Internet privacy is dead. Everyone already knows this, so you are perhaps reading this and saying, “What’s new?” That’s a reasonable response. We need to be concerned about Internet privacy all the time, even more so because it is dead, and its death exposes us to many frauds. However, recent developments around Internet privacy are interesting and they make us re-evaluate the nature and worth of personal data.
Given that the global average time spent per person on the Internet each day is 6:58 hours or 40% of our waking work life, there is adequate reason to be concerned. The average time spent per person on the Internet for India in January 2022 was 7:19 hours. Indians have even more reason to be worried.
Every time you browse the Internet everyone, from your Internet Service Provider (ISP) to businesses and the government, is waiting to get their hands on your data. But why should you worry if you have nothing to hide? You’ve heard that before, and you know it is a foolish argument: a person may share personal details related to their bank account, medical records, marital status, education, credit cards, and social security publicly because they have nothing to hide but that doesn’t prevent others from using the information to commit fraud. That is why capturing, storing, and using data has become a subject of great concern. Many businesses are taking action to safeguard your data or not capture it at all. However, it is not always clear how these safeguards will work or how effective they will be. The bottom line is you are the owner of your data; take charge. But can you?
First, let’s examine the data captured about you on the Internet. We know the usual: Geolocation, browsing history, hardware, software, battery level, connection, device orientation, metadata of images you may upload, browser data, devices on the local network, social media logins, screen resolution, installed fonts, etc. Even your browser extensions and add-ins collect data about you. By now, you are wondering why someone will want to dig into the gyroscope in your device to figure out its orientation. The gyroscope data helps understand where your device is. Is it in your pocket or bag? Is it on a desk? Is it traveling with you in a car? Or, perhaps, on a treadmill. The data can be rich and fascinating. Your mobile phone, for example, provides data on the places you visit and the duration you spend at these locations.
When this data is put together, it provides a vivid fingerprint of you and your device. To help you understand the detail to which you can be tracked, I am reproducing a screenshot of my mouse movements tracked a few minutes ago. Don’t judge me by the “subject is very slow” comment. I did this in the public interest :-). But I am sure it will quickly dawn on you that this tracking can be used to determine behavioural credit scores.
Try it for yourself at https://clickclickclick.click/ to see the detailed data you are leaking and how easy it is to capture it. I loved the audio that accompanies this demonstration. It is dry, witty, and insightful. Until you realize that it is scary! For those interested in knowing how much data your browser is leaking and what your digital fingerprint looks like to others, visit https://coveryourtracks.eff.org/, which is an initiative of the Electronic Frontier Foundation. Data you are spewing can be used to understand or predict with substantial accuracy the bars you like to hang out in, your food preferences, your health, sexuality, political leanings, and religious beliefs. Most of us are gushing, six to seven hours a day, a non-stop stream of precious personal data.
British mathematician and data science entrepreneur Clive Humby told us way back in 2006 that data is the new oil. He may not have been 100% accurate because oil, unlike data, cannot be reused. But that may be quibbling. One thing, however, is sure in 2022 — data is turning out to be as slippery as oil.
Several initiatives are being launched to limit the type and amount of personal data collected and used. For example, Google has announced that it will stop the use of third-party cookies in Chrome by the end of 2023. Apple is already doing this with Safari. This action is a good privacy initiative, even though first-party cookies will be default in browsers. In addition, there is legislation popping up everywhere to safeguard your data to prevent profiling. Examples: The California Consumer Privacy Act (CCPA), the Australian Privacy Principles (APPs), Brazil’s The Lei Geral de Proteção de Dados Pessoais (LGPD), Thailand’s Personal Data Protection Act (PDPA), and the EU’s General Data Protection Regulation (GDPR). These laws are the reason there has been a recent rash of websites asking you to agree to their cookie policy. Consent is a reasonable ask.
In early July, Google said it would delete location data when a user in the US visits an abortion clinic. This decision was in response to the US Supreme Court overturning the ruling in the 1973 Roe v. Wade case, making abortion illegal in several states. The data on visits to abortion clinics, if acquired by the government, law enforcement agencies, etc., can be weaponized against women. Let’s reflect on this for a moment. Location data can also show if a person is a regular visitor to, say, a support group like Alcoholics Anonymous (AA). There is nothing wrong with visiting the AA. There is everything right in trying to kick a bad addiction, but no one wants to involuntarily reveal they are alcoholics. Maybe, one day, big tech will wake up to their social obligations and delete all such data.
Gartner, in its recent “100 Data & Analytics Predictions through 2026,” says that “By 2024, organizations that lack a sustainable data and analytics operationalization framework will have their initiatives set back by up to two years.” This could mean the hunger for data will only increase. Or it can be interpreted to mean that the operationalizing framework will have adequate checks and balances concerning the capture, storage, and use of personal users. I hope it means both.
Meanwhile, here is food for thought: should we have two types of browsers, extensions, plug-ins, and apps — those that are free and capture your data (as an exchange of value) and others that are paid for and capture no personal data?
