Who is ultimately responsible for privacy in tech?
In unison with the rise of AI, IoT, VR/AR and the mass processing of data, privacy is a leading driver of both innovation and furious debate within and outside of tech. Following successive failures by Facebook to control third-party use of data, with the Cambridge Analytica scandal the most infamous case of such data misuse, and the recent resistance towards tech giant Huawei’s growth by many countries (i.e. Australia, New Zealand, U.S.A, Japan), the potential impact privacy concerns can have on economies as much as they have on private citizens’ personal information is becoming increasingly evident.
Who is ultimately responsible for privacy in tech? Advertising agencies who pay for access to data? Those that harvest that data? Developers? Users? A recent study found that 7 in 10 apps shared personal data with third parties, including location. This has spawned what have some called the ‘location data economy’ — fuelled by access to citizens’ digital footprints and until now a relatively unchecked economy in the U.S.
In the end, it may be developers and the developer community that needs to take responsibility for the proper use of data and compliance with privacy regulations rather than entrepreneurs or tech management. Regulations in the US are still in their infancy, apart from pockets like California which has introduced a soft version of Europe’s GDPR measures. It may be up to developers to understand and promote the construction of apps and digital products that promote transparency as far as privacy is concerned for everyday users.
Apple vs Android
In its 2018 The Open Economy report, Samsung highlighted the significant costs associated with cybersecurity breaches, an area related to data privacy.
TrackVia has found that 70% of Millenials admit to using apps not sanctioned by their employer, indicating the need for users to be as aware of possible uses of their data as developers and industry leaders need to be.
Most alarmingly, Samsung claims that “businesses will need to securely manage over 7.3 billion IoT connected endpoints by 2020.”
Without any significant US federal regulation around digital user data, the repercussions of this explosion in IoT-connected endpoints and the scale of data being processed risks outrunning developers and companies.
Manuel Carrasco Molina is delivering a talk ‘The Importance of Privacy on Apple Platforms’ at iOSCon 2019 in London, in which he explores the advantages iOS and macOS developers have, as well as the responsibilities they hold, in building with privacy in mind.
“If you’re going to have a smartphone at all…I’d rather have one from Apple than from Google”, said Manuel.
“I’m always referring to the example of the developer at Volkswagen who programmed the system to send wrong values so that the environmental tests passed and tons of buyers got screwed. We as developers are super highly responsible for saying no in the middle of a meeting whenever someone says, “We’re doing this” and we think it’s wrong, for the sake of Karma…I feel better respecting the user’s privacy.”
A recent article in the NY Times noted that “more than 1,000 popular apps contain location-sharing code” and that “Google’s Android system was found to have about 1,200 apps with such code, compared with about 200 on Apple’s iOS”.
On stage at the WWDC in July this year, Apple software senior VP Craig Federighi noted the company’s renewed efforts towards privacy.
“We believe your private data should remain private. Not because you’ve done something wrong or have something to hide, but because there can be a lot of sensitive data on your devices and we think you should be in control of who sees it.”
The flagship of Apple’s privacy efforts come in the form of new restrictions on Google, Facebook and other tracking companies to monitor user web browsing habits. They are achieving this by giving users greater control over (and awareness of) when they may be tracked as well as reducing external visibility to a user’s digital fingerprint (hardware specifications, installed plugins, installed fonts, etc. that can identify and track a user).
This emphasis on privacy is slowly building momentum following the waves of pushback following successive data breaches that the U.S has seen, but Europe remains far ahead in terms of its own GDPR measures.
GDPR gives developers clear frameworks for building products with privacy underpinning any business or technical models.
These frameworks extend from incorporating ‘Forget me’ measures in code, to promote and enable users to request their data to be forgotten (a key measure of GDPR), to making “I accept the terms and conditions” insufficient for alerting users to the use of their data, instead requiring individual checkboxes for every separate process. These consent checkboxes/buttons can be kept in separate columns in the database by developers, letting users withdraw their consent by unchecking these boxes from their profile page.
These sorts of processes hand developers, product owners, UX designers and architects the tools in which to innovate and lead in the development of products and tools with the privacy of users and the security of company data front of mind.
