Earlier this week, countries around the world celebrated Data Privacy Day, Some called it Data Protection Day and others simply Privacy Day. It was filled with public statements about privacy. What can we learn from what people wrote on Privacy Day?
What follows is what I discovered by Googling “data privacy day” and clicking “News.” Briefly, the news is not good. (Disclosure: Google brought back 717,000,000 results for data privacy day news; I didn’t read all of them.)
The first articles to come up were about how you, the user, could protect your privacy. They had titles like “5 ways to be a bit safer this Data Privacy Day,” and “6 Facebook security mistakes to fix on Data Privacy Day.” This theme, that you can do something to improve your privacy, was in many other articles on the list. Many also had titles starting with a number. This approach is good, but I suspect it won’t reach a lot of major issues which require more than user self-improvement.
The Fortunes of Facebook
Facebook made news by announcing, among other things, how they were increasing your privacy by releasing its Off-Facebook Activity tool.
As Facebook said, “Other businesses send us information about your activity on their sites and we use that information to show you ads that are relevant to you. Now you can see a summary of that information and clear it from your account if you want to.”
Hmmm, what kind of information was that? Well, on Monday, the Electronic Frontier Foundation reported that the Ring doorbell app had been sending information from Android devices to Facebook. Researchers have also reported that menstrual tracking apps were sharing sensitive information with Facebook.
It’s nice to know there’s now a tool to see the information about us. I also know that only a fraction of the people whose information is collected will bother checking on it, so how much are these checking apps really worth?
Data Privacy Day was also when a Houston judge put a temporary restraining order on the release of the Off-Facebook Activity tool because the tool could cause evidence to be changed or deleted in the case of a woman alleging that she was lured into sex trafficking via Facebook.
Privacy vs. Security
It became evident after reading several articles that the distinction between privacy and security is not clear. Advice in “Own your privacy on National Data Privacy Day,” included:
- thinking before clicking on links in email and text messages
- making sure your anti-virus software and apps are up to date
- protecting your passwords
- using two-step verification
Several other articles also did not make the distinction between general data security and data privacy.
The confusion could be due to how the National Cyber Security Alliance (NCSA) mixes security and privacy. The NCSA is the official sponsor of Data Privacy Day. It’s StaySafeOnline.org site features many activities dedicated to privacy. It also has a section for protecting businesses that mostly features security recommendations which get quoted by others as part of Privacy Day.
The most confusing thing about the NCSA, however, is this: While it is advocating protecting your privacy it is also, arguably, violating it. According to Privacy News Online, there is a Hotjar tracking script on every page of StaySafeOnline.org. Hotjar uses these scripts to compile click, move and scroll heatmaps. It also recreates each user’s viewing session, showing where and when they scrolled, where they moved their mouse, what they hovered over, etc.
One of the tools on StaySafeOnline is a list of how you can check your privacy on many social media and other cites. As Privacy News Online points out, “Someone using this tool on the Stay Safe Online website to “update their privacy settings”, would actually be helping Hotjar build a profile of information about themselves. It would include the sites they shop on, the email service they use, the type of mobile device they have, how they listen to music, share photos and videos, the ride share services they use, their favorite search engines, social networks, web browsers and more.”
In the end, my brief survey of Data Privacy Day convinced me that the state of privacy today is confused, and often ironic.