What is data privacy and why does it matter in current times?
Data privacy has always been important. It is why people put locks on filing cabinets and rent safety deposit boxes at their banks. But as more of our data becomes digitized, and we share more information online, data privacy is taking on greater importance.
A single company may possess the personal information of millions of customers – data that it needs to keep private so that customers' identities can stay as safe and protected as possible. But data privacy is not just a business concern.
Data privacy relates to how a piece of information – or data – should be handled based on its relative importance. For instance, an individual would not mind sharing their name with a stranger in the process of introducing themselves. Still, there is other information that the individual would not share, at least not before becoming more acquainted with the person. However, when we open a bank account, we are asked to share a tremendous amount of personal information beyond our name.
In the digital age, we typically apply the concept of data privacy to critical personal information, also known as personally identifiable information (PII) and personal health information (PHI). This can include our city identification number (ID), health and medical records, financial data, bank account, credit cards, and even basic but still sensitive information such as names, addresses, and birth dates.
On the other hand, data privacy goes beyond the PII of its employees and customers for businesses. It also includes the information that helps the company operate, whether it is proprietary research and development data or financial statistics that show how it's spending and investing its money.
Now, the question is why data privacy is so important? When data that should have been kept private gets into the wrong hands, terrible things can occur. For example, a data breach at a government agency can put top-secret information in the hands of an enemy state. A breach at a corporation can put proprietary data in the hands of a competitor. A breach at a school could put students' PII in the hands of criminals who could commit identity theft along with numerous other crimes. Additionally, a breach at a hospital or clinic can put PHI in the hands of those who might misuse it.
For example, Cambridge Analytica, a political data firm by President Trump's 2016 election campaign, gained private information on more than 50 million Facebook users. Facebook sold it to Cambridge Analytica without users' consent. The firm offered tools that could identify the personalities of American voters and influence their behaviors.
Moreover, everything we do online reveals small pieces of our real existence. We enter our name, home address in a multitude of forms along with telephone numbers, information on past education, and employment. We search for information about articles we are interested in; we purchase goods online, and we input numerous personal and professional opinions on social media. All the websites that we are entering or using, they are storing our data.
The amount of information about individuals found on the internet was illustrated in a video by Guillaume Duval in 2012. It was created as part of a privacy awareness campaign. The video introduces an extremely gifted clairvoyant Dave, who appears to 'see' extremely detailed private data about his clients. In the campaign, Dave 'magically' revealed credit card numbers, the interior of houses, number of boyfriends, tattoo designs, the exact amount spent on monthly purchases, and other various private details. Now, the 'magic' behind the truth turns out to be much creepier than anyone expected it to be – our online presence.
Numerous companies worldwide are linking all the data that we are leaving behind while using websites over the years. This data can lead to a very detailed personal profile, which helps to personalize direct marketing explicitly created for the individual only. And this way, advertising can be directed to the products and services that people have thought about and slowly nudging them into purchasing it. More dangerous is that such a profile can be used for political purposes. History has taught us that detailed knowledge of people's ethnic background and political or religious beliefs can, in the wrong hands, literally be life-threatening.
For example, in June 2020, Facebook refused to censor a post that contained Donald Trump's statement of 'When the looting starts, the shooting starts,' as well as a post by Trump that criticized the CHAZ (protest for George Floyd). The action led to immense criticism and later became one of the factors leading to the boycott, called 'Stop Hate for Profit.' Over 1,000 companies partake in the boycott.
Furthermore, several tech giants monitor everything about our online presence, and people have no idea about it. Facebook has at least 98 different data points that allow the organization to collect various data on individuals such as exact location, income, net worth, home value, and many more. According to the Pew Research Center, 74 percent of Facebook users do not know that such a list existed in the platform.
Besides, Facebook not only tracks individual's home value, but they also track the movement of the mouse cursor on the screen along with the location of every hour (even with the geolocating feature turned off). Facebook follows the individual around the web when they are not on its site, can see the type of message they are drafting (even the ones they did not post online), scans private messages, etc.
Now, does it mean that privacy does not exist anymore? Not really – it still does. Numerous privacy rights have improved over the past several years, and international governing bodies are trying their best to protect citizens' data privacy. Multiple tech companies have been forced to increase security, and end-to-end encryption (E2E) messaging is now available to billions of people globally, which protects our data. The benefit of E2E is that tech companies do not have access to any personal data of the users.
On the other hand, companies also need to adapt to data privacy regulations to protect their customers' information, such as GDPR (General Data Protection Regulation). GDPR requires businesses to protect EU citizens' data and privacy for transactions with EU member states. And non-compliance could cost companies dearly. If not GDPR, then the companies can adapt to any local regulations. This way, companies will be able to protect customers' data and gain their trusts too.
Data privacy is essential for many reasons. As a consumer, you need to be aware that your data is being stored and used by a whole host of companies and make sure that you don't share more than you want to – privacy is, after all, a fundamental right. As a company, data privacy is arguably even more critical. You may have to meet legal responsibilities about how you collect, store, and process the personal data, and non-compliance could lead to a hefty fine.
The author is the CEO of Rakuten Viber.