Every day should be Data Privacy Day – but especially today

abstract background technology data binary plotted points
ivanastar / Getty Images

Increasing legislative support for the privacy of individuals’ data must, experts have advised as the world marks another annual Data Privacy Day, be backed by a corporate culture that values consumer privacy – and shows it.

With customers increasingly aware of their legal protections under legislation such as Europe’s GDPR, the California Consumer Privacy Act and Australia’s upcoming Consumer Data Right, businesses needed to get on the front foot both in protecting consumers’ data, and in engaging with those consumers to tell them about it.

True privacy leaders will also buck the big-data trend and collect as little data as possible, Mike Kiser, global evangelist with identity governance provider SailPoint, advised.

“For enterprises to meet these rising expectations and comply with legal guidelines, they’ll need to prove that they are investing in privacy,” he said. “Companies who want to capitalise on this moment should seek to collect as little data as possible to reduce regulatory overhead and communicate clearly how that data is being used.”

Businesses should embed data privacy “as one of their core technological values” and communicate this process to consumers as “algorithmic transparency” when embracing artificial intelligence for better data analysis, said Kiser, who pointed to Apple’s recent surge in privacy-related advertising as an example of a tech company moving to own the privacy conversation.

That conversation had become more complicated within the context of the ongoing stoush between tech companies and authorities, with the FBI and Apple recently commencing another battle over unlocking the iPhones of two criminal suspects – re-surfacing the issues from a similar confrontation in 2016.

Helping consumers play a role

Yet tech companies don’t need to carry the only burden for protecting data, with wary consumers having access to more tools than ever to protect their privacy.

Experts protect their privacy by using tools such as ad blockers and blocking website requests for your location, with many advising caution against casually joining public Wi-Fi networks or using password managers.

“Data privacy relates to the concept of autonomy and how you live your life,” Hugo O’Connor, senior engineer with CSIRO’s Data61 data arm said.

Consumers also needed to be more aware of the massive online ecosystems that had been developed for no purpose other than working around privacy protections to learn more about them and their behaviour – and these ecosystems, Thycotic chief security scientist Joseph Carson warned, were working in opposition to the forces of privacy.

“Privacy should be universal,” he said, “however, we tend to have different definitions of privacy in the digital world as opposed to physical world. EU GDPR has been a ground-breaking change that set new regulations around digital privacy, empowering citizens with clear cut rights around consent and transparency of their personal information online.”

GDPR had been “a step in the right direction,” he said, “and has drawn a line in the sand into what’s acceptable and what’s not acceptable in terms of data privacy, collection and processing.”

Yet with some governments “looking to abolish privacy from their citizens altogether” for anti-terrorism reasons, Carson said, businesses and consumers alike needed to work to protect the privacy of individuals’ data.

“Privacy, security and trust must come as a package,” he said. “They are all related and needed in order to build a cyber resilient society. If you sacrifice privacy you are also sacrificing security and ultimately ends in a lack of trust.”

Trust had been a major issue with online tracking mechanisms, which have become more sophisticated and effective for companies using them – presenting additional challenges for privacy-conscious consumers. Proactively engaging with consumers, Data61 senior research scientist Adnene Guabtni said, offers an opportunity for organisations to counter potential negative publicity around increasing privacy.

“Organisations could have been more private than they are now if regulations had been introduced, but we’re now at a point where business models rely on customer data being sold to advertisers, and services are being built on analytics from that data,” Guabtni explained.

“There needs to be a full-scale revamp of data requirements and management in how data is required and managed on a broad scale, so organisations are transparent on how, what and why they collect data, giving consumers more oversight.”

“Once we give away our data,” Data61 group leader for information security and privacy Dali Kaafar added, “it’s incredibly difficult to trace it back and find out who’s using it, who’s already used it, and for what purpose.”

Related:

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies