By Phil Muncaster, guest writer at ESET
“The lampposts are listening to me; I am sure that the adverts I see online are from a
conversation I had walking down the street.” Yes, someone I know claims this is happening
to them.
If you are in some way related to the cybersecurity and/or privacy industries, then you will
have heard similar claims, and when you try to explain how companies may have collected
the data being used for advertising, it’s dismissed as it requires people to understand they
most likely willingly, but maybe unknowingly, allowed their data to be collected and used.
The process is often invisible, with data covertly collected from the actions that we take and
the snippets of information that we openly disclose. Companies then use technology to make
“intelligent” deductions about our preferences.
Use a GPS map app to find a restaurant that specializes in a certain cuisine and the search
provider can ascertain that you eat out, what day of the week you eat out, possibly how
frequently, how far you are prepared to travel, possible food preference, the time of day you
eat, etc. In this case, the snippet of data was just the name of the restaurant, yet the resulting
information that can be deduced from the action can be significant.
Go back to my friend who thinks lampposts are listening to them, a walk down the street
discussing whether to go out for an Indian or a Chinese tonight, later in the day they jump in
the car and use their phone to navigate to the restaurant. When they see an advert next week
for restaurants similar to their choice, was it the lamppost or from data they freely handed
over?
Understanding how data is collected and the conclusions that can be drawn is complicated,
and likely a topic that is interesting when someone explains it but probably too complex for
any actions to avoid collection. I would hazard a guess that even those in the know, so to
speak, likely give away more information than they realize.
Educating consumers on the value and importance of their personal data is the very reason
that back in January 2008, the US and Canada created Data Privacy Day. It’s an extension of
the Data Protection Day marked by European countries since 2006. The day itself, January
28th, commemorates the 1981 signing of Convention 108, an international treaty dealing with
privacy and data protection.
In the US, the day has evolved into a week, giving greater opportunities for events and
engagement. Since its inaugural event, the world of data and privacy has changed
significantly. The value of data is now recognized by companies and governments, thus
leading to the significant capturing of personal data. This has driven the need for legislation,
such as the General Data Protection Regulation (GDPR) in the EU and the California Privacy
Rights Act (CPRA), providing some protection to individuals wishing to control the use of
their personal information.
Awareness-driving activities such as Data Privacy Week are important, as they drive
conversations between individuals, businesses and governments. However, is the appreciation
of data and privacy more important than to leave it to chance that you might engage with the
topic during an annual event?
In my opinion, the answer is “Yes, the concepts of what personal data is, the value it holds,
the risk of it being abused, or even just used”, should be a topic that everyone is taught during
their standard education, and start before they operate their first “smart” device. This needs to
include an understanding of the rights that privacy legislation affords the individual, the right
of deletion, modification, request that data, and so on.
Without understanding the importance of the personal information being collected and the
value it holds, or the rights of the individual to manage their data, people are likely to go
about their daily business blaming the lampposts for the adverts they see next week.
