Digital Data Privacy: A Paradox?

This week, I've been thinking about the nature of privacy on the modern internet. A common sentiment I hear from people who grew up before social media was commonplace is that they're grateful they were able to keep the silly mistakes they made in their youth private. When they were adolescents, privacy was assumed. Now, preserving privacy often requires active effort. 

Technology has advanced rapidly in recent decades, and comprehensive regulation to protect data privacy in America has not kept up. In contrast, the European Union passed the General Data Protection Regulation (GDPR) in 2018, and since then more countries and jurisdictions have passed comparable regulation to protect their citizens' data privacy.

As federal regulation has largely stagnated in America, individual states are left to pick up the mantle. Tech companies work with corporate interest groups to lobby the hell out of elected state representatives in order to weaken or even repeal existing regulations. All to continue to profit from our tasty, tasty data. 

"But, Kate," I hear you asking, "I'm not doing anything wrong, why should I care? What does it matter who has my data and what they do with it?"

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." -Edward Snowden (NSA whistleblower)

There's a lot of overlap in the discussions about privacy and free speech. I'm going to focus on digital data privacy here for the sake of scope and my sanity.

A right that is not used can be slowly eroded away by those that would benefit from its nonexistence. It's up to each of us to decide why data privacy protection matters in our lives. In the rest of this post, I'll share some of my journey with data privacy, three of the most prominent reasons why this right is important to me, and simple steps you can take today to protect your privacy online.

The Privacy Paradox and Rights Protection

We relinquish an astonishing amount of our personal information every day, while many Americans don't trust that their data is handled responsibly. Most Americans feel confident that they can make the right decisions to protect their personal data online, but a majority also doubt those decisions will actually do anything.

Source: Pew Research Center

Two researched backed reasons that underlay this apparent paradox are: that the convenience/benefits of using the service outweigh the risk of loss of privacy, and; that any assessed risk to personal privacy is trivial. 

To be radically honest, I identify with both of these reasons. I don't read the Terms of Service line by line, because it would take at least 20-30 minutes to read boring legal jargon when I just want to check the daily specials at a local restaurant. 

At the same time, I've been on these sites for most of my life at this point -- what more data can they extract that they don't already have on me? I don't trust that social media companies will handle my data responsibly anyway, so I feel even less compelled to pick apart the Terms of Service when I know I'll just click agree anyway. 

These two explanations end up as circular reasoning: I don't feel that my data is protected, so why give up the benefits? I don't want to be inconvenienced, and these companies have all my data already, so why not agree to the Terms of Service?

Despite this, I also want to have some semblance of privacy online. I want to have the option of obscuring my online history, to not have every click and keystroke be traced back to me. More than that, I want to be able to criticize powerful people and entities online without fear. I want people to be able to report on wrongs being done without trepidation that they'll be punished for coming forward. 

Which brings me to my first main reason why data privacy is important: normalizing online privacy tools and personal data protection will help protect those activists and whistleblowers who really need security online.

“If everybody uses a postcard, the envelope is suspicious. But if everyone uses an envelope, then it’s just an envelope.” -Bruce Schneier (security professional)

This idea of a privacy paradox is built off absolutism and the paradise fallacy. If you can't protect all of your data, then why protect any of it? Humans are not absolute, any more than we are always rational. But as we collectively learn more about how our data is (mis)handled, we can make changes to adjust and protect our data privacy now and for the future.

I don't know what the future holds for Americans, but I do know that I'll want to talk about it. Taking steps now to normalize data privacy will help preserve the right to speak truth to power without retribution.

Privacy for Equal Pricing 

A novel exploitation of our data is companies analyzing our spending habits and location to provide a personalized price. In a world of customization, this might sound great, at first. This Forbes article lays out nicely the many benefits that retailers gain from implementing AI-powered personalized pricing (also called surveillance pricing), including the ability to "capture the maximum willingness to pay". 

Yikes.

The shift to electronic payments (credit/debit cards, Apple Pay, etc.) has created a wealth of information about our collective spending habits. A staff report from the FTC last year indicated that browser history, location data and other demographics are "frequently use[d] ... to set targeted, tailored prices". Both of these sets of data can be used to customize pricing based on the individual. 

This leads into the second reason I want data privacy to be protected: to prevent this sort of targeting of specific customers, where companies use personalized data points in order to maximize profits at the customer's expense (literally!). 

"In a custom-pricing situation, seeing a high price doesn’t mean something is higher quality. Instead, a high price simply means a business views the customer as willing to part with more money." -Jay Zagorsky (business professor)

To continue the logic of this quote, a low price would no longer mean a sale, or a good deal, or even just a low quality item. It would mean that a business has calculated that this is the most an individual customer would be willing to pay for that item. 

