A Special Report is content that is edited and produced by the Special Reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report, but who do not have editorial control.

Where does my data go?

The legitimate organisations that harness an individual’s data are not a cause for concern – the hackers who steal it are

“Personal data doesn’t cease to belong to an individual when they hand it over.” Photograph: iStock

“Personal data doesn’t cease to belong to an individual when they hand it over.” Photograph: iStock

 

One of the earliest uses to which big data was put helped to identify a previously unnoticed link between nappies and beer.

“A study of supermarkets could see a correlation between them, back in the early days of big data, which the researchers simply couldn’t understand,” says Kevin Curran, professor of cybersecurity at Ulster University’s Magee College in Derry.

“It turned out that women at home with babies were asking men to pick up nappies on their way home, and men were picking up six packs as well. So they put them closer to one another in the supermarket.”

Since then, big data has been put to use in everything from traffic flows to disease control. In relation to cybersecurity, algorithms are put to work to identify the isolated patterns that say ‘hacker’.

But while the rise of big data gives consumers a big headache in relation to growing privacy and security concerns, in fact, data protection is a fundamental right under EU law.

“Personal data doesn’t cease to belong to an individual when they hand it over. Data controllers are more like custodians of personal data than owners,” explains Niamh Hodnett, head of regulatory affairs at Three Ireland.

“Under GDPR [General Data Protection Regulations], data controllers are required to ensure that not only is the data kept safe but that it is used in a way that respects the individual’s data protection rights. That means individuals have the right to access copies of their data, to know what processing is being done with their data and to object to it, to have it deleted in certain circumstances and not to have their data used to make automated decisions having a significant effect on them.”

It may put people’s mind at ease to know that a lot of the value of big data doesn’t come from identifying individuals. Where data is anonymised, it can be harnessed without affecting an individual’s privacy, Hodnett points out.

There is good news too insofar as the advent of GDPR protections helps put a stop to “dark practices” by commercial entities, says Kevin Curran. Not alone must individuals ‘opt in’ to allow their data be collected, but the organisations collecting it must be transparent in how they use it.

“GDPR is one of those initiatives that actually does work insofar as it forces them to behave in terms of how they collect, store and pass data on to third parties,” he says.

The problem, therefore, is not so much the legitimate businesses and organisations that collect your data, but the illegitimate ones that steal it.

Particular risk

The advent of smart devices has opened up this particular risk exponentially, including smart speakers that have already been accused of exposing users to phishing attacks or spying.

“We are now seeing an etiquette emerging whereby you have to disclose to anyone coming into your house that you have a smart speaker in it, and that their conversation may be being recorded,” says Curran.

It’s a dystopian vista right out of Black Mirror but with the rise of sensor-driven, internet-of-things activity, the risk will only grow.

There are, however, steps you can take to improve your data protection, particularly when it comes to devices such as smart phones and laptops. The most important is to make sure you never reuse the same passwords. It puts you at risk of a “credential stuffing attack”, Curran says, where a bot automatically starts using one stolen password of yours across a range of sites, from social media to bank accounts.

Curran recommends creating a very long, complex password and then inserting some letters that refer to the website you are on in the middle of it, as one way to protect yourself.

When it comes to privacy, tape up your laptop camera. Curran published an article eight years ago which suggested cameras were being used to spy on people, “and I got dog’s abuse for it”, he says. Now it’s an accepted risk – there’s even a website people can go to see compromised webcams, and their poor unsuspecting owners.

Installing password manager software, transacting on sites with a padlock at the top, and which use two-factor authentication, can all help. “The only way to be truly safe online is to not buy a computer at all. Failing that, you have to be pragmatic,” says Curran.