As the fallout from the Facebook/Cambridge Analytica scandal continues to make headlines, it is important to remember that our privacy problems don’t end with Facebook. They are just the tip of the iceberg.
Every day, we’re interacting with companies that collect an enormous amount of data about us. The apps we use often collect data they don’t need to provide their service or function. Google collects and combines your data from its multiple sources (its search engine, Android phones, Gmail, YouTube, etc.). Amazon’s rapidly-expanding, cross-sector footprint—ranging from online and in-person shopping to web services, credit and healthcare—collects massive amounts of personal data about you. This is all in addition to the approximately 400 consumer reporting agencies (such as Equifax, Experian, and Transunion) that collect your personal information and sell reports about you to banks, employers, landlords, insurers and others.
Our data is also collected, sold and used by companies with which we don’t interact. Operating behind the scenes, data brokers may combine our information with data from other sources for their use or for the purpose of re-selling it—making it virtually impossible to know who has our information or have any control over its use.
Even when a company has no intent to sell or share your data, it still may be compromised. Many companies, public-facing and not, have shown that being good at taking someone’s information doesn’t necessarily mean that you’re good at safeguarding it. Just in 2017, we recorded 629 data breaches compromising of almost 2 billion records affected. As it was only based on publicly-reported breaches, this number is a very low estimate in the scheme of things.
Given all this, you may be wondering if it is even possible for people to have meaningful privacy protections. As we continue to sprint down the path of technological innovation that is now inherently tied to personal privacy, it won’t be easy, but it is possible. The European Union’s General Data Protection Regulation (GDPR), comprehensive baseline privacy protections for all European Union citizens, goes into effect next month. Unfortunately, nothing like the GDPR exists at this time in the United States to protect its citizens’ privacy. Some states have laws that provide privacy protections for their residents and certain sectors are subject to federal laws (healthcare and finance, for instance), but the US does not generally recognize privacy as a fundamental right. As our personal data becomes easier to collect and use outside of our control, it is crucial to recognize the need to protect its privacy as a fundamental right for us all.