Where do we go from here?
Those are not the only risks, and there is no way to eliminate them. But there are ways to limit them. One, according to Jerome, is to use big data analytics for good — to expose problems. “In many respects, big data is helping us make better, fairer decisions,” he says, noting that it can be, “a powerful tool to empower users and to fight discrimination. More data can be used to show where something is being done in a discriminatory way. Traditionally, one of the biggest problems in uncovering discrimination is a lack of data,” he says.
There is general agreement among advocates that Congress needs to pass a version of the CPBR, which called for consumer rights to include:
- Individual control over what personal data companies collect from them and how they use it.
- Transparency, or easily understandable and accessible information about privacy and security practices.
- The collection, use and disclosure of personal data to be done in ways that are consistent with the context in which consumers provide the data.
- Security and responsible handling of personal data.
- Access to their personal data in usable formats, with the power to correct errors.
- Reasonable limits on the personal data that companies collect and retain.
McNicholas says that “transparency” should include an overhaul of “privacy policies,” which are so dense and filled with legalese that almost nobody reads them. “Telling consumers to read privacy policies and exercise opt-out rights seems to be a solution better suited to last century,” he says. “Consumer privacy must shift to consumer-centric, where consumers have real control over their information."
Jerome agrees. “I certainly don't think we can expect consumers to read privacy policies. That's madness. What we should expect are better and more controls. It's a good thing that users can review and delete their Echo recordings. It's great that Twitter allows users to toggle all sorts of personalization and see who has targeted them,” he says. “But ultimately, if individuals aren't given more options over collection and sharing, we're going to have serious issues about our personal autonomy.”
Given the contentious atmosphere in Congress, there is little chance of something resembling the CPBR being passed anytime soon. That doesn’t mean consumers are defenseless, however. What can they do?
Jerome says even if users don’t read an entire policy, they should, “still take a moment before clicking ‘OK’ to consider why and with whom they're sharing their information. A recent study suggested that individuals would give up sensitive information about themselves in exchange for homemade cookies.”
Herold offers several other individual measures to lower your privacy risks:
- Quit sharing so much on social media. “If you only have a few people you want to see photos or videos, then send directly to them instead of posting where many can access them,” she says.
- Don’t provide information to businesses or other organizations that are not necessary for the purposes for which you’re doing business with them. Unless they really need your address and phone number, don’t give it to them.
- Use an anonymous browser, like Hotspot Shield or Tor (The Onion Router) when visiting sites that might yield information that could cause people to draw inaccurate conclusions about you.
- Ask others not to share information online about you without your knowledge. “It may feel awkward, but you need to do it,” she says, adding that the hard truth is that consumers need to protect themselves because nobody else will be doing it for them.
Sign up for CIO Asia eNewsletters.