Your 'personal' personal information
Let’s talk about the personal information that belongs to you, your personal personal information. What is your level of tolerance for the amount of data collected about you? Are you willing to provide your email to get a 15 percent discount? What if it’s 50 percent? What if it’s your phone number, too? These are all questions that we are faced with almost everyday and everyone has a different opinion.
One of the biggest problems is knowing what you are signing up for, and what personal information may have already been obtained. When you first visit a site, cookies and other technologies can automatically collect your IP address, set trackers, and more. Once you enter your personal information into other places, you may unwittingly allow yourself to receive direct marketing, allow the business to sell your information, or allow it to be shared with others for purposes you were not anticipating.
What many individuals do not realize is that this might also happen with our smart appliances, security devices, automobiles, and more. Use of AI will increase the amount of intelligence that can be gleaned from data received through the Internet of Things or IoT. And, for many individuals, they feel that they have no control over what happens to their personal information.
Thankfully, data privacy laws have continually increased, particularly over the last five years, providing individuals with data privacy rights and forcing businesses to handle personal information properly. However, like all change, laws are slow to mature, and there has been plenty of legislative pushback. Data privacy rights have existed in the European Union (EU) for decades and their citizens expect businesses to uphold them. These privacy rights are provided to everyone and every business has to comply, even if the business is not located in the EU.
Many countries around the world have followed this example. In the United States, eleven states have passed data privacy laws, offering privacy rights to their residents and the ability to opt-out of the sale of their personal information, but overall, the requirements only apply to large-scale businesses.
Data privacy rights give individuals the ability to ask a business what data they collect about you, receive a copy of it, ask to be deleted, and more.
If you are like many people who have realized you’d rather engage with businesses that maintain a decorum of privacy, there is good news. Many businesses have realized that by advertising their collection limitation and privacy stance, they can build trust and improve sales. If you had to choose between two companies providing the same service, but one sells your personal information and the other does not, which one would you choose? This question is even more significant when thinking about the various Internet of Things (IoT) devices available for your home. This chart from Vogelme.com illustrates the privacy concerns associated with these devices and possible user controls.
There are multiple websites dedicated to documenting the types of data collected by companies -- in particular social media companies -- giving you the opportunity to review the types of data you’ll be expected to give up before signing up. Take Apple for example: The tech giant has created a Privacy Nutrition Label that provides a description of all the apps they load onto your phone.
Privacy Not Included by Mozilla has reviewed hundreds of products and apps for privacy, including smart home gadgets, and gives you an easy to understand description. Products with higher privacy concerns are shown with a warning, and users can rate specific products on a 'creepiness meter’.
Clario’s Big Brother Brand Report provides a list of the most invasive social media and app companies and types of data they collect. For example, ones that not only collect your image, but analyze your background or collect your full list of contacts.
As we implement more Smart items into our homes and increase utilization of apps, particularly ones also used by our children, it is important to put protections in place.
- If you would like to check out what cookies are being added to your computer by a particular website, visit the site using Google Chrome then hit the F12 key. Go to Applications on the top tabs and then on the left hand side, look for a box labeled Storage. Click on the arrow by Cookies.
- If given the chance on a cookie banner, take the 10 seconds to visit their options, and leave targeting cookies off.
- When buying a bed, refrigerator, or other item with IoT, ask the sales rep or visit the company’s website first to do a little checking on the places your data will be sent or what they collect. You may need to look at their (shiver) privacy policy.
- Know who is selling your data and opt-out. Since a lot of websites show this information based on your IP address, it might not be particularly easy to find on their website, particularly if you are not in a state that requires the notice. If you want your state to force companies to admit they are selling your data, then pressure your elected leaders. You can also sign up for a Global Privacy Control (GPC) that notifies every website of your opt-out preference as you visit it.
- Credit Report Agencies (CRAs) sell your data. You can opt-out by visiting https://www.optoutprescreen.com/ .
- Companies in the US, EU, and Canada must have your opt-IN permission to send you text messages, so make sure they’ve offered you a way to opt-in before providing your telephone number.
- Any company collecting information from children should have a parent/guardian explicit consent feature with privacy controls. Read the privacy policy -- who are they sharing information about your children with? Laws regarding children’s privacy are a hot topic and will hopefully improve in the future.
- At the risk of sounding like a luddite, don’t be so quick to jump on the next big improvement in technology, even though it may be exciting and new. Take a step back and see how things go first.
As data privacy legislation expands, the ability to control personal information will increase. The level of this expected privacy varies from person to person, but knowing that you have the ability to make that choice is what makes the difference to most individuals.
Photo credit: baranq / Shutterstock
Lorie Schrameck, CIPM, CIPP/E/US, FIP, is Privacy Manager at LogicGate.