Your guide to online privacy in 2012

  • Author: Lauren
  • Lauren Fisher,

[caption id="" align="aligncenter" width="512" caption="Image courtesy of spodzone"]Image courtesy of spodzone

[/caption]

As the debate around online privacy reaches new heights - a necessary outcome of the increasing amounts of data we are (un)wittingly handing over - it's worth taking a step back and look at how we, as individuals are currently affected. Unfortunately, but perhaps not surprisingly, it's a pretty murky business. Conflicting guidelines and policies, accompanied by many companies being shrouded in mystery, can leave you feeling pretty lost as to what you're handing over, how you're affected, or even how you can get it back. I've put together a short guide on the current state of online privacy to help you understand your rights and where the debate currently stands.

Obama Introduces Voluntary Guidelines For Websites

While some may have expected a harder line from the U.S. government, the Obama administration have just announced plans to introduce a set of voluntary privacy guidelines for websites to adhere to. The guidelines have been introduced as part of the "Consumer Privacy Bill of Rights”, with full details expected later today.

In part, this is a slightly odd line for Obama to draw as it comes amidst his claims that: "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy,” and that "for businesses to succeed online, consumers must feel secure.” Security among a voluntary set of guidelines is hardly the best route for consumers.

Of course, this is welcome news for the Googles and Facebooks of this world. And even more than introducing favourable policies in the U.S., this undoubtedly sets a precedent for privacy policies in the U.S. which will be particularly good news for Facebook, who have had a fractious relationship with the German government over how the site collects data. This resulted in certain states banning the use of the Facebook Like button by small businesses; an issue which culminated in Facebook signing a voluntary code of conduct with the German government.

Is a voluntary agreement really the right way to go though? While social networks should ultimately stay as free from government control as possible, this is people's individual data we're talking about here. We're talking about it in the context of a society where the advancements of technology are sometimes exceeding the pace of human understanding about the impacts of handing over data. We still have far too many stories about people being caught out by using social networks to communicate what they thought was 'private' information, or failing to stop the flow of their own data online.

As an outcome of this set of guidelines, only those companies that agree to sign up will be policed by the Federal Trade Commission. And while you may hope that websites will choose to do this, to demonstrate security for their users, the fact is they are likely wise to the fact that many users will remain ignorant about which sites are adhering and how they're doing it. We tend to be interested first in what we can get out of a site before thinking about what we have to give up in order to get it.

Do Not Track

In line with the Obama announcement, major search engines - Google included - have just agreed to implement a 'Do Not Track' button, following months of negotiations. Google will also be embedding the button within their web browser - Chrome. Make no mistake that the search engines have relented here, rather than openly embracing the change. Conversely, Firefox began experimenting with adding the 'Do Not Track' feature in January 2011, albeit with a few problems.

In practice, the Do Not Track Button will be prominent within the site, and will allow consumers to stop a lot of their data being collected, to prevent tailored ads appearing for example. But while data cannot be used for commercial purposes when the button is pressed, the browsers will still be permitted to collect data for non-commercial use, such as market research, as well as being submitted to government officials if requested.

This in particular has been a long time coming, with the proposal for a 'Do Not Track' header initially being proposed in March 2011, to the Internet Engineering Taskforce (IETF). The Associated Press have already implemented this, which features an opt-in as well as an opt-out feature for those who do/don't want their information tracked.

The Websites Respond

Now the reason that the issue of online privacy has been so fractious is largely because of resistance from major web companies. Collecting data is in their best interest, and while this will remain private for the most part, if they are to offer the best advertising services to brands then they'll need the data to back this up. These sites thrive on data to the extent that many major web companies responded to calls to implement new privacy options with objections that they were too expensive to implement. Laughable to say the least.

Facebook has had a pretty murky history here. Following a series of questions from congressmen in 2010, Facebooks' answers were deemed to be inadequate and frustrating, prompting this response from Congressman Joe Barton:

"I want the Internet economy to prosper, but it can't unless the people's right to privacy means more than a right to hear excuses after the damage is done...It's good that Facebook was in a hurry to respond to our concerns, but the fact remains that some third-party applications were knowingly transferring personal information in direct violation of Facebook's privacy promises to its users".

And more recently Facebook were embroiled in controversy, following a grassroots campaign on Reddit where users flooded the company with requests for hard copies of the data collected on them, something that Facebook is permitted to comply with. However, until Facebook stops relying on data to effectively monetise their business and attract advertisers, there will always be a game of push and pull between the corporation and the user.

Mobile Privacy

If the state of online privacy is confusing, then mobile privacy is even worse. This has come to the fore recently following reports that certain iPhone apps were accessing users' entire address books, with Path right at the centre of the controversy. A developer had discovered his contacts were being accessed and downloaded to Path's servers. Apple were also heavily implicated here, as the issue was not confined to Path, and they have since update their privacy policy for iOS developers to adhere to. The outcome of this is that users will have to give their permission for the app to use address book data.

What this story showed is that we are very much in the dark when it comes to knowing who's accessing our data as well as what data they're accessing. While this is important for any online service, it's even more pressing for mobile data given that wherever your mobile is, you probably are too.

We are starting to make some headway here though. Just today, six major tech companies: Google, Amazon, Apple, Hewlett-Packard, Microsoft and Research-In-Motion have signed up to a law put forward by the Californian government. The law requires users of their apps to review and accept their privacy policy before using the app.

However, considering that we're now at over 35 billion app downloads, policies such as this are coming a little bit too late. It shouldn't take a scandal with a popular app to bring the issue into the forefront. Nor should it take this long to provide consumers with a clear understanding of their rights, when it's a primary concern among smartphone users. In October 2011, a survey conducted by the GSM Association found that:

89% of users think that it is important to know when personal information is being shared by an application and to be able to turn this off or on

Unfortunately, we still have little knowledge of this nor is there a clear and simple way to activate/deactivate data collection through apps. Change is coming here, but it's been a long time coming. And the rather uncomfortable fact is that the increased use of mobile internet or apps will inevitably lead to a loss of control over our privacy, often at the cost of an improved service.

Ultimately I want my phone - my personal device - to know as much about me as possible if I'm going to benefit from localisation and interaction with my address book (where I give explcit permission). With all my contacts sitting right there, I love it when an app like Viber allows me to automatically add the friends that are also using it, and even send a message out to those who haven't yet joined.

This is useful for me, as a consumer, but I will freely admit that at that simple press of a button (or screen), I don't really know what I'm signing up for, or what else that app might do with my data. Sure, this is my responsibility as the app user, but it is also the app makers'/manufacturers/carriers responsibility to make this as easy as possible for me to understand.

Your Rights

When it comes to online privacy, it's as much about knowing your own rights as it is having to adhere to what the sites dictate. And with this comes the good and the bad. While Facebook will send you the personal data it contains on you if you request it, if you want to delete your account (and so the data that Facebook holds on you) it gets a bit tricker. If you delete photos on your account, these will still be stored by Facebook for up to 30 months, and anyone that has a direct link to the photo will still be able to access it.

The importance of individual control was also covered in the bill from the U.S. government today, which contained the declarations:

"Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.

and

"Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain."

If you want to know more about your rights, you can read today's report 'Consumer Data Privacy In A Networked World' in full here.

comments powered by Disqus