Back in 2019, Flo Health’s ovulation tracker app shared private user information with Facebook, alerting the social media giant when a user was having her menstrual cycle or was intending to conceive. That data was then matched to an individual’s Facebook profile, with relevant ads being targeted towards that particular user.
When contacted for comment by The Journal, Flo Health claimed it never sent information that would let a third party identify the user behind the data. Today, the app boasts an audience of over 110 million women worldwide.
Over the last few years, data privacy and its lifecycle has become an increasing concern of consumers and businesses alike, with both adopting and trying to keep up with the rapidly changing digital environment. From a consumer perspective, a hunger for personalised service and content is a necessity, which in turn requires organisations to obtain, analyse and share data if they are to successfully cater to their audience.
This give-and-take scenario has created a period of tremendous opportunity and risk, as individuals and enterprises attempt to navigate the issue of privacy versus convenience.
So, what does a balanced approach to data privacy look like and how can it be achieved?
Let’s start with the fundamentals.
What is data privacy?
Data privacy is the relationship between the collection and distribution of data. Strong and ethical data privacy requires explicit consent, notice, collection, storage and regulatory obligations.
For a business, data privacy not only includes the personal information of its employees and customers, but information about company operations, research and development data, and financial information.
There are growing concerns around the ability of organisations and governments to collect, store, process, analyse, interpret, consume and act upon data without invading an individual’s privacy.
Ensuring that privacy is preserved while data is shared and analysed is a multidisciplinary problem, and the challenges involve legal and policy frameworks, ethical debates about privacy and transparency, standards of data security requirements, and examining the potential for unintended consequences which arise from linking shared data.
Why is keeping your data private so important?
Data privacy is a fundamental right. For the individual, the protection of their personal information safeguards their dignity and autonomy. A data breach can destroy the trust of the user in the platform they knowingly, or unknowingly, provided their information too, which can result in malicious use by third parties.
The rapid rate of growth exhibited by online communication behemoths, such as Facebook and Google, is a critical element in the data privacy conversation, with Senior CSIRO’s Data61 Engineer, Hugo O’Connor, labelling the amount of power garnered from unbridled data mining by these enterprises as incredibly dangerous.
“Systems that collect people’s information can be weaponised and turned against them and society, and Cambridge Analytica is a good example of that,” explains O’Connor. “These companies have so much information about us that they’re actually able to direct certain behaviours in certain people, and that question of autonomy comes down to that.”
The concept of a personalised platform experience is the key reason behind users sharing their data with online platforms, says Adnene Guabtni, a Senior Data61 Research Engineer specialising in self sovereign identity, noting that it’s an issue of utility versus privacy.
“People are resigned to it because there doesn’t seem to be any alternatives. You just want to get the job done without considering the implications, or you might just assume that companies might behave ethically.”
Data privacy and business models
The barrier to organisations enacting a stronger degree of data privacy if often that today’s business model is reliant on harvesting and selling consumer data to advertisers. However, these data-driven enterprises could tackle the issue - to a degree - by providing substantially more transparency around how user information is being used.
“The issue is about consent,” explains Guabtni. “Users are presented with an agreement that is very broad, with not enough detail or enough restrictions on what the company or the platform can do with the data.
“Existing platforms have agreements that protect the platform rather than the user. This lack of explicit consent means these platforms can never be 100% private.”
Data-based enterprises will need to create new business value proposition by transforming and repurposing their framework to keep up with what’s being dubbed as data privacy 3.0.
The opportunities for – Australian organisations and their role in privacy preservation
Enabling the collection, analysis and sharing of sensitive data, and ensuring privacy for individuals rests on a collaborative effort involving computer science, social science, statistics, encryption software and law.
This will lead to new service offerings, making it crucial for organisations to be thinking about how they handle data as an asset and in the context of their customer relations and social license to operate.
To unlock the true potential of data and deep learning, appropriate levels of privacy must be maintained throughout the data life-cycle, from generation to collection, processing, storage, management, analysis, visualisation and finally, interpretation.
At CSIRO’s Data61, we are researching and developing models and platforms that will allow organisations to have the best of both worlds. Whether it’s technology platforms that encrypt original data, employing algorithms that enable mathematically proven private data sharing, or using re-identification methods, there are various ways to utilise data to its full potential while preserving privacy.
Learn more about our work on privacy preserving research and technologies here.
How you can protect your data privacy
“You need to find a balance that is easy to use in both situations when you want to share or restrict data,” says Guabtni. “Tech companies have to raise their level of competition and offer privacy-preserving solutions that are better than their competitors and the tech giants.”
Until these solutions become widespread, here are some tips for safeguarding your data online:
- Never connect to publicWiFi in shopping centres, train stations, airports, or hospitals.
- Use an end-to-end encrypted messaging app, such as Signal Messenger.
- A web browser doesn’t have the ability to collect as much personal information as mobile platforms, such as apps that ask for access to contacts, microphone, geolocation, etc.
- Be aware that VPNs are a security solution, not a privacy solution. They do not completely secure the data exchange between a computer and a network.
- Don’t use the same password for multiple systems and enable two-factor authentication.