As consumers and businesses grapple with emerging technology, they must also stay informed about the rapidly evolving data privacy environment. In this article, we’ll discuss why data privacy is important and delve into five data privacy trends you’ll be hearing more about in 2020 and beyond.
Digital technology has, in many ways, changed our conception of privacy. Countless devices listen for your voice commands, monitor your online behavior, and record your physical location every minute of every day. Any communication or personal data point can be tracked, hacked, or sold to the highest bidder.
The convenience of modern technology almost always comes with a data privacy trade-off—a fact consumers are rapidly becoming more aware of. A recent GetApp survey found that 85% of U.S. consumers became more concerned about their digital privacy rights over the past 12 months.
But data privacy isn’t only important for consumers, it’s also important for businesses. Today, the simple act of respecting your customer’s privacy is as remarkable as it is marketable. GetApp’s survey found that 81% of consumers feel forced into providing personal information to access website content. That might be why 71% of respondents admit to providing fake personal information to websites; 28% say they do so frequently.
Not only does this indicate a lack of consumer trust regarding data handling, it leads to bad data and wasted marketing dollars for companies. Interestingly, 85% of our survey respondents indicated they’d be more willing to share personal information with companies if they were able to see all of the data being collected.
As consumers become more aware of data privacy issues, businesses must work to create stronger customer relationships by improving marketing transparency. But that’s not all. As technology changes, so too does the very nature of data privacy, which in turn impacts consumer sentiment as well as business strategy. That’s why we’re looking at five data privacy trends that will impact both consumers and businesses in 2020.
In Oct. 2019, an open letter signed by U.S. Attorney General William Barr along with officials from Australia and the United Kingdom was sent to Mark Zuckerberg requesting that he delay plans to implement end-to-end encryption on all Facebook messaging platforms. Facebook replied that it is opposed to building “backdoors” for government surveillance that could be exploited by bad actors.
This exchange played a part in the ongoing battle over encryption, a method of encoding data so that it can be viewed only by authorized parties. At issue is law enforcement's contention that improved encryption measures prevent the monitoring of criminals and potential terrorists.
Perhaps the most high-profile encryption fight is the feud between the U.S. government and Apple, which flared up again when the company refused government requests to unlock the phone of a mass shooter. Apple insists that unlocking one iPhone for law enforcement will set a precedent that could lead to unlocking all iPhones. However, a recent report indicates that Apple caved to government pressure when it decided against encrypting iCloud backups two years ago.
Another front in the encryption battle? The Domain Name System (DNS), an unheralded yet important aspect of every internet connection you make. DNS is a fundamental internet protocol that allows IP addresses to connect one computer with another.
Historically, these connections can be viewed by your internet service provider (ISP), law enforcement, and other entities including Wi-Fi providers and hackers performing man-in-the-middle attacks. This means no matter how much you do to maintain anonymity on the internet, a privacy gap always remains at the DNS level.
This is why many choose to use a VPN when conducting sensitive business over potentially vulnerable connections. However, with DNS encryption, those connections will become obscured to all parties other than DNS resolvers that decrypt traffic.
Both Firefox and Chrome web browsers are currently testing DNS-over-HTTPS (DoH), which sends domain connections using HTTPS rather than plain text. As DoH begins to roll out and tech companies continue battling governments over secure messaging platforms, the controversy surrounding encryption will endure through 2020.
Facial recognition is suddenly everywhere you look. It’s verifying passports at the airport, selling chicken at KFC, and scanning pews at churches. And, for some reason, you can now buy a facial recognition litter box for your cats. The practical use for such a high-tech litter box is a mystery, but it goes to show that facial recognition is rapidly being deployed simply because it can be rather than anyone considering whether it should be.
However, a recent GetApp survey found that companies might be overestimating the public’s enthusiasm for facial recognition. Only 32% of respondents feel comfortable providing a face scan to a private company. Furthermore, a full 95% of respondents believe that consumers should have the right to opt out of private facial recognition.
Part of the reluctance might be because facial recognition’s accuracy is far from perfect. The National Institute of Standards and Technology (NIST) recently scrutinized the algorithms of 99 facial recognition vendors and found significant rates of false negatives and false positives that inordinately affected minority groups.
