As more and more people’s work and lives take place online, the threat to user privacy and data protection remains a central feature of 21st-century life. While there are many ways consumers can aim at protecting their privacy and their personal and financial data, an online and digital world will always contain risks. Mitigating that risk, however, is possible.
Consumers can make use of antivirus software to protect against malware and other malicious software. They can use multi-factor authentication for login. They can backup their data regularly. They can avoid using free Wi-Fi in coffee shops and only do business on encrypted websites. Another way to increase the chances that private data remains private? Choosing software programs and apps that take user privacy and consumer protection seriously.
Another Day, Another Breach
Approximately 30,000 websites experience some form of data breach every day around the globe, subjecting consumers’ credit cards, addresses, phone numbers, banking information, social media handles, IP address, mobile device identifier, and more to hackers and other bad actors. In the United States alone, hundreds of millions of sensitive records are exposed through security breaches each year. The harm to consumers is extensive, and the expense to companies is astronomical.
And it seems no company is immune. In 2004, a hack at Yahoo affected 3 billion user accounts. In 2018, Under Armour’s MyFitnessPal app was hacked compromising 150 million accounts. A 2014 cyberattack on JP Morgan Chase resulted in a data breach of 7 million business owners and 76 million households. In October 2021, Amazon-owned gaming platform Twitch reported that it had fallen victim to a massive hack that exposed sensitive user data, as well as Twitch’s entire source code.
Add to that the threat of phishing attacks that target individuals through email and social networks, and it can feel like threats are everywhere. In many ways, they are. However, the most routine threat to online privacy exists relatively out in the open.
When Is Your Private Information Your Own?
The vast majority of the world’s most popular online apps and tech companies regularly and legally expose user data to third parties. How? Well, it has nothing to do with some nefarious outsider hacking a firewall. Instead, the privacy agreements people enter into with many companies — from social media apps to online stores to search engines — all provide a legal path for those companies to collect personal data and rent it to third parties in the form of email lists, information about your purchasing habits, what you looked for online, and more.
When a Great User Experience is Also a Privacy Concern
Consumers are growing more and more concerned about user privacy especially as they learn more about it. In many cases, savvy consumers already know that searches and web browser history can result in ad retargeting, but there are other ways for data to be captured. A common one is through the keywords and preferences recorded by voice via smartphone or smart home technology.
Using Google’s voice assistant is a perfect example. While utilizing a voice assistant for search, to ask for directions, or to book a flight clearly provides users with an exceptionally simple and convenient user experience, voice interaction through Google’s smartphone apps — both intentional and incidental — results in Google continuously recording and logging vocal information into its databases where it’s parsed and stored for later use or for “rental” to a third party. (This is similar to logging keystrokes while searching and browsing, which most search engines and browsers also do.)
Even without intentionally accessing smartphone features, valuable data is collected, stored, and monetized. The GPS on most smartphones tracks and records where people shop, dine, and travel. That information is then shared or rented out to third parties.
This continual collection of data through multiple means results in ads, emails, etc. regarding products or subjects you may have never actively searched for online. It’s made possible because of artificial intelligence and lightning-fast data processing speeds. The worst part is that anyone who has signed Google or Facebook or Amazon’s user agreement has agreed to allow this mining of data — and almost anything can be transformed into data now — possible. The result is a true data privacy nightmare.
Big data is big money, and personal details, even those that seem banal, have tremendous value.
Ethics and Data Privacy Laws
When it comes to the internet and privacy, balancing ethics with the desires of businesses seems to clearly favor business. While there are coding ethics surrounding software development, there is no legal requirement that companies actually follow it — at least not in the United States. However, a conversation regarding what personal information should be collected and stored by companies, whether or not companies are always legally obligated to share data with law enforcement, and the like is ongoing in the U.S. In Europe, the conversation has already reached a consumer-friendly conclusion.
The European Union and User Data Protection Laws
As has already been stated, when it comes to user privacy, U.S. federal laws for consumer protection are very lax. The European Union, however, has passed aggressive privacy protection legislation with the General Data Protection Regulation (GDPR). The goal of the legislation is to protect personal data, which they’ve defined as any data that identifies a person directly or indirectly. This can be immediately identifiable personal data such as name, age, address, and phone number, but it can also refer to a combination of “innocent” data such as job position, company, city, etc. — the kind of information that, when taken together, could result in the identification of a person. Some data is even classified as “sensitive” and in need of greater protection, such as healthcare data or political opinions.
