‘Your data privacy was updated’ — Thanks for ignoring it yet again!
It’s raining GDPR emails, and why a blind ‘I agree’ is not okay
Spammers had some serious competition in the past week. Almost every website and any entity with even a shadow of online presence was busy flooding the net with one of those ‘privacy update’ emails. While our hard-wired response is to click anywhere on the screen that would rid it of this nuisance, that may not be the best thing to do now.
This article is not a primer on GDPR, there are good pieces from NYT and several others on that. This is a reflection on the far-reaching implications of data as a data science practitioner, apart from a few practical things that we can do now, as users.
No Conditions apply
We have been so inured to ‘Terms & Conditions’ that we hardly bat an eyelid while signing up for any new service. So much so that, if an app forces us to scroll down before ticking the ‘I Agree’ box, it falls a notch lower in our perceived user experience. We wonder if Chrome can auto-complete this too.
However, when we suddenly receive a flurry of emails on the same subject within a few days, it piques some curiosity. This gets bizarre, when we hear from companies we never knew existed, more so when their email talks about how they would start being friends with us and begin treating our data nicely.
Data privacy doesn’t solely belong in the confines of legal forums. As data science practitioners who understand the power of data, and as consumers who contribute to a bulk of what makes the internet go around, this change calls for atleast a wee bit of our attention.
Distrust and caution are the parents of security. — Benjamin Franklin
Why all this fuss on data policies?
In spirit, GDPR regulation mandates companies to take a user’s consent to collect data, and to share only that data which is necessary to make their services work. This is a simple measure that is meant to give power back to netizens by honouring their requests to access, update or erase their data.
It may look surprising that such an apparently simple change (and some financial penalties) have triggered all this action. It’s understandable that companies may need to update some of their terms for legal compliance, even though they may be handling data responsibly. I got this nice email which scored over others, wherein it proclaims that NO change in policy was done.
However, if companies had to overhaul their ways of working and disclose new stuff to users just on account of this regulation, then something is amiss. And its not a hard guess that these companies may have been trampling on our personal data for dubious reasons, all along.
For instance, Twitter now shows you the list of advertisers with whom your data is shared. I found a list of ~200 (not so random) advertisers with whom Twitter has shared my data, and also that I may figure in over 1200 tailored audience lists. And all this is ‘turned on’ by default in the new settings, under the apparently harmless ‘I agree’ button which surfaced on Twitter last week.
There are similar accounts about many other major sites. That’s precisely why this needs some attention.
If you’re not paying for it, you are the product being sold. — Andrew Lewis
Data science and privacy — a ticking time bomb
Given the enormous power of data analytics today, consumer data is the perfect sweetspot — a) massive volumes of streaming data through the day, bringing together a variety of user interests and b) advanced algorithms that can unshackle preferences that even a user is not conscious of, as yet.
It is the discovery of such gold mines lying open and in plain sight that has got companies scrambling after them with all their might. Then there are those dark forces that have taken to mining these gold fields and selling insights to the highest bidder. Such cases of a lack of internal company ethics coupled with absence of clear data regulations have led to serious privacy breaches.
As a practitioner in the data science field, I am all for the full use of data to simplify lives and make machines work for us. But, data privacy when it comes to consumer data amidst lax controls is a ticking time bomb, that is just waiting to explode.
Breaches like that of Cambridge Analytica are just the tip of iceberg. Data has way more power than that. Given such enormous risks, what may help in this situation are a combination of 3 things:
- Responsible use of data by companies by displaying high ethical standards and self-controls
- Stringent regulations and punitive measures that keep the dark forces in check, atleast to the extent possible
- Users with heightened awareness to demand the right data practices and question any dubious standards
Until these things fall in place, all we can do is to hope that no major breaches happen, that could potentially retract users deep into the shell of disbelief in data and technology as a whole.
So, do we wipe clean our data trail?
Just in case you’re thinking about cleaning up your web history, sorry it doesn’t really matter. Here’s a brilliant closing snippet reproduced from Ray Kurzweil’s book ‘The Singularity is near’, wherein there is an imaginary conversation between a human named Molly living in 2004 and a futuristic bot (George) from 2048.
Realising the impending Singularity, the human tries to get a few odd tasks done in preparation, while also attempting to ‘fix’ some inconvenient digital memories. Check out the interesting retort from the machines.
GEORGE CIRCA 2048 (bot): Oh, I can take care of that for you.
MOLLY 2004: That’s really not necessary. I’m perfectly capable of doing it myself. I might also want to erase a few documents — you know, where I’m a little insulting to a few machines I know.
GEORGE 2048 (bot): Oh, the machines will find them anyway — but don’t worry, we’re very understanding.
Any data that is already on the internet is dubiously etched in ether, for eternity. A knee jerk reaction to try and wipe out our data trail on the web is a futile endeavour. Moreover, the benefits of technology outweighs its risks, so it’s not a great idea to turn into a digital non-believer at this juncture.
But, what we can do now is to leverage these regulations and flurry of emails to discover who has our data. It’s easy to delete all those unknown or unused accounts, by leveraging channels that have been opened up now. It also makes sense to spend a few minutes on services used, to restrict sharing of data to only those channels where you can benefit from shared community insights.
