Echo chambers and filter bubbles created by platforms like Facebook and Google are now blamed for everything from hacking elections to fuelling racism. These platforms have a major influence over how people communicate with each other, access news, and receive online advertising.
While the primary goal of the ACCC’s recent recommendations looks to be in reducing the power that large digital platforms have on how information, news, and advertising is served up to the masses, there are also provisions made for the responsible collection and management of consumer data. More specifically, the recommendations aim to increase transparency around the privacy and security practices of these services in a way that is beneficial to, and safer for, consumers.
Sentiment would suggest that concerns around the privacy of personal data is increasing faster than ever before. For example, three of the top 10 ‘how-to’ Australian searches on Google in 2018 were privacy related. “How to opt out of My Health Record” was the most searched, along with “How to delete Instagram” and “How to delete Facebook” fourth and ninth on the list respectively.
So, what does this mean for consumers? Here’s what you need to know about the potential new changes, along with tips on how to ensure you’re taking control of your data.
If the recommendations became amendments to the Privacy Act, how would they affect user experiences of digital platforms?
Whilst it’s not the ACCC’s primary responsibility to keep our data safe, the consumer watchdog is recommending that people have increased visibility and control over how digital platforms collect, manage, use, and monetise personal information.
With improved privacy, there are often trade-offs. Implemented improperly, increased privacy measures can affect the user experience and increase the friction in how one uses a digital service. As a result, privacy is regularly seen in a negative light in the eyes of organisations that have to comply with associated regulations.
It is because of this negative perception and misunderstanding of good privacy practice that designers often use workarounds that make it more difficult for people to use a service. Unfortunately, this means that there is a risk the large digital platforms we’ve become familiar with end up becoming more difficult to use. With this may come the conclusion by many that privacy is “an inconvenience we can do without.” However, nothing could be further from the truth.
Done properly, people should expect clearer, plain language descriptions of what data these platforms are collecting and how they intend to use the information. This should also include ways for consumers to opt-out of having specific pieces of personal information collected. In fact, the ACCC suggests that the preference would be for people to opt-in to having information collected.
Despite guidance suggesting the latter, the unfortunate reality is that many platforms will select the easier option that causes the least amount of disruption to the way things currently function. That is, the user experience will likely be negatively affected and services may become more difficult to use. Functionality may even become more limited in cases where the personal information required has not been provided. And the perception will be that increased privacy measures are to blame.
The most important point to remember is that privacy measures exist to protect consumers. And when they are implemented correctly in a manner that takes a privacy-by-design approach, the experience for the user in relation to responsible collection and management of their data improves and is safer.
What are the security and privacy implications of putting the responsibility of controlling personal data collection on the user?
Putting the control of personal data collection into the hands of users doesn’t necessarily mean the data is any more or less safe. What it does mean is organisations must be more transparent about how they’re using personal data, arming consumers with sufficient information to help them make better decisions about the data they are willing to disclose.
Improved awareness and education for consumers in relation to data privacy and understanding the real impact of having their information misused will be critical, particularly if they are expected to make informed decisions around the usage and security of their personal data. Today, if one’s data is leaked via a breach and subsequently misused, it is usually the offending organisation that takes the blame. Once the dynamics of information control become more balanced, the responsibility of data becomes a shared responsibility between the consumer and the organisations that collect and use that data.
While increased responsibility for privacy and cyber education will fall to consumers, the role that the government and impacted organisations have to play cannot be ignored. It will take a collaborative effort across government, commercial organisations, and consumers to spread the message around responsible and safe behaviours in the interest of privacy and security.
Tips on what to look out for and how to keep your data safe
Download your data: Many digital platforms include a privacy section that discloses what the company knows about you and how that data is used. In a bid to regain user trust, many also provide the option to download everything they store about you onto your personal device. This is a good way to understand what companies really know about you and how much information you’ve unknowingly disclosed. The next step once you’ve done this is to determine if there is a way to delete any information you do not want stored by the organisation in question. Note that this may not always be possible, but the ACCC’s recommendations aim to rectify this in cases where doing so does not conflict with existing regulation (e.g. where data needs to be retained for legally-mandated auditing purposes).
Ask the right questions: Don’t be afraid to contact digital platforms and ask questions like “what do you know about me?” and “why do you hold on to that data?” Many companies will have a process in place to share this with you because under the current Australian Privacy Act, certain organisations are legally obligated to. Some others may be able to share this information anyway because they have responsible privacy policies in place. A more technically-savvy user can also ask “how are you keeping my data secure?”
Share only what’s necessary: You should approach data sharing with a ‘less is more’ mindset. Disclose the least amount of information possible and subsequently understand the implications of omitting or revoking/deleting data. For example, not allowing location services may limit your user experience on the plaform.
Use “alternative details”: If a platform insists you provide information you don’t feel is relevant such as giving your birthdate when signing up to an e-commerce site, consider using an alternate value. Use caution and good judgement if you do this as there may be unforeseen implications. For example, you should not be providing “alternative details” to banking or government-related services. It may also introduce challenges in cases where the information you’ve provided is required to regain access to the account in question (e.g. when resetting a forgotten password) as you may have forgotten the information you provided.
Protect the data you hold: Make sure you take responsibility for protecting the personal data that’s in your possession. For example, ensure your home WiFi and connected devices are protected against malware that could be snooping on your data.