of user data, it should allow flexibility in how these requirements are met. In case of non-compliance, Google argues for a penalty proportionate to the extent of the damage caused by the violation, rather than hefty flat fines.
Thinking about data privacy: a model approach
Like any ethical conundrum, the lines between right and wrong are blurred here. Hardline advocates call for nothing less than a way for technology to continue to deliver services without compromising privacy and security. Most of the internet user base is only vaguely wary or plain unconcerned, while another set has resigned itself to viewing the loss of privacy as a price to pay for convenience or benefits.
As an organization that values your customers’ privacy rights, how can you approach the making of your governance policy? On the 11th anniversary of the Data Privacy Day, Forbes magazine reached out to 11 experts for their views on the matter. And David Francis, information security consultant at UK-based communications and IT services provider KCOM had an interesting take on how companies can evaluate their own data security and privacy strategy.
4 important data privacy questions that you should be asking within your organisation
David further suggests asking four questions and introspecting on these:
- Does your data security and privacy plan put the customer first? (Simple answer, it should.)
- Is your organization GDPR (or other applicable law) compliant?
- Does your organization have security systems in place to track and prevent insider threats? (Again, it should.
- Is your organization aware of who has access to what data? (A good data governance policy is an absolute essential to ensure data security and integrity).
As Colibra partners, we have long been helping our clients frame their data governance policy and implement it through our 3-phase model.
Talk to one of our seasoned consultants today to understand how we can help.