Here are some strategies to avoid personalized pricing (from this article on the subject):

• Use cash to pay for purchases in physical retail stores. I know, I know. But it's private and non-traceable. 
• Clear your cache after browsing. This can help prevent the scraping of your browser history and location data. 
• Disguise your location if you live in a wealthy zip code. Location is used as a proxy for income, and can impact what prices you're shown. 
• Be prepared to walk away from negotiations. Online, this looks like waiting with your items in your cart before hitting purchase - this can prompt the site to apply a discount to encourage you to complete the purchase.

Using this emerging technology, aided by AI, companies will continue to take advantage of the lax privacy regulations and consumer protection laws in the US. Until relevant regulation is passed, unfortunately, it seems to be largely up to us to protect our own data privacy in this regard. 

Privacy for Today's Youth, Tomorrow's Adults

My generation came up in the early days of social media and had to learn how to protect ourselves online. The newest generations must contend with a new technology: artificial intelligence. While researching the many unique privacy challenges on the modern internet, I encountered the fact that the AI algorithms that gather data on its users may give the same weight to data from adults as it does data from children. This means that today's youth will have even less of a chance to have their mistakes forgotten than earlier generations did as their data is gobbled up by AI. 

I have four nephews, all under five years old. Regulation that is passed today will directly affect their ability to exist safely online in the future. This is the basis for my third reason why data privacy is important: My nephews, and all children, deserve to enjoy the benefits of an online social experience while being as protected as possible from the harms, and to experience childhood without expected, youthful mistakes disproportionately impacting their future.

“Parents can’t do this alone. We need larger-scale changes to these platforms to protect kids.” -Jacqueline Nesi, PhD (psychology professor)

Current and future generations will have to learn to navigate not only the physical world in all its complexity, but also how to operate online in a digital space. While data privacy regulation is essential to safely entering online spaces, it's just as important that we also educate children on the risks they may encounter on the internet. 

We can't expect today's young people to automatically understand how the internet works and the dangers that exist there -- we have to teach them. In this way, educated children grow into digitally literate adults who are aware of the importance of their data privacy, and who know how to protect it and themselves.

Privacy Doesn't Exist… Unless We Make It 

There are steps that we can take to protect our data, or at least mitigate the risks to our data privacy from existing online. I've switched browsers from Chrome to Firefox and installed some browser extensions to help protect my data while online, and will probably add a few more to round out my passive protection. There are many different methods to increase personal data privacy online, but I've included some basic resources here, loosely sorted from least effort to most effort. 

Browser Level (Passive)

Browser extensions are the easiest way to protect your privacy online. The risk is in choosing the right ones that will actually do what they say, not take your data and run. This Wirecutter article has many excellent extensions for password management, ad/tracker blocking, browser profiles, and email masking.

This infographic from the European Association for Viewers Interests (EAVI) has some useful recommendations for easy changes or additions to your browsing habits that will help protect your data privacy online. That page also provides some online tools to test the strength of your privacy settings.

Active Level (More Effort) 

A service that I've been enjoying is receiving notifications from Google if my contact information (name, phone number, address, etc.) is found online, and having the option to request it be removed right from my Google dashboard. It is a one button request for each instance, and the request is usually approved within a few days, if not a few hours. 

On the other hand, if you're sick of the unrelenting data collection from the likes of Google and Microsoft, you may be interested in the Proton suite of services, which includes email, cloud storage, a VPN, docs and sheets, and more. They're privacy first with end-to-end encryption for all users, so not even Proton has access to your files.

"Disappear" Level (Most Effort)

Follow along with one security journalist's progress to "disappear on the internet". He explains the many approaches he takes to attempt to identify and disguise or delete his social media accounts, as well as the hundreds of other accounts he has made over the years. He explains his thought process throughout, providing insight into the breadth of the task.

To completely disappear online is a time-consuming task, and a lot of that time is spent just gathering information. If you want to get your data out of the hands of data broker services, this workbook provides the essential information to help you get started, including relevant URLs, email addresses, requirements for removal of data, and notes for each major data-collection service, as well as space to track the progress of your requests. 

Going Forward

As I enter the information profession, it's essential that I understand the basics of data privacy online and what actions can help protect it on an individual level. This is so I can effectively advocate for those that are most vulnerable, and so I can provide a path forward for those who are interested in preserving their digital privacy on their own through both education and options for action. This post is one step on that path. 

It feels like tech companies are trying to erase the concept of privacy online, and the American federal government isn't stopping them. The progress made to protect digital privacy in other countries should give us hope, but until those regulations are in place here in America, we must take steps to protect our data privacy and that of our children. If you decide to take the next step toward stronger digital data privacy, I hope the above resources are helpful to you. If you have a resource that you think would be useful, please let me know in a comment!  

As for me, I will continue to be motivated by my desire for safety in speaking to power, equal and fair pricing, and the safety of children existing online. 

Until next time!