AXEL.org

data privacy

A Beginner’s Guide to Staying Safe Online

Every week it seems a new security breach is hitting the headlines so we can be forgiven for thinking the online world is a dangerous place.

Earlier this year, Facebook was lambasted for sharing user data with third party apps, while those with Androids were shocked to learn that their mobile was tracking their every move thanks to built-in location tracking tacked onto Maps and Photos.

And then there was the Amazon Echo incident, where customers realized their every interaction was being gathered together to build a case about who they are and their shopping habits.

So yes, we’d be forgiven for thinking the online world is a scary place.

Sure, the internet has impacted our lives in amazing ways, but there is a dark side just like with everything else.

But because we’ve been so eager to dip our toes into the countless benefits that the internet brings (being able to communicate with anyone, anywhere is pretty priceless), we’ve lost some of our personal privacy along the way. It’s kind of an exchange – we let you do this in exchange for this information about yourself.

This isn’t about to stop anytime soon.

We like the freedom to contact someone on the other side of the world with the click of a button. We like being able to next-day-deliver something we’ve coveted for all of five minutes. We like being able to read our favorite news stories without having to shell out for a hard copy.

Handing over our data for online freedom is the price we pay. Everything we do on the web leaves a digital trail that can be swept up and used by corporations and governments.

The problem is in the transparency of it all. Legalese in tiny fonts that are unreadable with the naked eye pull the wool over users’ eyes. We want to sign up to Twitter so we can see what everyone’s saying about the latest celebrity scandal, so we blindly tick the “yes” box without really agreeing to have our data scraped through and sold on for who knows what purpose.

Giving away even the tiniest snippets of data about yourself can leave you at risk from less-than-stellar companies, but there are steps you can take to limit how much data is siphoned from your internet activity.

If you’re not tech savvy and don’t know how to navigate the ins and outs of the World Wide Web, let us help you out.

Encrypt Your Email

Email is not going anywhere anytime soon. In 2017, more than 270 billion emails were sent, a number that’s set to increase to 320 billion by 2020.

We hear all the time about email accounts getting hacked, and this form of online communication has been hailed as the absolute worst for security. This is because a single email message gets passed around several different servers before it reaches its final destination.

You can keep the content of your messages private with encryption. Some email providers already offer this as standard, but for others you might need to download an add-on or a plugin. When it comes to the metadata that accompanies your emails though (the sender, receiver, time stamps etc), there’s nothing you can do as the internet routing system needs this information to do its job.

Hide Your History

We often get sucked into a wormhole on the internet and find ourselves knee deep in cute cat videos when all we wanted was to find a review for the new washing machine we’ve got our eye on.

It’s hard to believe that anyone would be interested in the meandering trail we took to get to the cat videos, but this information can be used by companies to know what sites we visit the most and how we get from one to the other.

This log of sites you visit is known as your “clickstream”, and you can take a look right now at the online journey you’ve taken over the past day by simply clicking “History” and then “Full Browsing History” when your browser is open.

This information isn’t private unless you always browse the web in Incognito mode so the sites don’t retain your Cookies (watch the video below to understand what Cookies are), or to download a free tool that obscures your clickstream.

Video:

Get Savvy with Your Social

It always seems to be social media sites hitting the headlines with privacy concerns (we’re looking at you, Facebook), and that’s because social channels are filled with a bounty of information about their users; from date of birth to restaurants you regularly check into and your closest friends, these sites literally have an incredible low-down on you.

But again, it’s the price we pay to stay in the loop and to share filtered pics with our nearest and dearest.

The best advice here for eliminating any chance of your data being scraped and used elsewhere is to delete all of your social media accounts.

If that seems too drastic, give yourself peace of mind by having your accounts on the highest security settings possible (here’s a great guide to help you do that) and leaving out any identifying information like your date of birth or your home town.

We can’t control what others post on social media (and sometimes they’ll post stuff about us that disappears into the ether), but we can control what we hand over to the grasping hands of big corporations.

Leave Your Location Out of It

There’s something thrilling about checking into a new place, whether we’re humblebragging about visiting the latest high-end restaurant or simply want people to know that we’re Out There Having Fun.

But location data can be incredibly valuable if it falls into the right hands.

Think about it: not only are you providing information about where you are and what you’re doing there, you’re handing over data like what time of day you like to do that activity, and you’re even giving nearby locations the chance to target you with ads while you’re in the vicinity.

