(Photo: Don't Spy On Us - Light Brigading / CC BY-SA)
Every January 28th for close to a decade, 27 countries in Europe and the U.S. and Canada have recognized Data Protection Day and Data Privacy Day, respectively, to raise awareness about the importance of protecting personal information online. And while the issue has recently become more heated—prompting U.S. President Obama’s call for a Consumer Privacy Bill of Rights—a new global study shows that most Internet users “still don’t feel they are completely aware of the information that’s being collected about them.”
The results of the study, conducted by Microsoft through more than 12,000 online interviews across 12 countries, are shocking given it’s been almost 10 years since the first Data Privacy Day. Then again, different kinds of personal data are collected in different ways across different websites, applications and devices, making it extremely difficult for consumers to understand what data is collected, where, and by whom. Did you know, for instance, that Facebook, Twitter and Google+ track your visits to any website with a ‘Like’, ‘Tweet’ or ‘+1’ button whether or not you click that button? Further complicating things: how this data is used is just as varied, and every day businesses are finding new ways to use it. Find out more about data collection.
We thought it would be useful to mark Data Privacy Day 2015 by reviewing some basic facts about where and how data is collected, what data is collected, how it is being used today, and what you can do to protect yourself.
Basic Fact #1: Data is collected about you every time you visit a website, shop online, engage in social sharing, enable location services and send digital messages and email.
Basic Fact #2: The information collected on you can be broken up into two categories: 1) data you provide by consenting when you register with a website; and 2) data that is taken without your explicit knowledge or consent from your computer and browsing history. The former can include name, address, email, phone number, and more. If you’re on Facebook, for instance, you may have registered marital and employment status (and even the name of your employer). The latter can include anything from your IP address and general geography to insights into your age, gender, income, hobbies, health status and financial situation, by way of your browsing and purchase history.
Basic Fact #3: Websites that collect information about you need some way to tell if you’re the same person visiting multiple times. To link the information you leave on each successive visit, the website might set a ‘cookie’—a small text file in your browser. A ‘cookie’ is a kind of memo to itself that the website can retrieve and read when you visit again. Cookies are also created by other websites running ads, widgets and other features on a page, which means that visiting one website can result in cookies being set by companies you weren’t even aware you were ‘visiting.’
Basic Fact #4: Cookies are good and bad. Because they ‘remember’ you, they can customize a site to your information and preferences, helping you navigate it more quickly, easily and safely. They are the reason a website can recall your user name and password, and save shopping cart items even if you’re not logged in. They also make it possible for you to shop securely online by authenticating your identity throughout the purchase process. But because they can also track your online movements, and the information you input into online forms, they can link information about you without your awareness or consent.
Basic Fact #5: The information being taken from you may not seem like much, but companies are increasingly stringing these seemingly disparate pieces of data together to get a bigger, more complete picture of you, and using it to make inferences about your behavior, including your habits, preferences, values, aspirations and intentions. What’s more, while we may believe this data doesn’t personally identify us, research from as far back as 2008 shows that supposedly anonymous data isn’t necessarily hard to re-identify.
Basic Fact #6: Inferences about you based on your personal data can have significant implications that you may have never considered. While these can vary, for average consumers the threat of financial implications is particularly high. According to one study, you may pay more than others when shopping online based on your web browsing history or the kind of smartphone you own. Some consumers have seen their credit limits reduced by their credit card companies because they shopped at stores frequented by cardholders who don’t have good repayment histories. From there, it’s not inconceivable to think insurance companies might eventually string your data together to determine if you’re insurable (and what kind of premium you should be charged based on your perceived risk) and credit card companies could use it to determine your creditworthiness (and charge you higher interest).
So, if you’re starting to feel alarmed, what can you do to control too much of your data falling into the wrong hands? Again, the basics:
➢ ‘Fracture’ your digital identity. Strategically use different email addresses, browsers, credit cards, and maybe even devices, for different web activities (like personal, work and online shopping) to make it more difficult to collect one cohesive data set about you.
➢ Proactively check privacy settings. Browsers, devices and apps are often set to share your personal data out of the box. Find and review default settings and see if you’re comfortable with them. A quick search for “default settings” and a specific type of browser or device will yield information about that system’s settings and how to find and change them.
➢ Regularly and actively review your browser’s cookies. You may be shocked by how many cookies have been set on your browser by sites you weren’t aware of visiting. See if your browser lets you block third-party cookies. If not, there are plug-ins you can use. Visit whatismybrowser.org to find out what browser you’re using, and to see if cookies are enabled and your ‘Do Not Track’ capability is on. This site tells you how to find cookies for four browsers. If yours isn’t on this list, after you find out what browser you’re using, do an online search for that browser and “how to find cookies.” Then, you can opt for browser privacy settings such as ‘Do Not Track’ and ‘Private’ browsing to protect against default cookies.
➢ Read the fine print. Know the privacy policies of the devices, websites, social sharing services and applications you use. Find out what permissions apply to the content you upload and how it can be used.
Unfortunately, there’s no one-click answer to controlling your personal data. It requires persistent education, consistent engagement and ongoing management. But there are many online privacy tools that can help make it easier, and allow you to keep track of the information you’re sharing as you surf. Plug-ins like SSL Everywhere encrypt your communications with many major websites, making your browsing more secure, while Ghostery blocks tracking software.
The key thing is, regardless of what tools you use, be willing to adjust your online habits. Sure, it's a little inconvenient having to lock your house or car every time you leave it, but it's better than being robbed. Your personal data is valuable: it's worth giving up a little convenience to protect it.