If you were in a relationship with online privacy, your Facebook status would be “It’s complicated”. Corny, maybe, but an accurate assessment nonetheless. Online privacy is a complex issue at best and an absolute mess at worst. So what’s the bottom line— does online privacy exist? Well… no, not really. Privacy in the digital sphere is drastically different from the privacy you enjoy and expect in the real world, and you may not be aware of just how much of it you’re giving up every time you go online.
The fact of the matter is, it’s not really about whether you have privacy or not. The real question is: how much of your privacy are you trading to access the internet?
Privacy in the real world
Before delving into all the layers of digital privacy, it’s worth taking a moment to think about how you experience privacy “offline”, in the real world. For the purposes of this article, let’s treat being in private and being entitled to privacy as separate but related conditions. The former is most affected by the people around you, while the latter is dictated by where you are physically in the world. Simple enough, right?
You can test for privacy by asking just two questions: where am I and who’s with me?
For example: if you’re alone in a room, congratulations—you’re in private. If that room is a room in your home, congratulations again! You’re entitled to it too. In this scenario, you have total privacy.
What about if you’re in a waiting room by yourself at a train station? In that case, you’d be in private, but not entitled to privacy. Even though there’s no one around, it’s a public space— anyone could show up at any moment, and they’d be fully within their rights to be there. In short, you do not have total privacy.
The important takeaway from this little exercise is that real-world privacy is intuitive and easy enough to understand. Its online counterpart, on the other hand, is an entirely different beast.
Imagine that you’re walking through a large, extremely busy mall, and that every step you take is being watched and recorded by mall security on surveillance cameras. Mall staff, salespeople, security, and other shoppers are always around you no matter where you end up in the mall. Every time you visit a store, a salesperson slaps a tiny sticker on you that lets other salespeople know what you’re interested in buying. Also, the footage of you walking around the mall will be sold to a company that uses it to figure out what people like you do at the mall, so they can design better mall ads and storefronts. You have no idea this is happening, but even if you did—it’s the only mall you have access to, so you have no other option.
Now imagine that the mall is the internet, all the stores are websites, and that mall employees and security are your Internet Service Providers (ISPs). In a nutshell, this is what happens every time you log onto the internet. While you may be entitled to privacy in certain “stores” (say, while moving money around at your bank, or checking your tax returns), you aren’t ever really in private.
By its very nature, you hand over your privacy the second you access the internet. While there’s no doubting the power and convenience of being online, it’s alarming to think of just how much happens with your personal data behind the scenes.
How worried should I be?
Well it’s not quite doomsday yet. Don’t get me wrong, there’s plenty to be concerned about, but that doesn’t mean you need to chuck your computer in the trash and hide in the wilderness. The problem with online privacy loss is a matter of degree, not occurrence, and understanding the distinction will help clarify what you should be concerned about.
Trading some of your privacy for access to the internet isn’t a big deal in and of itself—a base amount of information about you does need to go to your ISP and the websites you visit to make your experience on the internet relatively seamless and convenient. Most of these entities are responsible with your data, and aren’t interested in your activity as an individual (but rather as part of the total body of users that access their services).
Problems arise when almost all of your privacy has been compromised, especially without your knowledge or consent. Data firms, social media platforms, and giant corporations have become incredibly adept at monitoring and tracking your activity in increasingly invasive ways. How invasive? Well, there’s the old anecdote from Forbes back in 2012, where a teen’s parents found out she was pregnant after Target sent her targeted coupons for baby clothes and cribs. Target had combined their extensive data on customers’ purchase histories as well as baby registry sign-ups to accurately predict if a customer was pregnant and approaching their due date.
That was seven years ago with data limited to just Target shoppers, but it’s still a pretty good example of what companies can do with the data we happily hand over to them. Today, Facebook has access to the images, location data, social networks, and purchase trends of 2.38 billion users around the world. What should you make of that? Well, the saying “If you’re not paying for it, you’re the product” comes to mind. It’s contentious, sure, but simply consider it the caveat emptor of the digital realm in this case. Just because the price isn’t obvious, that doesn’t mean you’re not paying it when you use these services—remember, your data is an extremely valuable commodity.
After all, it’s only been a few years since Cambridge Analytica exploited Facebook’s permissions for third-party apps to harvest the data of millions of Facebook users. They paid about 300,000 people a small amount to download a survey app, which collected data on those 300,000 users but also all their respective Facebook friends—money well spent, as it turned out. They ended up with detailed information on approximately 87 million Facebook users, which Cambridge Analytica then used to send them hyper-personalized targeted ads based on extremely detailed psychographic profiles. While the full details of the scandal are worth reading up on (Fortune.com has a great primer), the fact that they were able to collect so much private data without direct consent is hugely troubling, to say the least.
Great, privacy’s dead and we’re the ones that killed it. What’s your point?
I know it seems like the battle for privacy was lost before we even fought it, but don’t despair: there’s plenty to be done to fix things. While this is an issue too large for us to handle as individuals, that’s where the government comes in.
You may have heard about the General Data Protection Regulation (GDPR) that the European Union rolled out last year, which “regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU”. By basing its principles on concepts such as privacy-by-design, the GDPR lays out rules for how personal data can be collected and managed in order to protect EU residents.
Legislation of this kind is one of the ways to tackle the loss of our individual privacy. While we don’t yet have something similar in place in Canada, we’re in the process of making it happen. In the meantime, there has already been positive change effected by government regulation and action. To return to Facebook for a moment: they were slapped with a $5 billion fine for their part in the Cambridge Analytica data breach by the Federal Trade Commission in the US on July 24th, 2019. While that’s only about a month’s worth of revenue for the social media behemoth, it’s still a substantial fee and an encouraging sign that governments are taking privacy issues seriously.
Privacy protection will hopefully become a globally-implemented standard in the near future, but for now it’s up to all of us to stay informed and ensure that it does.
Okay, but what do I do in the meantime?
As things currently stand, there’s little point in trying to completely hide your activity online. It’s impossible to remove all traces of your presence, and to be honest, it’s likely not worth the effort. The best thing you can do is to keep yourself informed, so you’re always up-to-date on how changes in the digital world affect you. As for practical measures, here are a couple of things you can do right away to protect yourself:
Switch to a privacy-friendly browser
While Chrome currently holds a market share of 63%, its record of privacy management has been troubled at best. Google has taken steps to address that of late, but there are plenty of alternatives designed from the ground up with your privacy in mind. Here are two to consider:
Subscribe to a Virtual Private Network (VPN)
Connecting to a Virtual Private Network is by no means a magic solution (you still have to be careful what sites you visit, and what files you download/open), but it will provide you with considerable protection from mass data collection and any attempts to track your personal activity.
To return to the mall analogy, a VPN is the equivalent of stepping into a store with multiple exits that completely changes your appearance once you enter it. Mall employees have no way of knowing who you are once you leave the store—all they know is that you connected to it.
There are plenty of options to pick from based on your needs, but here are a couple of recommendations to get you started:
As I mentioned at the beginning, online privacy is a complex issue to grapple with, involving numerous factors that are constantly changing. My hope is that reading this has made the matter a little easier to understand, and hopefully given you the information and tools to start to protect yourself. Just because privacy loss is a necessary evil of using the internet, that doesn’t mean you give in without a fight!
Freelance writer and communications professional at the University of Toronto. He’s an avid cinephile, voracious reader, and a terror at karaoke bars.