The answer here is simple: turn off your location when you don’t need it and avoid using sites that require you to “check in” or need location information.

Other Things You Can Do

Encrypting your email, being elusive with your social media information, and avoiding the lure of “checking in” are good starting points for protecting your online data privacy.

But, taking it further, you can ensure that your password across everything is not something that can easily be guessed. Instead of having a password, go for a passphrase that is made up of multiple words, numbers, and symbols.

And, when it comes to your search engine habits, be ruthless.

Many of the big search engines make a note of your searches and build a profile of you to serve up relevant ads. If you want to avoid this, you need to avoid the big guys and instead use a search engine that doesn’t track your every search term (the oddly-named DuckDuckGo is good for this).

Protecting online data is a big concern for most internet users, but for the tech-phobic it can be truly terrifying, especially if you don’t even know how to start protecting yourself.

Hopefully these tips will point you in the right direction and help you get your privacy back under control, pronto.

The Growth of Privacy – VPNs and Beyond

We all expect to have our private matters kept away from the prying eyes of strangers. Recent years have seen a flurry of wild reports on the grapevine, from federal agencies spying on telephonic conversations to personal data being stolen from the cloud and used for unintended means. As far fetched as they may seem to the average personal internet user, many of them are true.

The gravity of the situation truly came to light in 2017 when the US Congress and Senate approved the decision to remove privacy protection for internet users. This was no doubt backed by corporate powerhouses looking to sell and buy data. USA, the land of dreams, fell prey to prying and spying, and was criticized by many for selling out the privacy of its own citizens.

In the thick of things: Telcos

Telecommunication companies, or telcos, are right at the center of the storm. Increasingly under scrutiny due to the rapid increase in cellular users, these companies actively trade-off between the multipolar attraction of user privacy, revenues off data sharing, and network exploitation.

Verizon is one of four cellular service providers who have agreed to halt the selling of user location to data brokers.  This is a direct result of increasing pressure from regulators to protect cell phone users.

However, regardless of the role that Telcos eventually adopt, users too are adopting safe measures for the protection of their data. The data security market is expected to be worth $22.85 billion by 2020. As for today, there are an array of commercial off-the-shelf (COTS) and personalised solutions to the classic problems of privacy.

With this in mind, we thought it would pertinent to give a 101 of the most popular option; one that helps create a virtual bubble to protect our privacy from prying eyes.

What are VPNs?

VPNs are rapidly gaining popularity with both corporations and individuals.

The term stands for Virtual Private Network and basically allows users:

  • to access private networks securely
  • remotely share data through public networks.

In other words, it allows an individual / firm to protect their identity, and data, from unauthorized users online.

What VPNs do

  • They secure sensitive data online and during transfer/use.
  • They encrypt data – even if data gets stolen, encryption makes it of little use to the average hacker.
  • Bypassing of content filters becomes possible; this can be godsend in countries such as China, where whole stratas of the internet are blocked due to stringent internet policies.
  • Data can be shared for an extended period.
  • You can browse the web in complete anonymity. Continuing from the Chinese example above, you would not want the government to go through your ‘How to launch an Arab Spring’ reading list.
  • Implementation of a VPN system increases bandwidth and efficiency.

Given all the benefits of VPNs, it does come to mind that the setting up and running of a VPN would be a complicated process. Surprisingly, with the help of COTS solutions, it is as simple as typing in a password and username. VPNs work on the basis of protocols that are constantly being upgraded and improved. The most common are:

  1. PPTP

PPTP stands for Point to Point Tunneling Protocol and has been around since the 1990s. PPTP works by encapsulating the data pocket rather than encrypting the information. This particular system owes its popularity to its adaptability towards almost every operating system. With the advent of stronger and more secure protocols, the credibility of PPTP has been called into question. It is still a strong VPN, just not the most secure option available.

  1. L2TP/IPsec

L2TP and IPsec are actually two different protocols that are often used in combination. This is because pairing the two adds their most coveted properties together to form a reinforced security. L2TP is unable to encrypt data so it generates a secure tunnel, while simultaneously IPsec takes charge of encryption channel security as well as data integrity to ensure that the channel of communication remains uncompromised.

