We need to wake up to how our personal information is being used online. Tech companies are delighted to fund free email and wonder apps so they can read your email, know what you eat, what exercise you like, and where you shop. The key thing to remember is that if you are not paying for it, then you are the product, writes Marjorie Brennan
Do you read the terms and conditions for online services or do you just tick the box? You probably see the term cookies pop up on your phone or laptop countless times a day but do you know what it means? Are you happy that services such as Google and Facebook harvest your information for advertising? Have you ever thought about how safe your information is in the ‘cloud’?
Data-protection consultant Daragh O’Brien says most people are not aware of what information online services such as Google have stored on them.
“People think they are tech-savvy because they are online and using apps. But the majority of people don’t read terms and conditions. They focus on the convenience and the immediate need but don’t necessarily stop to think what actually happens to their data,” he says.
“If you are using consumer-grade Gmail, Google are reading your emails to identify things they can sell to you. That is like the postman opening your letters to figure out what page of the Argos catalogue to put through your letterbox. When a postman opens your letter, he gets fired. When Google opens your emails, they generate profit.
“People think these services are available for free; they don’t think about how Google funds the services they provide. Computers, servers, data centres, and staff are expensive. Google, as a brand, has become so ingrained in how we do things, that people just seem to have an element of trust in it. They have taken the view that ‘if this was bad, the Government would stop it’.”
According to O’Brien, the majority of consumers have simply been unable to keep up with the challenges that technology poses to our privacy. “In terms of people’s exposure to services like Google, Facebook, and wearable devices like Fitbit, it’s not that they are unaware or naive. The technology we are using went from being niche and nerdy to mainstream. Business models have evolved rapidly with the evolution of technology. I like to use the phrase the ‘quantified serf’; we are relying very much on feudal landlords to provide us with these services and we are just hoping they are benign.
“The key thing is if you are not paying for it, you are the product, at some point in the chain. There is nothing inherently wrong with those business models. The problem we have is one of education and awareness.”
To mark Data Protection Day last month, Eoin O’Dell, an associate law professor at Trinity College Dublin, deleted his digital profile and then challenged people to find as much of the missing data about him as they could.
“I turned off all the stuff I had control over — my various college-related profiles, the groups I am involved in, my social media profiles, and my own website. I discovered it’s a lot harder to turn them off than it is to come back. The exercise was also about what information other people can find out about you with just average search tools — we are not talking about sophisticated data mining by large multinational organisations.… I knew what was possible but I was still surprised at how far people were able to go and how quickly.”
Under data-protection rules, he says Google or Facebook can only hold information for so long as it is relevant. “For so long as you have an active Gmail account or Facebook account, Google and Facebook keep all the data you have generated in those accounts; the view is, it builds your profile and therefore continues to be relevant.”
O’Dell believes people are becoming more aware of online privacy. “We are beginning to have a conversation about what it means to be private in a digital age. We have kind of sleepwalked into the situation we are in. We are not handing over money but we are being charged in data. There are lots of controversies around services like Ask.fm or about cyberbullying or stealing photographs. As these happen, we can begin as a society to educate ourselves. We are in a transition and we need to manage it. But the ground rules for the transition sometimes need to be set not just socially but also legally and that’s where things like data-protection law come in.”
The Data Protection Commissioner (DPC) has been in the spotlight recently with ongoing cases in Ireland and the EU surrounding online privacy. Its responsibilities have also grown hugely with numerous data-centred multinationals locating here. Regulations governing the transfer of data from the EU to the US are in a state of flux following the striking down of the Safe Harbour framework, which was formulated in 2000. A new framework known as Privacy Shield has yet to be given final approval by the EU.
In 2014, privacy advocacy group Digital Rights Ireland (DRI) took a successful case to the European Court of Justice, overturning the legislation under which the telephone and internet data of EU citizens were retained for up to two years. Now, DRI is taking legal action against the Government, challenging whether the DPC office is truly an independent data authority under EU law.
“What we are seeing with the European privacy regulators is that they are now baring their teeth. It does raise some questions, given that all of these companies are based in Ireland, why it’s the French, the Belgians, and the Dutch who are starting the enforcement proceedings,” says O’Brien.
“However, the DPC office here has historically been grossly underfunded. They have almost tripled the funding compared to what it was but the total funding for the DPC office is still less than the drinks expense bill for the Dáil bar. The fact they have to go to court for everything also hampers them. A traffic warden has more powers of immediate sanction than the DPC.”
O’Brien is wary of what data he hands over to services such as Google. “If you are sending emails about sensitive medical conditions, for example, do you really want to be sending it over a messaging system where they are going to be read and indexed for the purpose of building marketing profiles? That’s the choice people make. Ultimately, email is not like sending a letter in an envelope, it’s like sticking all your private information on the back of a postcard.”
In terms of an alternative search engine to the ubiquitous Google, O’Brien recommends DuckDuckGo which doesn’t track your searches and also claims to offer smarter answers. “When you use Google search, their algorithms are affecting the results you see in countless subtle ways. Algorithms are increasingly becoming not just predictive of behaviour but they are actually guiding behaviour because they are filtering choices for us and we are not necessarily aware of it. You wind up going to YouTube to see the video because Google presents the YouTube videos in the first ten links; the other video-hosting sites might have better content but Google will send you to their own stuff first.”
O’Dell says there are some simple steps that can help you protect your privacy online. “Be conscious of the data you are handing over — do you really need to give your name, gender, age, or marital status to get ‘free’ wifi in a coffee shop for half an hour? When you use a service, you shouldn’t just take the default settings, you should try and work out what the privacy settings are. Choose a company that is protecting your data rather than one that is mining and selling it.”
O’Brien says we need to be conscious that we are paying a price for easy access to information online. “There is nothing wrong with any of these things as long as you realise you are toiling in the fields for someone else to make money for them every time you use their service. There are things people can do to protect their privacy; there are things they can do to get back some control. Maybe we’re getting to a stage where we might not become completely free but we might become a little bit more free-range.”
© Irish Examiner Ltd. All rights reserved