Last year was tough for online privacy: new breaches, new laws, and way too many emails about privacy policies. James Ting-Edwards from InternetNZ takes us through the challenges and what they mean for New Zealanders online.
Modern online devices and services are built and funded through the information we share with them. Apps that help you get around are probably reporting on where you go, and devices that turn your words into actions are probably reporting on what you say. It became clear in 2018 that data reveals a lot about us, in ways that create some really big concerns.
So, what happened in 2018? Here is InternetNZ’s three big lessons:
Internet sharing is tough on privacy
The modern internet is built on sharing. There are things we share on purpose like status updates, Snaps, ‘grams, and things too hip for people in their thirties. Then there are things we share without thinking as many websites, apps and devices track us in ways we don’t know or think about: where we are, what we’re clicking. It’s often being collected in the background of our phones.
All those little bits of shared data can have big effects, like when the social running app Strava revealed a secret military base in Afghanistan to the world. Or here in New Zealand where a Dunedin supermarket’s facial recognition CCTV technology mistakenly identified a man as a shoplifter.
But in 2018, one privacy story ruled.
Cambridge Analytica, a UK political consultancy, had “exploited Facebook to harvest millions of people’s profiles”. The data was used to inform and target online political campaigns and create disinformation.
Some say it started with the “This is Your Digital Life” quiz, a personality test using Facebook’s app platform. Others say it started before that with Facebook’s mission “to bring the world closer together”. Facebook’s platform allowed any app to read the profiles of your friends without their notification or consent. Cambridge Analytica used this feature to access the profiles of way more people than those who took the quiz. So while only around 270,000 people took the Digital Life quiz, a whopping 87 million people had their information accessed.
What did this mean? Well, for Facebook, it meant apologising. Starting with full-page apology newspaper ads. It also meant new privacy tools and CEO Mark Zuckerberg being grilled by the US Senate. He took the opportunity to apologise for unforeseen consequences. But this isn’t the first time he’s apologised for surprises on how “private” we are on Facebook; in fact, he’s been apologising on and off for the past 15 years.
Some people questioned the sincerity. In December, Facebook was again in the news for the way their platform gave Netflix and other companies access to users’, and their friends’, information. This had been going on a while, but had not been disclosed during Mr Zuckerberg’s Congress testimony.
As for Cambridge Analytica, they closed up shop. Although like a phoenix, Auspex International rose from the ashes.
What does it mean for privacy? Although the biggest splash in 2018 came from bad news, in the long run, stronger privacy protections seem to have won out.
Privacy is making a comeback…
… thanks largely to a little European law called the General Data Protection Regulation. Actually, it’s a pretty big law. Commonly referred to as GDPR, it’s forcing us to take privacy seriously. It gives much stronger privacy protections backed with very substantial fines.
Why is this European GDPR a big deal for privacy? Well, Europe is big, so it means everyone across the world will likely benefit from better privacy settings, including us here in little old New Zealand.
The GDPR focuses on people. It protects the data of Europeans, regardless of where that data is collected or processed. That creates privacy by default for many Internet-based businesses. It’s costly and complex for businesses to navigate, but it doesn’t apologise for putting privacy back in the hands of the people.
It also establishes fines that are eye-wateringly large. For example, Facebook was fined £500,000 for breaching the privacy of 87 million people. If the GDPR had been in place, Facebook could’ve been hit with a maximum fine of around £1.2 billion. The chance of losing a billion dollars gives big companies plenty of motivation to do privacy better.
We’ve already seen the first big GDPR fine issued against Google: €50 million for not properly asking users for consent on how to use their personal data. So while 2018 was the year of “Privacy? Fine”, 2019 may be the year of the privacy fines.
GDPR has also meant non-European countries are lifting their game on rules for privacy too. Australia’s rules requiring companies to tell people about privacy breaches kicked in last year. California’s legislators passed a new law protecting personal data privacy from 2020, a significant step given the lack of a broad federal privacy law in the USA.
Global privacy issues affect New Zealanders
In the land of the long white cloud, we’re used to being a bit isolated. But the Internet clouds don’t respect borders or distance. We’re linked to the global web of overseas experiences. When people pull on it, we get pulled in too. Even though Cambridge Analytica was based in the UK and focused on US politics, their data grab included information on 64,000 New Zealanders.
Even getting local, basic services often mean sharing personal stuff in ways that can go bad online. When the big storm hit in April 2018, my place was one of the 100,000 households that lost power in Auckland. Like loads of other people, I downloaded the outage app to report a fault to Vector. But I also lost a bit of my privacy: the app made it really easy for people to get private contact and address information, including mine. At least Vector did the right thing and told me, even though our current Privacy Act didn’t require them to.
So aside from updating our Jurassic-Park-era law to ensure organisations have to notify us and the Privacy Commissioner about data breaches, what else can we do about this stuff?
You can help to protect privacy for yourself and others
Our information is valuable to people and businesses online. One of the ways we can respond is big impact laws, like the GDPR. But there are still some things you can do to protect your own privacy and help other people you care about protect theirs.
- Share responsibly. What we share online affects other people’s privacy. Those 64,000 kiwis caught up with the Cambridge scandal began with 10 people downloading a quiz. If you’re not sure, check that other people are okay with what you’re sharing about them.
- Check and manage what you’re sharing online. You can take the Marie Kondo magic to your online life, checking your apps and accounts, and removing sharing permissions for things that no longer spark joy.
- If you’ve got a Google account, their My Activity tool makes it pretty easy to track activity across products like Chrome, Gmail, YouTube, and Android phones.
- For Facebook, privacy tools in Facebook’s help centre are more oriented to managing who sees what about you. There are online guides to better Facebook privacy, like this one from Wired.
- Demand better privacy. Tweaking your own sharing and privacy settings doesn’t help much with the broader challenges. For that, we need businesses and governments to understand that privacy is important to people.
In 2019, the most important thing New Zealand can do for privacy is to update our law. Beyond that, we can demand attention and respect for privacy from businesses and government agencies. Ask what they’re collecting and why they need it. In 2019, privacy is back. We all need to step up and claim our own privacy.
This content was created in paid partnership with InternetNZ. Learn more about our partnerships here.