  1. Open VPN

Open VPN has gained immense popularity. This is largely due to the fact that it is freely available and thus the cost factor, which might otherwise weigh heavily, is completely eradicated.

Treasuring your Privacy

Data protection can be expensive: most good data privacy services cost a good deal of money. Here are some tips to make sure you get the most bang for your buck.

  • KillSwitch works to ensure that the data remains safe in case the connection drops.
    There are two main types; one blocks internet traffic in case the VPN drops while the other shuts down applications.
  • Use P2P servers to download torrents.
  • Make sure the settings of the VPN are set to protect against any data leaks.
  • Use the VPN service diligently on your mobile phones, especially when visiting countries with strict data theft records, such as China and the UAE.

VPNs have multitudes of benefits that have been mentioned above. However, like every other thing, they also have disadvantages.

  • With rising awareness about the threats to  personal privacy comes a larger demand for VPNs. Wherever there will be an increased demand for a particular service, it gives corporations the incentive to step in and exploit that demand through commercialization.
  • Free VPNs are opted for by most – since they are free, of course. However, “free” VPNs that are used to access blocked sites and such often allow or fall prey to malicious third parties. Even more regrettable is the fact that many of these popular solutions may come with their own set of adware and spyware, thereby granting the developer access to sensitive information.

In the grand scheme of things, many individuals consider the loss of their data inconsequential: “what would anyone achieve by accessing our personal information?” Despite the growth of the privacy industry, this fatal error is not so uncommon. Businesses, on the other hand, with decades of lessons learned behind them, are unlikely to make the same mistake.

Reference Links

https://www.forbes.com/sites/forbestechcouncil/2018/07/10/the-future-of-the-vpn-market/#22a967602e4d

https://www.forbes.com/sites/enriquedans/2017/03/29/the-upcoming-spread-of-vpns/#423a6b4679a3

https://gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-why-youre-dumb-for-not-using-one

https://www.ibvpn.com/2010/02/8-advantages-of-using-vpn/

Read This Before Downloading That New App

Last year, the total number of mobile app downloads worldwide was calculated to be 178.1 billion.

And that number is only expected to go up this year, as more and more apps continue to show up on the market and draw our attention.

In fact, with over 5.8 million apps available to download today, you’ve probably had a lot of conversations about that amazing thing you can do on your phone because of a new app.

But have you discussed the safety of those apps you’ve been downloading, and whether or not the data on your phone is still secure?

“Using Apps Safely” might sound like a boring topic—I mean, come on, who cares about that when they’re busy taking a quiz to find out which Disney princess they are—but it’s extremely important for every user to be aware of and informed about the potential dangers of some of the apps on today’s market.

Every new app should pass certain criteria before being downloaded. And there is a huge reason why.

Read This Before Downloading That New App

Apps Cultivate Data

App safety isn’t exactly a new discussion topic, but it’s one that isn’t always taken seriously. Today’s apps are new and exciting and full of promises. You can do practically anything with one—from important things like locking your front door…

…to really important things like proving you’re a true Game of Thrones fan with a Hodor keyboard (really).

But with every app you use, it cultivates more data.

What’s more, mobile marketing is making a bigger appearance because businesses are fully aware of the monetary potential that apps now carry. And this means that the data we cultivate while using our various apps is becoming more and more desirable.

How much data do we cultivate while using apps?

Think about it: We live with our phones connected to our hands; we communicate with friends and coworkers, we answer emails, we track our health, we calculate our caloric input, we shop for clothes, we keep tabs on our bank accounts… we even let our devices memorize our faces.

Just last year, Statista calculated that app users spent 77% of their valuable time on their three most-frequented apps.

Read This Before Downloading That New App

That’s a lot of time spent on apps, and a lot of data created while using them. For marketers, it means a gold mine of monetary potential.

Read This Before Downloading That New App

Using Apps = Making Money

As we open our various apps, make in-app purchases, and tap on one link after another, some companies are tracking our behavior because it gives them a better picture of who we are and what motivates us to click “buy.”

This is why we have to pay attention to the integrity of every app we download. Some companies are sneaky about the data they collect and how they handle the data that they collect. It’s valuable stuff, and there’s a lot of it, so they’ve figured out an easy way to get what they want without you catching on—which is through their apps.

And that, of course, means our data privacy concerns need to extend into the world of apps.

