May 07, 2019 12:42
2 min read323 views so far!
In a connected world, can anything be truly private? With most people owning multiple social media accounts and smart devices, and so much personal information being held on someone else’s servers, how can we be assured of our privacy?
Organisations have legal and moral obligations to protect the private data of their customers, but we know that is not always adhered to. One of the most well known examples of this is when the data processing company Cambridge Analytica was exposed for their part in using personal data from social media accounts to influence the 2016 Presidential election.
One way that data was harvested on Facebook was through a personality test that hundreds of thousands of people took. Not only was this data collected, the data of some 50 million users connected to the people that took the quiz was also collected and sold to Cambridge Analytica.
The concept of Privacy by Design in not a new one; and although it makes sense on the face of it, it’s both vague and desperately hard to enforce.
On the face of it, Privacy by Design sounds simple; build services that integrally privatise and protect the users. In the past, online services would be built for functionality, and then security measures would be added to it.
The main aims of a system designed with privacy in mind are:
Preventatives not counteractive and Preemptive not reactive
Privacy as default setting
Embedded privacy in design
Full functionality: positive-sum instead of zero-sum
Transparency and visibility: keep it exposed
Endwise security and full lifespan protection
Respect for the privacy of user and keep it user-centric
The more recent General Data Protection Regulation (GDPR) requirements mean that companies with privileged information such as names, addresses, dates of birth etc are obligated to protect certain sensitive information and require your consent to make that information available.
For example on Facebook, users agree that their chosen name is available for other users to access, but third party companies should not be able to access information such as bank details, location or place of work unless that information is freely given by the user.
This kind of data protection had been assumed as a given by users for a long time, but until recently, companies had little to no legal obligation to withhold that information. Thanks to new privacy regulations personal data should be protected more stringently.
Because of this, end users should feel more confident when revealing personal information to shared web services, and the illegal harvesting and selling of personal data would be a thing of the past.
Learn how we can help you ensure your privacy. Click Here