Businesses Improve Their Data Security, But Privacy — Not So Much
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
The number of ways businesses track people has skyrocketed — and the increasing deployment of image recognition, machine learning, and data analytics has only accelerated the process. The result is a refocusing of attention on not just the security of the data which companys retain on people, but on whether privacy and technology can co-exist. Last week, Clearview AI, for example, found itself the target in a class-action lawsuit for its technology that, the company says, uses more than 3 billion images scraped from websites and social media to train a machine-learning algorithm capable of identifying a person in a photo with 75% accuracy. This can be used to reportedly identify victims and suspects in criminal investigations. Clearview has joined Google as a favorite resource of law enforcement. Google is regularly subpoenaed by international and federal authorities for information about the phones that may have been close to a specific location at the time of a crime. With the annual January 28 marking of World Privacy Day, a gap has become apparent. While regulations, such as the European Unions General Data Protection Regulation (GDPR) and the Payment Card Industrys Data Security Standard (PCI-DSS), have forced companies to take data security more seriously, the more general policy concept of privacy has largely remained in limbo. The California Consumer Privacy Act (CCPA) addresses some of the privacy gap, but most businesses are more focused on keeping their data from leaking rather than structuring their services to promote privacy, says Ray Walsh, a data privacy advocate at ProPrivacy.com. While companies spend a lot of time talking about consumer privacy — and use privacy washing as a way to gain PR credits with the public — the reality is that companies are primarily concerned with data security and the potential that a data breach could land them a hefty fine, he says. Take Your Pick Online citizens are largely left with a simple choice: Benefit from modern technologies and lose their privacy, or opt out of many of the technologies that have defined the past decade. Posting a picture to social media? Youve become part of Clearview AIs reverse look-up machine that uses facial recognition to find criminals and victims. Near a crime carrying your mobile phone? Law enforcement can subpoena records from Googles Sensorvault for every phone near a crime scene at a certain time. Use free antivirus? The company behind it may be selling your browsing data to marketers. Ever since the beginning of the War on Terror in early 2001, privacy has taken a back seat to any technology that can help identify potential enemies. Originally, the administration of President George W. Bush had debated where to draw the line with online privacy — opt in or opt out. September 11 eliminated that, says John Ackerly, CEO of data-protection firm Virtru, who had been part of President Bushs National Economic Council in 2001. Privacy is one of the major pieces of collateral damage that no one talks about in our reaction to September 11, he says. It set us on a path to use data and the Internet as a tool to combat terrorism, and I understand why, rather than really moving forward on where the Presidents instincts were on putting the consumer first. For the past decade, companies have been focused on dodging online criminals — and then nation-state actors — intent on stealing data. With the passage of the GDPR, focusing on data security became a business imperative to avoid larger fines. Yet the policy discussion and legal landscape have become more nuanced, says Ackerly. Companies are beginning to understand that customers want privacy, he says. I am optimistic as Ive ever been on this journey that we will end up in a place where individuals will be able to take control over their data where ever it is shared, Ackerly says. I think it is a combination of technology evolving and society just waking up to the trade-offs that we have made over the past 15 or 20 years. The CCPA, which went into effect this month, has forced companies to be more responsive to consumers and change the way they do business. The legislation, while in effect only in California, will force companies to provide similar rights to most of their customers. Already, other states, such as Washington, are considering similar legislation, and the same grassroots effort behind the CCPA is developing a more stringent proposal for 2020. As a result, it will be much more difficult for companies to sell user data, especially without the users knowledge, says Monique Becenti, channel and product specialist at Web security firm SiteLock. Although California is leading the way in establishing and implementing this type of legislation, we expect to see other states follow suit given the number of companies that do business with California. Yet, because data gives businesses a competitive edge, breaking companies addiction to data will be difficult, ProPrivacy.coms Walsh says. Consumer data is going to remain a commodity that businesses will seek to profit from in any way they are legally permitted to, he says. As long as the US government wants a piece of the pie, decisions like the one made in 2017 — when the Trump administration ruled that it was legally permissible for US ISPs to collect and sell user Web browsing habits to third parties — are going to keep placing consumer privacy at the bottom of the to-do list. Related Content: Greater Focus on Privacy Pays Off for Firms Companies Anonymized Data May Violate GDPR, Privacy Regs Britain Looks to Levy Record GDPR Fine Against British Airways Consumers Urged to Secure Their Digital Lives Benefiting from Data Privacy Investments Check out The Edge , Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story: 7 Steps to IoT Security in 2020 .
Tags:
Businesses Improve Their Data Security, But Privacy — Not So Much