So if we know the potential danger of downloading an untrustworthy app, then why are so many everyday users careless about which ones they download?

I mean, you wouldn’t let just anybody into your house to rifle through your closet, read your mail, browse through your personal journals, and then use that information to make money, right? So why would you allow an app to essentially do the same thing to the data on your phone?

The answer to that is this: the ease and excitement of downloading a new app far outweigh any potential threats that the app might pose.

Because of this, many of us tap the download button without giving a second thought to the app’s safety and then suffer the consequences of having downloaded a “Trojan” app—one that hides a brutal invasion.

Suddenly, we go from operating our phone to holding a data-laden device in our hands that’s being operated by hackers.

But here’s the good news: you can learn to spot a potentially malicious app before it harms you.

And you can feel more confident about the safety of your apps by checking certain things before tapping that download button. It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

So, before you download anything new, make sure to run that app past a few safety checkpoints to ensure that it upholds data safety practices.

It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

Read This Before Downloading That New App

4 Checkpoints An App Should Pass Before Downloading

Imagine it’s a Sunday afternoon, it’s raining, everyone you know is too busy for you, and even your dog doesn’t want to look at you. You’re bored—and you want to download that cool new app and figure out all the incredible stuff it does.

If you’re bored out of your mind, you might be tempted to throw caution to the wind and hit “download” without a second thought.

But before you do that, remember that you like your data better when it’s not being exploited—so take a few minutes and double-check to see if that new app can pass these 4 safety checkpoints.

Checkpoint One: The Integrity of the App’s Marketplace

Where is that app coming from? The best route to take when downloading an app is to start from a reputable market source. Read through their privacy policies and whether or not they hold their developers accountable to their strict policies (for example, here are Apple’s developer guidelines and Google’s policy for developers). Reputable marketplaces will have strict privacy policies and guidelines and have a history of expelling violators.

Checkpoint Two: The Reviews

Read the reviews. Are the ratings high, or at least reasonable? Did any reviewers mention that they downloaded the app and were invaded by malware? Or, does every single review seem positive and fake? Some app developers will hire people to leave fake reviews in order to boost their ratings. Take some time to read through a good mix of the app’s reviews and evaluate whether it seems safe or not.

Checkpoint Three:  The Company

Does the company that created the app seem safe and reputable, or does it seem questionable? Go to the company’s website and read about their history, maybe find out about their team, and see if they are a legitimate company and not some clueless app tinkerer trying to throw bad apps into the mix. Trustworthy companies aren’t going to risk their business by putting out a nasty app.

Checkpoint Four: The Privacy Policy

Before ever allowing an app to take up space on your device, take the time (I know it doesn’t sound fun, but trust me, it’s worth it) to read the company’s privacy policy in order to learn exactly WHAT information they plan on acquiring and HOW they plan to use that information.

A lot of untrustworthy apps have questionable policies that fly under the radar because most people don’t want to bother with taking the time to read through its technical lingo. Don’t let this tactic get you—read through the policy and find out whether that app will be accessing data and selling it to third parties or using it in other ways for monetary gain.

Essentially, any new app you’re checking out should come packaged with a privacy policy that you can trust your data with and that is clear and honest about its intentions.

(In fact, if you want to see an example of a solid policy right now, check out the AXEL privacy policy. We’re kind of proud of it.)

Read This Before Downloading That New App

Happy App-ing

There are plenty of bad apps out there that you will want to avoid, but there are also plenty of really awesome apps out there that might actually transform the way you do things in the best possible way.

It’s up to you to be aware of the benefits and dangers of today’s apps and to assess whether the one you’re about to download will protect your private data or put it at risk.

And remember: although there are some app developers out there who want to hack your data with their invasive app, there are also a large number of trustworthy developers out there who know how to combine innovative tools with strong privacy protection.

So don’t worry—you can have fun and do amazing things on your phone while also protecting your data.

Why Your Camera Isn’t As Safe As You Think

You’ve joked about it before. How some lonely CIA agent is secretly watching (and perhaps salivating at) your every move via your webcam. So, after you get out of the shower you open your laptop, strike a pose, and chuckle to yourself because you know the very idea is both hilarious and preposterous…until you realize it isn’t.

Webcam spying is very real.

Sure, you’ve seen articles and news segments about people who’ve fallen victim to spying via their webcams. But that’s because they’re either incredibly careless or doing some illegal stuff they know they shouldn’t. Right? Not exactly.

