How can you protect your data privacy?

When downloading a new app, how often do you pause to read the terms and conditions statement before clicking the “Agree” button? I should confess, I rarely do so. Recently, when downloading a game on my smartphone, I did stop and read the terms and conditions. Surprisingly enough, they requested access to my microphone and pictures.

Data privacy reflections

I thought that there is no possible reason why such an application would need access to these data, so I interrupted the installation. This experience made me wonder how I can go about protecting my data and what I should do to ensure that sensitive information is not compromised.

GDPR, the new EU regulation on data protection took force on May 25, 2018. It addresses issues of transparency around personal data usage by companies and gives more control to the average person over their data. The new regulation marks a new stage in the development of data privacy policies in Europe. Protecting people’s privacy is a hot topic that seems to hit the headlines almost weekly. So, what can be done to protect yourself, if anything?

Concerns swarm around data privacy

Today, there are about 3.5 billion internet users in the world, which is about half of the world’s population. An ongoing study by Ericsson Consumer & IndustryLab reveals that about one in two smartphone users are concerned about the amount of personal information that companies have access to about them.

While the study isn’t complete, it does suggest an alarming trend. Given the increasing number of internet users and the steady growth of the number of sensors collecting data, I think that data privacy will be an even more pressing issue in the future. A quick look back at the data confirms this trajectory.

For instance, in 2012, only nine percent of users were concerned about data privacy. Now, the numbers are much higher: half of smartphone users are concerned that their private data will be shared with third parties.

More recently, personal data integrity has received a lot of attention, but is it the only issue that we need to be concerned about? If not, what other challenges exist?

Targeted advertising

Data collection for targeted advertising is appreciated by some consumers, but the line between advertising and manipulation is considered very thin by most.

A recent study by Consumer & IndustryLab showed that about 40 percent of internet users enjoy and appreciate the benefits of data collection for online advertising optimization. At the same time, this thin line exists between ad-optimization and attempts at manipulating people’s opinions.

How can we address the ethical challenges of data usage and privacy? Or should we even care?

I think we have an ethical responsibility to put some global legislation in place that helps protect people, including the most vulnerable in society.

If a person has a gambling problem, for example, how can we ensure that this person doesn’t see advertisements about gambling when browsing online?

The recent discussion around targeted advertising during the US electoral campaigns revealed that targeted ads can be used to negatively influence the very fabric of society.

Can we ensure that companies, politicians, and other actors, always act in an ethical way?

Improvement steps

Firstly, I think that all companies should require a consent form to collect users data. That would be one big step forward, but more work needs to be done in this area before that can happen.

Current discussion on data privacy often centers around ensuring that data cannot be tracked back to an individual user, but is that enough?

Most policies, including the GDPR, are designed to ensure that personal data that can be linked to an individual are not shared. We also know that most consumer concerns center around their private information, such as personal pictures and banking details.

However, where is the line between public and private? And how can we truly protect our privacy?

Researchers at MIT and the University of Louvain, in Belgium, have analyzed data on 1.5 million cellphone-users over a time span of 15 months and demonstrated that just a few spatial and temporal data points were enough to uniquely identify 95 percent of the users.

Worryingly, this analysis suggests that some of the data that we think is not traceable can actually be used to identify individual users. The report also suggests that, by collecting enough data about segments of population, one might be able to predict the behavior of individuals who belong to a group. Although some data might not be traceable to a particular individual, it is still possible to imply preferences of an individual belonging to a group with a high degree of precision. Learning about a group implies knowing a lot about each individual belonging to the group.

Differing perspectives on privacy

Ensuring that data is safely processed may require more diligence on the side of the user to check company data privacy policies on their site. Doing this before giving them permission to collect your personal data is habit that is worth picking up.

Having data about a person or a group might influence people’s opinions, political views, and make them do things that they would not have done otherwise. Therefore, while protecting individuals’ data, we should not disregard data protection of groups of people and society as a whole. So, we need to protect individual people, and society as a whole, too.

Understanding of privacy is usually centered around an individual, but not all cultures share this perspective. When talking about privacy policies, one naturally thinks of the data privacy of an individual. In some cultures, however, group’s (e.g., family’s) privacy is as sensitive as individuals’ privacy. I think that the understanding of privacy by itself is culture-specific. For instance, in China, the concept of privacy has a different connotation.

Many services nowadays are truly global in their coverage. Given that, could a single privacy policy protect everyone globally? Is it enough to have a one-size-fits-all understanding of privacy? Or should data-privacy policies accommodate culture-specific peculiarities?

Data privacy is currently being framed as a government-imposed requirement that companies must follow. However, it is not enough if it is only companies and governments that ensure that private data is shared and handled safely. The end-users must have some basic understanding of threats online.

There will always be actors who are fishing for sensitive data. To truly protect data, users must understand the most basic rules to follow.

New habits

Honestly, how many of us read a terms and conditions statements when data policies change? Probably most of us do not read them at all. Therefore, transparency from the side of the service providers and state-enforced legislation should be accompanied by general data-literacy education.

The GDPR requires that companies explain their privacy policy using “clear and plain language”. It is important to see if the company has posted policies and a simple explanation of how they collect and use data in compliance with regional laws.

When it comes to road safety, it is not enough to put traffic signs everywhere and to only focus on ensuring that drivers know the rules. It is also important to teach every road user and pedestrian to read the signs and act accordingly. We teach kids how to follow the traffic rules from the day they start walking, why not start teaching them privacy rules online from the day they go online, too?

One unified privacy policy

Borders do not stop data privacy breaches. Therefore, a unified global effort might be needed to protect data privacy.

The internet is global, and the data that’s being collected is global, too. Therefore, to protect users’ data, an international joint effort, perhaps, might be needed in the future. In other words, country- or region-level regulation (or companies’ self-regulation) might not be sufficient. Perhaps an inter-state approach could be developed to regulate data-usage and ensure that there is no misuse of personal data.

Such settings might also enable enforcement of the corresponding international rules. And in this process, public-private partnerships that would aim at protecting consumers while not damaging business environment could be appropriate settings to address such hazards.

New regulations, like the GDPR, are a big step towards better-protected data in Europe. However, currently we are still in the very beginning of the journey towards fully protected data (if that is even achievable at all).

Whether we arrive at this destination depends not only on companies and states as the main players in the regulatory scene nowadays, but also on whether or not we as consumers build awareness around the potential hazards and ways to mitigate the corresponding risks.

So, when thinking about what I personally could do to ensure that my data are protected, I realize that reading terms and conditions is the least I should do. To ensure that my data are being stored and used appropriately, more actions might be required from my side, like reviewing the public sites of the company and doing the research required BEFORE agreeing to give my consent. We all have a role to play. Are you ready to play your part, too?

The Ericsson Blog

Like what you’re reading? Please sign up for email updates on your favorite topics.

Subscribe now

At the Ericsson Blog, we provide insight to make complex ideas on technology, innovation and business simple.