Nothing to Hide, Everything to Protect: Why People Need to Care More About Their Personal Data
As an organisation focused on data privacy, our quest for increased awareness around personal data is often met with the one-liner, “I don’t care who has my data, I have nothing to hide”. Yes, this may be true in the extreme senses, we assume you aren’t living a real-life version of the movie “I Know What You Did Last Summer”. You might not have a murder cover-up going on, or a catfish scheme in process — but that’s not even close to what we’re on about, either.
A massive percentage of global citizens have yet to comprehend the extreme value that their personal data holds. This might possibly come down to the misconception that the term “data” refers exclusively to your online activity and naughty penpal communications. This is not the case. We’re talking about your social security number, medical documents, credit card details, payment history, location, income, and more. This data has value and it belongs to you.
Let’s see what happens when we change the language from “I have nothing to hide” to “I have everything to protect”. Meditate on that. You have nothing incriminating to hide on your phone (I assume), but I’m sure you have measures in place to protect it. Why? Because the phone — and its contents — are valuable to you, and can be valuable to others too. This is reflected in the unparalleled increase in data breaches worldwide, whereby malicious third parties hack and attack purely for the gathering of data.
As we say at the GCF, “in the digital economy, the currency is personal data”. In other words, your personal data might hold more weight than actual money. For instance, consider this statistic from Varonis:
“The average cost per lost or stolen record in a data breach is $148.”
The levels of money required to recover from an event of compromised data also shows off its value:
“Hospitals spend 64% more annually on advertising over the two years following a breach.”
The value of data is so substantial that when breached or compromised, it can cost a company or organisation its existence, and they have to hustle hard to keep their heads above water. Recent incidents include the £183 million fine placed on British Airways after a cyberattack in 2018, or Marriott’s £99 million fine for not effectively protecting the data of millions of hotel guests. The full effects of these fines are yet to be seen, but already the price tag placed on such breaches should be a huge indication that citizens’ data is something to be protected.
So, when you say “I have nothing to hide”, hackers and corporations rub their palms together in greedy anticipation. You’re lack of interest is making it that much easier for corporations and hackers to do their dirty-data-deeds. And don’t be confused, their interest is not so much in your less-than-PG search history than it is in your social security number (think identity theft), your spending habits (think targeted advertising), and your location (“They’re out the house, let’s go.”). It’s about third-parties — often malicious — utilising your private data for their private gain, without your knowledge or consent.
What’s more, the nature of the digital landscape means that once you produce data and put it “out there” into the ether, you have neither the control nor necessarily the right to take it back; and big tech companies take advantage of this by claiming that it’s open season once you have willingly chosen to release your data — a perfect example being the highly popular FaceApp.
It skyrocketed to become the number one app in the App Store, ahead of Instagram and YouTube, with an increase in downloads of 561% on iPhones in the US. However people are starting to see through the FaceApp haze and recognise the inherent infringement this app has on our privacy. Although to be fair, it’s not like FaceApp didn’t give us the hard truth upfront in their terms of service:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”
Millions of users absentmindedly handed over their “User Content” (AKA their face) along with access to their device files, and most likely their location as well, all for the thrill of seeing themselves with a couple wrinkles. Without much effort at all on FaceApp’s part, one corporation has rapidly accumulated a bottomless library of citizens’ faces and their corresponding information. We can blame FaceApp, and we should (like, who does this s*&t), but we can certainly place some accountability on users and their lack of interest in reading the terms of service.
We understand that it seems pointless to read the fineprint, especially when we learn that our android apps who promise us a certain level of privacy are the ones screwing us over. So even when you do take the time to read the pop-ups on your app, nodding in agreement as it promises to keep your data safe, there’s a very real possibility that your app has its fingers crossed tightly behind its back. This is why decent policies and ethical standards must be implemented across the board — with corporations being held fully accountable for their actions — so that all citizens can truly participate and benefit in an increasingly digital world.
What’s the gist of it all? Your personal data does have value. Lots of it. And finding companies you can completely trust is difficult. So the next question is, what measures do you have in place to not hide, but protect your digital gold? How will you stay in control? First and foremost: educate yourself. Follow leaders in the field, stay up-to-date with the latest news, keep informed on what tools are available to you, and, please, read the damn terms of service.
The Global Citizen Foundation is a non-profit organisation that is committed to creating a global framework for digital sovereignty. What actions are you taking to protect yourself in the new digital world? Let us know in the comments below, and follow us for bi-monthly articles on all things data.
