:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/CHYU7BBQYJ7NKL7YJOCYL2BVUI.jpg)
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
No matter how you look at it, 2018 was a game-changing year for data privacy, because of you, the general public. You began to ask questions and demand answers, which in turn pushed politicians to take (at least some, if not enough) action.
Few now view giant social-media platforms, global search sites, apps or data-driven personal devices as benign data gatherers. We are all more aware that when we use platforms, services and devices, we hand over data that discloses much of who we are and that is able to track our location constantly. Such data is used to categorise us and to market to us but also market us as products; and to influence, at an unprecedented, individualised level, how we think, act and vote.
In 2018 we learned that many third parties could access our data, either directly – because it was sold to them or sent to them as part of their arrangements with the big data gatherers – or indirectly, through advertising access to precisely targeted audiences.
The latter, incidentally, is one reason why Facebook chief executive Mark Zuckerberg kept misleadingly telling politicians at those US and EU hearings last year that Facebook doesn't "sell" personal data. This is just semantics. Targeted access based on personal data is Facebook selling access to you, as defined by your data.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/V43B6U4SH7B5VMD5USQNL2PFQQ.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/UYULDTY5NMMNOG62Z5JX2FVCI4.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/Z3CVF23DRGZAGHU5GUYJ5L75DI.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/7NHDLFBI2GN2E3QDWYD4ENA5PE.jpg)
But why did this broad public mindset shift and drive for greater accountability and transparency happen to such a significant degree last year, and not before? In short: it has taken time and a gradual drawing back of the curtains to see, even if only partially, what is happening with our data.
Snowden effect
Ever since Edward Snowden revealed the extent and scope of secret US mass data surveillance projects in 2013, awareness of data privacy issues has been rising gradually.
Until then many people seemed ready to accept, and even expect, the security risks of the mass digitisation of business, government and society. We recognised the increasing amounts of digital data associated with credit cards or personal data records was at risk of being hacked and stolen. But the value and vulnerability of digital data remained a stubbornly abstract concept.
From the viewpoint of an individual, personal data could appear to be of so little interest. Who would really care about, much less want access to, one person's Google searches over a year, or Facebook posts about holiday trips or family reunions?
By 2018 people had begun to see how these small details swiftly aggregate – sometimes with data gathered from other places, revealing purchases, financial transactions or health and activity data, for example – to give precise and revealing pictures of each of us.
Thanks to whistleblowers such as former Cambridge Analyica programmer Chris Wylie, the public gained unprecedented insight last year into the complex and hidden ways in which technology and social media companies gather, share and use such data – and how easily they also may lose control of it.
It was a year too in which, under public pressure, online giants began to acknowledge the murky manipulation and misuse of online advertising on social-media platforms in past elections in the US, the UK and the EU (and, it seems, during the referendum on the Eighth Amendment in Ireland).
Slow-burning public anger at one such revelation after another – particularly regarding giants Facebook and Google – ultimately compelled politicians to call their chief executives and other top brass before congressional and EU and Irish parliamentary committees.
More cynical
We are where we are now – more cynical about tech company claims, less inclined to believe their excuses or tolerate their repeated apologies, wanting more and better answers and pressuring politicians to act – not because any one thing occurred in 2018. Rather, it’s because, by 2018, we had benefited from a half decade of whistleblowers, investigative journalism, public interest lawsuits, vocal campaigns by privacy organisations, protests by employees of technology companies and a range of hashtag campaigns on social media.
And, of course, privacy legislation forcing more disclosure. The introduction of the groundbreaking General Data Protection Regulation halfway through the year forced companies to reveal, at least to a degree, how they gathered and used data, and provided new EU protections that have inspired demands for similar US legislation.
But we still know so little. So many data gatherers are private companies. Their data manipulating algorithms are proprietary and non-transparent. Governments, too, take in and share data in ways they don’t fully explain. Legislation pertaining to data surveillance is weak. The largest companies come under the most scrutiny, but millions of companies of all sizes handle data. How can we know whether they respect and comply with existing legislation?
In 2018 we began to understand the importance of data privacy. It wasn’t just about protecting credit cards details, but about protecting the very essence of us.
As technologies continue to evolve, and data gathering becomes even more pervasive, safeguarding our privacy – our essential selves – will remain a significant, ongoing challenge.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/OEJH4J26O5AYXCS2RGZU5JOCXY.png)