It’s well within the realm of possibility that you’ll wake up tomorrow morning to see pictures and/or videos of yourself in some sort of “compromising position” online. Yes, I said pictures of you. Plain old, beer-drinking, hangover-having you. But of course, you probably won’t see those pics until they’ve been liked, retweeted, and shared with a million other people first.

So in case you missed it my friend, welcome to the 21st century.

Devices That May Be Hacked

In most cases, spying is done through the cameras of desktop or laptop computers. So if you’re thinking of taking that extra five bucks out of your dad’s wallet, don’t assume you’re all alone. A hacked camera can cause severe emotional or psychological damage. One 20-year-old Glasgow student was left traumatized after she found out webcam hackers watched her while she was in the bath.

Although computer webcams are the devices that are most commonly hacked, you can also be tracked and watched via your smartphone camera. Even surveillance systems may be hacked and used to track people in real time. This means unscrupulous individuals may be able to watch you at home or at work from multiple angles, all day, every day.

Even more frightening is the idea that your children may be targeted. Imagine the horror of a mother in Houston who found out that footage of her daughters’ bedroom was being live-streamed. And if you thought things couldn’t get any weirder than that, consider the fact that even baby monitors are being used for spying and the data of more than 2.5 million kids was stolen using their favorite smart toy.

How It’s Done

The most common way hackers access your cameras is by using malware. Seemingly innocent links or attachments embedded in emails and online ads may be riddled with Trojan horses. Be sure to avoid the sweet Russian girls; a simple click or download could leave your device infected—effectively handing over control on a silver platter. Oftentimes, the malicious code is packaged with legitimate programs or software so you don’t even notice it. Hackers with remote access can turn your cameras on and off with no indication from the camera light.

Another way people may gain unpermitted access is by borrowing your device and manually downloading applications that allow them to access your files, camera, and microphone. These applications can be hidden so you don’t even know they are at work.

And if you thought that was all, my friend, you’d be wrong. Ever thought about app permissions? I’m sure you’re familiar with apps asking for permission to use your camera. What you may not be familiar with is the fact that these apps can capture you on camera at any time when they’re in the foreground (yes, that means even when you’re not using the camera). What’s worse is that no one knows what these apps may be able to access when they’re in the background and out of sight.

Unmasking The Creeps Who Spy On You

The main perpetrators in the spying pandemic are hackers. They use Trojans to claim control of your cameras and watch your every move. They may put your photos and videos on the internet for others to view online. In more disturbing cases, nude and intimate moments may be live-streamed on voyeuristic websites.

As I mentioned before, apps can also gain unpermitted access to both your front and rear cameras. Who knows what WhatsApp, Instagram, Snapchat and the like are capturing when your cameras are off and what they’re doing with it? Are they selling footage of you? Maybe. To whom or for what purpose I don’t know, but Snapchat may need the money.

Now, we’ll discuss the attackers you already know about: the government. Did you know that built-in backdoors in your smartphone may allow the government to access your files, read your messages, listen to or record your calls, capture images, and stream video? Just in case you ever thought the government was on your side!

In 2013, Edward Snowden revealed that GCHQ—a British surveillance agency—collected and stored images from the video chats of millions of Yahoo users under the Optic Nerve program. Yes, tons of raunchy pics were collected and stored as well for…uh…security reasons.

But the blatant disregard for your online privacy doesn’t stop there. In fact, your school and the people you know best may be the biggest culprits.

Between 2009 and 2010, a number of Pennsylvania schools were caught remotely accessing the cameras of laptops issued to their students. And as for your “friends,” they can simply install spy software on your device without you having the slightest clue. Just ask pageant girl Cassidy Wolf. She learned the hard way when she was blackmailed with nude photographs her former classmate had taken via her webcam.

Why Cyber Spying Is Wrong

This one is obvious. We all have the right to data privacy. What’s that, you ask? It’s the ability for an individual (or organization) to determine if and how personal data will be shared with third parties. This includes access to the cameras on your laptop, smartphone, and surveillance system. Your data, your choice.

But is it even your data?

That’s a pretty important question. The terms and conditions you’re so quick to agree to (but never really read) may disagree. Are you unknowingly giving apps permission to access your cameras even when you aren’t using them? Maybe. Is this approach grossly unethical and utterly misleading? Yes. Is it illegal? Perhaps not.

