The Price of Digital Progress: Is the Loss of Data Privacy Inevitable?

“Privacy is something you can sell, but you can’t buy it back.”― Bob Dylan

Data Privacy Day was observed internationally on 28th January — ironically enough, news broke just the following day about a bug in Apple’s Facetime group video chat that seriously compromised user privacy. The bug allowed you to listen to other people’s conversations without their consent. This also came a few days after Tim Cook wrote a blog titled, ‘You Deserve Privacy Online. Here’s How You Could Actually Get It’, where he calls for companies to minimize the amount of personal data collected, the right to knowledge of data collected about you, the right to access collected data, and lastly, the right to data security. Aside from the obvious irony in the sequence of events, the developments are ominous for privacy protection in our digital age.

The Road to Hell is Paved with Good Intentions

Today, most companies with a digital presence try to gather personal data in order to provide a customized and unique service to users. These vast repositories of data include personal information, such as your social security number, passport number, payment information, and phone number amongst others. As the old saying goes, nothing good comes for free. Because of the wealth of personal information in these repositories, they are a gold mine for hackers who are always trying to test and breach security protocols to extract valuable information. This information is often sold for large amounts of money on the dark web or even leaked onto private forums, making the data widely available for exploitation.

Understanding the Threat to Data Privacy

In the past year itself, there have been a frighteningly large number of attacks that compromised user information from reputed companies — the types that we’d trust with sensitive information! The scale of the problem is so huge that it’s hard to even comprehend — information from over 2 billion unique users has been circulated online. The ubiquitous nature of such a delicate issue across companies raises concerns on how real the problem is and the level of attention required to address it from a regulatory standpoint. To describe such infiltration of privacy as ‘scary’ would be putting it mildly.

Hackers have breached databases and stolen a variety of information such as passwords, payment details of users from companies such as Dropbox (71 million), Linkedin (117 million), Zomato (17 million), Mariott (500 million), Equifax (143 million), Under Armour (150 million), Facebook (Cambridge Analytica, 87 million). These are only some of the notable mentions, amongst the numerous organizations who have faced similar data breaches in the recent past.

Even more concerning is the fact that data breaches haven’t only affected corporates, but have extended to government databases as well; in India, the Aadhar data breach allowed one to gain access to information of over 1.1 billion citizens for as little as Rs 500 (~7.5 USD). Such an example really points to how exposed our information is today.

Measuring the Costs: Is it Worth the Risk?

These concerns raise a bigger question. Are we comfortable with so much data about ourselves being floated around the internet for pennies? Fair enough that this data allows organizations to streamline their processes and provide better user experiences, however at such a large cost and risks that are hard to fathom, there should be a series of pre-emptive security measures as well as regulations that need to be in place to ensure greater accountability. In the current scenario, there seems to be a free-for-all for hackers to try and find loopholes to penetrate systems and steal private information without any culpability.

Internet users like us should be more aware of the safety measures that need to be exercised on a personal level to protect ourselves from a potential breach (i.e, changing passwords periodically, not having the same password for all accounts, etc.) Furthermore, in addition to these measures, there has to be a sense of urgency realized by various governments to protect their citizens in this digital age. Skepticism about the future of this domain is not unwarranted, but until the industry and regulatory authorities act decisively, it falls upon us to tread the internet more carefully.