In addition to being very specific about defining what constitutes personal data, the law also includes what constitutes a data privacy violation, which includes gathering, storing, and publishing private data — historically common practices for companies like Google, Linkedin, and most other social media platforms and online service providers. However, these companies and all others that continue to do business in the EU have become GDPR compliant — at least in the EU.
The best part of the law is that it protects consumers in the EU whether they are aware of it or not.
The cost of not following the regulations laid in the GDPR is rather steep. In 2020, Google was fined 57 million dollars by the French data collection authority for failing to divulge how user data was being processed and for not properly obtaining permission to collect user data.
The California Consumer Privacy Act (CCPA)
It’s not all bad news regarding privacy settings and data protection in the U.S. In 2018, California enacted the the California Consumer Privacy Act (CCPA), a general data protection regulation that protects California residents in the following ways:
- The right to know what personal information a business collects and how that information is being used and shared
- The right to data deletion by demand (with some exceptions)
- The right to forbid the sale of personal information
- The right to non-discrimination for exercising these rights
What Consumers Can Do
If you’re in the U.S. and want to use certain hardware and software, you may have little to no control over what happens with your data. That being said, always read terms of service (TOS) and privacy notices, so you know how your data is being gathered, stored, and used. It’s a practice more and more consumers around the globe are likely doing, since protecting privacy is an increasing concern.
Given that most TOS are complex and incredibly lengthy, consumers can find summaries of many large companies’ TOS and privacy statements at Terms of Service, Didn’t Read. In addition to companies like Google and Amazon, services like Spotify, Paypal, and other common companies and apps are covered. They also have a browser extension that rates the TOS and user data practices of different websites.
But there’s more that consumers can do to protect themselves. Given that many consumers are beginning to care more and more about user privacy and its lack on the web, some companies are already offering the protections consumers want — even without legal pressure. Some examples include:
- The web browser DuckDuckGo doesn’t collect user data at all, so there’s no fear it will be rented out or used by third parties.
- ProtonMail is an encrypted and open-source web-based email that follows strict Swiss privacy laws, ensuring user data stays incredibly safe and isn’t used inappropriately.
- Apple’s hardware grants consumers a lot more leeway in determining how much of their data is gathered and stored than other smartphone makers. Apple does process and store data, but they claim to do so randomly, using the data to improve their personal assistant Siri. Additionally, Apple never shares or sells personal information, and the company claims to never retain audio unless users choose to share it for Siri improvements.
At Sonary, we review software so businesses can make good decisions regarding their companies’ needs. Many of our reviews include lists of security features offered by different software. Here are some examples of software we’ve reviewed that does a good job of ensuring user data is protected:
Wix is a popular site-building and hosting platform. It provides a dedicated SSL certificate for every site, whether free or paid, so all information hosted on its platform is encrypted. Wix also uses TLS encryption and is ISO 27018- and PCI DSS-encrypted. These extra security enhancements help protect both their customers’ personal information and their customers’ personal details. Wix customers also have the ability to password-protect specific pages on a website.
Another popular hosting and site-building app, Web.com offers custom SSL certificates so all its hosted sites are secure. Additional security features include daily backups, regular Web.com scanning for malware, a strong firewall, and automatic updates for plugins. This last one is a very nice added feature since out-of-date plugins are a common security vulnerability.
GoDaddy is an internet service company that also offers site-building and hosting with enhanced security features. For customers looking for greater protection, GoDaddy offers a package powered by Sucuri (a website security company) for extra security against hackers. The platform also offers regular malware scanning and removal, 24/7 technical support to customers, and protection against a variety of attacks (DDoS, Google blacklists, and Zero Day).
Without a doubt, keeping data safe and private is a significant challenge. While SSL certificates, encryption, and anti-virus software all make the internet a safer place to be, in most online situations and on any given Android mobile device, consumer data is still being mined and shared. With the exception of California, the U.S. has little regulation regarding user privacy. Europe’s data protection is quite robust and any global- or U.S.-based company doing business there has to follow the EU’s regulations. Of course, those protections only apply to consumers who get online in the EU. The best way for consumers to protect themselves is to read companies’ terms of service (TOS) and privacy agreements and to choose products and services that offer the greatest protection.
We at Sonary respect user privacy rights, and we comply with both GDPR and CCPA regulations. To find out more about how we value your privacy, check out our privacy rights page for detailed information.