What You Can Do About It

If you’re fine with people spying on you, you might as well stop reading right now. If you’d like a few tips on how to deal with the issue, consider those listed here:

  1. Cover your webcam with tape. If you have an external webcam, be sure to unplug it when you’re not using it.
  2. Install anti-virus software on your PC and your smartphone. It will readily spot and block malware. Be sure to keep your firewall enabled as well.
  3. Use protection. No, not that type of protection. Place a secure lock on your phone. Use a fingerprint lock or password to keep nosy “friends” away.
  4. Use your devices on secure networks. Stay away from public networks.
  5. Think carefully before giving an app permission to access your camera.
  6. Update the password for your surveillance system regularly.
  7. Be cautious about the emails that you open and the links or attachments inside them.
  8. Be wary of online advertisements and dodgy chat rooms.

And because I love you, here are some other ways you can be safe online.

The Bottom Line

People are definitely being spied on with their own cameras. You may be one of them. The government, hackers, schools, apps, and people you know may not be as innocent as they seem. While organizations like ours try to bring light to this gross disregard for your right to data privacy, remember to do what you can to keep yourself protected. And for Pete’s sake, never, EVER, trust that shady middle-aged guy who always sits behind you in the coffee shop!

Protect Data Privacy by NOT Collecting Data at All

In Hansel and Gretel, the two siblings sprinkle breadcrumbs as they venture into the woods in order to find their way home.

When we browse the internet, we sprinkle metaphorical breadcrumbs of information about ourselves as we go. Unlike the fairytale, where Hansel and Gretel knew what they were doing, the vast majority of internet users are unaware of just how much information they’re giving away on their journey around the web.

Unless you’ve got blockers installed up to your ears, the tracking starts as soon as you open up an internet browser. From that moment, your digital footprints carve a route around the web that can be traced back to you at any moment.

Sites you visit can use these footprints (or breadcrumbs, if we’re sticking with the fairytale theme) to recognize who you are and serve you a more personalized experience.

That sounds great, right?

In one study, 71% of consumers said they’d prefer a personalized experience with ads, while some even expected it from brands. And the easiest way for sites to personalize those experiences is to track the interests and online behaviors of visitors.

From that perspective it works; the consumer gets a personalized experience and brands get to give their customers what they want. It’s a win-win situation.

But is it really that simple?

I mean, we’re not talking epic government data mining expeditions here; we’re simply talking about brands using specific information to better target content to their users. It’s all above board and totally legal.

So what kind of data can these companies get from you?

It can be anything from your current location and the device you’re using to specific links you’re clicking on and the actions you take on certain sites. It all starts with your browser and your IP address – the moment you pop up online, a unique number that identifies the device you’re using is recorded, marking the moment you entered the internet and where you were when you went online.

At the same time, your browser is logged as well as other uniquely identifying information like the system you’re running the browser on, the display resolution, and even the battery level of your device. Even if you haven’t clicked your mouse or typed anything in yet, you’re already being tracked.

Who Benefits from Collecting Data?

I mentioned earlier that data collection can be mutually beneficial. Consumers don’t have to see ads that they’d never buy from in a million years, while websites can get more information on their visitors to make experiences more personalized and, therefore, get more sales.

But who is it really more beneficial for? If we really get down to the bottom of it, who is really getting the most out of the dissemination of data?

Personalized experiences are nice, right? But are they worth the data breaches that happen and the inevitability that brands will sell that data to completely unrelated companies just to make a quick buck?

Let’s face it: most sites are eager to scrape as much information as they can about their visitors with the sole purpose of making more money. Sure, the thought process might be there to make experiences more enjoyable by personalizing them, but really the goal here is to target more.

Look at Facebook. The data it collects as you browse the site can determine when you’re expecting your firstborn, the exact names and addresses of the companies you’ve worked for in the past, and even your political leaning.

And guess what?

It doesn’t just collect this data to get to know you better as if you’re on some kind of weird, digital first date. It collects it to sell to companies to make money through advertising.

So yes, there are benefits to the consumer; you might not have to pick a particular city every time you want to get the weather because it’s remembered your past choices, or you might not have to shop again for those items you left in your online basket last week, but these benefits are minor compared to the massive benefits companies and sites get from tracking your every move.

