Educating people about privacy is a difficult task. Convincing them to care about their privacy without appearing to turn into a tin-foil-hat-wearing conspiracy theorist and scaring them off is an impossible task. The upcoming “Cyber Privacy: Who Has Your Data and Why You Should Care,” by April Falcon Doss, CIPP/E, CIPP/US, does an excellent job of walking the reader through the crucial elements of privacy concerns in the cyberworld, without overwhelming them.
What the recent Netflix hit “Social Dilemma” does to introduce privacy to the masses, this book takes it to the next level. It should be considered a more educational companion piece providing greater detail, analysis and exploring the various regulations and their impact on the user, as well as the user’s interactions with the technology, interactions between the technology and third-party actors, such as governments, advertisers and providers, all in the context of user privacy.
This book provides a firsthand account of the impact that privacy has on individuals who might not even be aware of their interactions. It begins with the foundations of privacy, sorting through the buzzwords and narrowing it down to terms the reader can use to identify what the privacy conversation should be about, why it is important and, ultimately, guiding them to understand what privacy should be worth as a whole.
In Section II, Doss provides an in-depth analysis of the services that we have become accustomed to receiving for free. She takes a look at how the Big 4 — Apple, Google, Facebook and Amazon — view you as a source of income for using their services for free, essentially providing a cover for them to turn end-user information into economic output. Actions that we would never consider having an digital economic value, such as stopping at a specific gas station to get gas, can and has been turned into an opportunity by the Big 4 to turn around and sell that user information to advertisers.
Once we are aware of this, we may view this as an invasion of privacy, as having never fully understood or agreed to have our purchases or actions tracked, yet this is what these services do. That, however, is not even the most nefarious part that the section examines. It attempts to provide an insight into cross-platform tracking, as well as advertising technology and the ad auction ecosystem that essentially pays for these services.
The term “If You’re Not Paying for the Product, You Are the Product” is used frequently; however, this section does an excellent job walking the reader through why and how they are the product, as well as providing an insight into predictive algorithms that influence future behavior and how machine learning and artificial intelligence work. The one area that deserves further exploration is the examination of social media and the differentiation between real and fake information. Doss takes a cursory glance at it, and perhaps that is deliberate; however, it deserves more than just that when examining privacy as false information is purposefully targeted toward users.
Section III examines the power imbalances between the end user and the various third parties that are interested and willing to pay for personal information, whether it is the employer monitoring its employees in the name of security or parents monitoring their children in the name of safety or the stalker following their ex after a breakup. The average user is not aware that their information can be or is being shared with a third party. This book lays out the process of how this occurs and examines what we tell ourselves to justify our own actions and curiosity.
The question I raise is that just because we monitor activity to feel better, is it right and would we be OK with others doing the same to us?
While one can justify certain actions in the name of public health, does it necessarily make it right and where does one draw the line — is it our biometric information? Is it our genetic information that we share with companies because they can provide us insight and then turn around and sell that information? The book does a good job of asking these questions and providing how they are raised and end-users are impacted.
Section IV examines the interactions of individual privacy with government interest in monitoring and preventing a terrorist attack. While Doss cannot write about all the successes, there is an attempt to justify the action of collecting the data on users in the name of societal security. The section does walk through the rise of information gathering and monitoring, beginning post-World War II through today. Whether intentionally or not, the reader is left with the question as to where we should draw the line. At what point does society say the government is invading too far into the private thoughts and actions of the individual? The book at certain points attempts to deflect this but ultimately still points out that there is a line.
Section V provides a global view of two competing approaches: those under the EU General Data Protection Regulation approach, and those under a more restrictive totalitarian approach. While the GPDR provides privacy as an inherent human right — perhaps because the EU has a deep history of mass atrocities in the 20th Century that were permitted because of the invasion of privacy by government and religious institutions — Europeans are more sensitive to its excesses.
The EU approach has provided its citizens with a measure of protection as it has collectively decided that this is important to them. While on the other side of the coin, the more totalitarian approach has led to a more invasive examination and in effect a chilling of behavior and thought. The book does a good job of contrasting the two.
Section VI attempts to look toward what the future may hold, and perhaps that with increasing awareness and more frequent discussions, digital privacy does stand a chance in the future.
If there was a way to create a data map of all the information out there and its various interactions from adtech, the government, businesses through to end users, this book attempts to put it into words and then examines how the reader’s information got there in the first place.
I highly recommend this book, if for nothing else, to build a foundation for the upcoming societal debate and conversation on what privacy means to us, how eroded it has already become and what the future may hold.
Photo by Susan Yin on Unsplash
“Strategic Privacy by Design” is a new handy guide to implementing privacy by design, written from a practitioner’s perspective. Authored by R. Jason Cronk, CIPP/US, CIPM, CIPT, FIP, this is the first IAPP book to get into the details of how privacy by design works, with dozens of sample scenarios, workflows, charts, and tables.
If you want to comment on this post, you need to login.