Our contradictory relationship to data privacy

Image Credit: Shutterstock (Image credit: Shutterstock)

For some time now, governments have been blurring the lines between privacy and national security. In 2013, ex-CIA systems analyst Edward Snowden revealed that the NSA, a US intelligence agency, was collecting the phone records of tens of millions of Americans. 

As Snowden’s leaks continued, it soon transpired that as part of its Prism surveillance programme, the NSA was tapping directly into the servers of nine internet firms including Facebook, Microsoft and Google to gather intelligence on Americans’ behaviour and interactions. What’s more, Snowden further revealed that the UK’s intelligence organisation, GCHQ, was also using Prism to gather similar information and was able to monitor up to 600 million communication a day.

Since then, the abuse and misuse of communications data are believed to have been instrumental in affecting the outcome of both the 2016 US presidential election and the Vote Leave Brexit campaign, and have been an important contributory factor in establishing stringent data privacy legislation such as GDPR. 

All of this is public knowledge. But despite the extensive column inches these stories have received, most have yet to change our habits, continuing to carry at least one device capable of listening to our conversations, broadcasting our exact locations, and tracking us as we move. And many of us willingly allow them to do so in trade-off for the convenience and benefits they offer. So just how concerned are we about the use and abuse of our personal data? 

Privacy, GDPR. General Data Protection Regulation. Cyber security and privacy concept. Wooden letters on the office desk, informative and communication background - Image

Image Credit: Shutterstock (Image credit: Image Credit: Shutterstock)

Signing away our privacy

Earlier this year, we conducted a survey of 4,000 consumers across the globe to measure their confidence in their own privacy and security practices, as well as those of businesses. The report, ’The Blinding Effects of Hubris on Data Privacy’, found that 87 percent of people don’t feel confident sharing their personal data online. Social media platforms are especially distrusted, with 95 percent of the survey’s respondents expressing some concern. And it’s numbers like this, as well as the threat of criminal action, that have led tech giants such as Facebook, Google and Apple to increase their security provisions when it comes to protecting user data.

However, despite the majority of people having such obvious reservations around allowing online companies to collect our personal data, particularly when we’re unsure what they intend to do with it, most of us are doing little to actually prevent them from doing so. Indeed, we’re more than happy to agree to sign our privacy away in exchange for the services they offer rather than read all 20 pages of an End-User Licensing Agreement (EULA). This thesis was proven in a 2017 study by the Massachusetts Institute of Technology, which found that “whereas people say they care about privacy, they are willing to relinquish private data quite easily when incentivised to do so.”

Complex and contradictory

We clearly have a complex, contradictory relationship with privacy. Whether it’s pizza, as in the case of the MIT study, or something more esoteric, such as the results of a personality quiz, we appear to be all too willing to share our personal information in exchange for some form of incentive. Indeed, it was through such a quiz - ‘This Is Your Digital Life’, a third-party app on Facebook – that Cambridge Analytica was able to illegally harvest the details of over 87 million users, many of whom were simply friends of the individuals that took the quiz and had not actively opted-in to the data sharing disclosure that quiz-takers had. 

Given our apparent willingness to exchange our personal data for even menial rewards, we have to consider whether we’re actually getting a fair deal. Moreover, if platforms such as Facebook and Twitter purport to be free, should we even have to give them anything in order to use them? And if we don’t, are we prepared to endure the increasing number of ads they post in order to make up for the revenue they’re missing out on by not selling our information? Fundamentally though, there is a huge gulf between our intentions and our actions. We therefore need to ask ourselves whether, despite the majority of consumers expressing concern, people actually care that much about their online privacy. 

Image Credit: Pixabay

Image Credit: Pixabay (Image credit: Image Credit: TheDigitalArtist / Pixabay)

Challenges and opportunities

Recent events such as the Cambridge Analytica / Facebook scandal, the high-profile data breaches that continue to hit the headlines, and the introduction of GDPR, have resulted in data privacy becoming as much of a boardroom issue as cyber-security. 

But while certainly a challenge for businesses, data privacy can also present a significant opportunity to improve the customer experience they offer. After all, given the level of mistrust expressed by consumers with regard to the way large corporates handle their data, those businesses that can be seen to be protecting their customers’ data, and communicating precisely how it will be used, will be viewed far more favourably, like Apple, for example. And, of course, in the long run, consumers are likely to be significantly more loyal to a company that’s seen to be taking responsibility for their online privacy, rather than one with a more laissez-faire attitude.

Looking to the future

Whatever steps businesses take to manage it, the issue of data privacy is unlikely to become any less complex in the foreseeable future. The quid pro quo nature of our relationship with social media platforms especially, means it’s virtually impossible for a typical user to remain completely anonymous online. The onus is on all businesses, therefore, to be mindful of the way they use and store the data they collect, how this can impact their customers, and the importance to society of ensuring they respect and protect that data. This may become a key differentiator when it comes to the ethos of companies and their corporate social responsibility efforts. 

We can’t know what the future holds. Facebook, for example, has only been around for 15 years and its use of data has already rewritten the rulebooks many time over. 

Generations Z and Alpha are digital natives – exchanging data for incentives is second nature for them. But for how much longer? Might one of these be the generation that puts its money where its mouth is, and takes back control of its privacy? Businesses of all sizes must remain aware of this very real possibility, and start taking steps to ease the process for everyone concerned.

Adam Kujawa, Director of Malwarebytes Labs at Malwarebytes

  • Help protect your privacy online with the best VPN
Adam Kujawa

Adam Kujawa is a computer scientist with over 16 years’ experience in reverse engineering and malware analysis. He is currently the Director of Malwarebytes Labs at cybersecurity firm, Malwarebytes.

Adam has also previously taught malware analysis and reverse engineering to personnel in both the government and private sectors.