Where the Lines Get Hazy…

Of course there are browser security protocols in place that mean sites can’t just go around scraping all sorts of stuff about you. In fact, for the most part, sites can only access the data they’ve collected – as in, they can only see the information you’ve “given” them while you’ve been on their site.

However, something called third-party cookies muddy the waters. These aren’t associated with any particular site, but instead get spread across a number of different pages in, say, an ad network.

Princeton University ran a study that found cross-site trackers embedded in 482 of the top 50,000 sites on the web. It might not seem like a lot in the great scheme of things, but once these third-party trackers have consumer information they can then sell it to even more people.

While the most sensitive data is redacted from these apps, consumers are still having to put their trust into a nameless, faceless brand.

But what about the data that consumers are handing over willingly?

Things like Google searches and checking into venues on Facebook?

While sites might be collecting information like which browser you’re using and what your shopping preferences are, you’ve probably handed over more sensitive information like your birth date and exact location without even giving it a second thought.

Does the Future Lie in NO Data Collection?

In May this year, the GDPR (General Data Protection Regulation) came into play in Europe. It means that brands now have to explicitly state to their users exactly what information they are collecting and exactly what they will be doing with it.

Users now have to actively opt-in to providing their information; sites can’t just take it for nothing. Already countries outside of Europe are considering this new method because, well, it just seems like the right thing to do.

But what does it mean for the future of data collection?

Now that users are more aware of their rights when it comes to data collection and have to actively “opt-in” with their information, they are becoming less and less inclined to do so.

If there’s an option to not sell your firstborn, it’s kind of a given that you’re going to go for that, right?

In this instance, the future of data collection looks bleak – especially for sites and brands. If their users aren’t giving up the goods, they’ve got nothing to work with and essentially have to go back to the drawing board.

This might invite new ways of collecting data or a more collaborative approach between consumers and brands so that information can travel between the two in an open and honest way.

The future of data privacy is uncertain for now, especially so soon after GDPR has risen its head. What we do know is that the power will be distributed more evenly between internet users and brands, and sites will no longer be able to take, take, take without building more of a relationship with their visitors.

It sounds quite nice, actually.

But would a world without any data tracking or collection be good? If every person who went online immediately went incognito, leaving not a single trace of who they are or what they’re doing, how would the digital world evolve? How would companies know what their consumers want? How would internet users cope with having to start from scratch every time they went back online?

The questions remain endless, but it’ll be interesting to see which path data collection goes down from here on out.

California Thinks It’s Fixing Data Privacy. It’s Not.

“Your move,” says the new California Consumer Privacy Act of 2018.

Except, this isn’t a game of chess—picture it more like a million-piece jigsaw puzzle called “Cats Around the World,” and it’s been spread out on your dining room table for the past twenty years and you’re only 40 pieces in.

(Sounds like a party, am I right?)

Here’s the thing: the data privacy law that was signed on Thursday by California’s Gov. Jerry Brown is a new piece of the data privacy jigsaw puzzle that has served as the U.S.’s means to protect its citizens’ privacy. It’s certainly a huge step in terms of improved privacy laws, but it’s not quite clear how it fits into the nation’s “big picture.”

So far, the U.S.’s privacy law game is patchwork and somewhat messy. We have federal laws like The Federal Trade Commission Act (FTC Act), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA), which are aimed at specific sectors, and we also have state statutes that are aimed at the rights of individual consumers. However, there is no single principal data protection legislation, which means the currently enacted laws don’t always work together cohesively.

And this adds to one big, confusing jigsaw puzzle with pieces that sometimes overlap and contradict one another.  

Up until now the timeline of such regulations have been slow and piecework. Most of our states are weak in terms of their data protection, with a few states—Florida and Massachusetts, for example—serving as “leaders” in data privacy regulations.

Already this year we’ve seen the EU’s General Data Protection Regulation (GDPR) going into effect, and we’ve also seen (way too many) data breaches in the states. The issue of data privacy is gaining notice throughout our nation and throughout the rest of the world, and now some of us are wondering: what does the future hold in terms of data privacy in the U.S.?

California’s sweeping law seems to be a good step in the right direction, but how does it fit into the rest of the puzzle?

An “Interesting” Piece, To Say The Least

California’s new privacy law will give consumers more control over their data and force data-holding companies to become more accountable and transparent.  The Act establishes the right of California residents to know what personal information about them is being collected and to whom it is being sold, plus the ability to access that information and delete it. Additionally, the Act will establish an opt-in consent for individuals under the age of 16.

It’s coming into effect in the wake of the new EU law that was enforced in May, and although it isn’t as extensive as the GDPR, it’s certainly proving to be a forerunner of U.S. privacy rights. 

However, the Act also had an interesting path—surprisingly, it didn’t face much opposition from major companies despite its fleshed out regulations.

Why not?

Because there was also a ballot measure—the California Consumer Personal Information Disclosure and Sale Initiative—that had been cleared for a vote in California in the fall, which would have proved to be an even greater challenge for companies due to its tighter restrictions and higher fines.

Major companies—like Facebook, Verizon, Uber, and Google, among others—were already lining up against the ballot, and some donated to the Committee to Protect California Jobs in a further effort to oppose it.

Leaders of the Committee to Protect California Jobs said in a statement, “This ballot measure disconnects California. It is unworkable, requiring the Internet and businesses in California to operate differently than the rest of the world…”

In the end, even though enough signatures were collected for the initiative to appear on the ballot, a compromise was reached instead. This resulted in the proponents withdrawing the initiative and the newly approved Consumer Privacy Act entering the world.

So, to sum up the story, the end result basically came about from many of the voters having to choose between “I don’t like this” or “I really don’t like this.”

…Which kind of sounds like the debate you’d have while shopping for the top two hardest bingo games at the store because it’s your great aunt’s birthday and she wants to party.

The “Puzzle” Thus Far: A Quick Data Privacy Timeline

The California Consumer Privacy Act arrives as a new and shiny addition to a slow and dusty timeline of U.S. privacy regulations.

Let’s take a quick peek at a timeline of some of our nation’s data protection laws:

1974 – Family Educational Rights and Privacy Act: restricts disclosure of educational records

1978 – The Right to Financial Privacy Act: restricts disclosure to the government of financial records of banks and financial institutions

1986 – Computer Fraud and Abuse Act: prohibits unauthorized access to obtaining financial information, causing damage, obtaining something of value, or affecting medical records

1986 – Electronic Communications Privacy Act: protects electronic communications during production, transit, and storage, and applies to email, telephone conversations, and data stored electronically

1988 – Video Privacy Protection Act: prohibits videotape sale and rental companies from disclosing data

1994 – Driver’s Privacy Protection Act: restricts states from disclosing state drivers’ license and motor vehicle records

2000 – The Children’s Online Privacy Protection Act: restricts collection of data from children under the age of 13

2003 – Health Insurance Portability and Accountability Act: protects and establishes standards for the electronic exchange and security of health information

Because the U.S. takes a sectoral approach to regulating privacy, many of the current regulations overlap in some areas while providing gaps in other areas.

For example, the Family Educational Rights and Privacy Act (FERPA) generally covers data like student immunization and medical records, but it sometimes conflicts with COPPA, which only protects data for children under the age of 13.

With ever-growing sources of sensitive and valuable data, and the increasing risk of that data being mishandled and exposed, a need for solid privacy regulations is bigger than ever.

But with a sectoral approach to regulations, the result is that maintaining standards of data privacy becomes a confusing and complicated task.

The Big Picture (Hopefully Not Of Cats)

There was a time when the sectoral approach was deemed by many U.S. organizations to be preferable to a more overarching approach like the GDPR: industries could establish a more “individualized” way of regulation that suited their needs, and the hodgepodge of regulations sometimes created gaps that organizations could fall into.

However, now the gaps are smaller and the replacing overlaps make it significantly more difficult and complicated for organizations to appropriately handle their data. The U.S. is still an outlier in its privacy approach, but now it’s starting to get a really bad rap across the globe.

The new California Consumer Privacy Act of 2018 is one more piece to add to the immense jigsaw puzzle that makes up the U.S.’s approach to privacy laws, but it begs important questions: how well will it fit in with already existing regulations, and how much of an influence will it have in future regulations being established?

Ideally, the nation’s future of data privacy laws will be cohesive, clean, and fit together well in a way that thoroughly protects citizens’ data and is adaptable to numerous industries.

California has made a big step towards the future of data privacy—here’s to hoping that only good things will follow.