This comes after Amazon’s Rekognition software was shown to have misidentified 28 members of the U.S. Congress. Similarly, an MIT Media Lab study found that facial recognition programs were far more accurate when identifying white males than when identifying Black women.
Another privacy concern about facial recognition is its use in government surveillance. Several municipalities in California (San Francisco, Oakland) and Massachusetts (Somerville, Brookline) have banned the use of facial recognition by city agencies. In 2020, both Portland, Oregon and Portland, Maine will vote whether to ban the technology in their cities. Bans are also being considered at the state level in Michigan, New Jersey, New York, and California.
Our data suggests strong public support for the regulation of facial recognition and related biometric technologies. According to our survey, 84% of U.S. consumers back federal regulation of biometric data used by private companies.
Your mobile device is tracked everywhere you go—which means you are too. And it’s not only Google Maps and Uber that know your comings and goings. Any app that requires location permissions (which is most of them) is keeping up with your whereabouts. Furthermore, these companies share location data with each other to develop an even more precise understanding of your patterns. This largely unregulated invasion of privacy has begun to sound alarms with the public following a recent expose in the New York Times.
This follows a bipartisan letter from Senators Chris Coons and Josh Hawley to Mark Zuckerberg asking that Facebook “respect” users’ attempts to keep location data private. This is because Facebook, like many other tech companies, shares user data and uses numerous methods to discern user locations even when they’re not using a Facebook app or have explicitly turned off location tracking.
Your mobile device also broadcasts your location through bluetooth and Wi-Fi by sending out signals that contain your device’s unique media access control (MAC) address. Whenever you look for the Wi-Fi at your local coffee shop, every router on that list of networks is responding to your phone’s signal, and potentially collecting its MAC address.
Even beyond device tracking, vehicles are tracked at street level by online surveillance networks and highly detailed satellite surveillance will soon be updated frequently enough to provide granular detail that could let someone know when your car is in the driveway and when it isn’t. As the appetite for location information builds, our data will reveal not only where we’ve been and where we are, but also increasingly predict where we’ll go in the future.
Recommended reading: How to Remove Personal Information from Internet Sources
For years, vulnerabilities in internet of things (IoT)-connected devices such as smart speakers and IP cameras have caused concerns about hackers, data leaks, and other security threats. Now, a new generation of smart devices are being designed specifically for surveillance and the privacy implications couldn’t be greater.
Led by Amazon’s controversial Ring doorbell, a deluge of consumer surveillance technology has recently hit the market. Ring is a device that records video of people as they approach your home that can be viewed from any mobile device. Last year, it was revealed that Ring had entered into agreements with hundreds of local police departments across the country that involve exchanging user video for 911 data. Then, over the holidays, Ring was the subject of several high-profile hacks and vulnerabilities which led to several organizations pulling their recommendations for the product.
At the recent Consumer Electronics Show (CES) in Las Vegas, NV, smart surveillance technology dominated the conference. Wyze, one of Ring’s chief competitors in the smart camera market, won an innovation award for its Wyze Sense home automation product only two weeks after the company experienced a massive data breach. In the smart device market, innovative design continues to beat security.
Other CES highlights include a home floodlight camera from Arlo that includes night vision and two-way audio to converse with potential trespassers, and an autonomous security drone from Sunflower Labs that flies above suspicious activity to stream live overhead video to its owner. It’s clear that we’re entering a new era of surveillance both inside the home and out.
Recommended reading: IoT and BYOD devices bring holiday fear
No doubt you started off 2020 with numerous emails and website banners from companies explaining their updated privacy policies. Part of the reason is the California Consumer Protection Act (CCPA), which took effect Jan. 1. The CCPA is the most important comprehensive consumer privacy law ever adopted in the U.S.
In fact, the CCPA is already influencing other state privacy laws. Nevada recently enacted SB220, a law that regulates online consumer data and allows residents to opt out of the selling of their personal information. Scheduled to take effect in July 2020, Maine’s Act To Protect the Privacy of Online Customer Information (LD946) will allow the state’s residents to choose whether ISPs may or may not sell their data.
Relating to a different type of data privacy issue, a movement has begun to increase the transparency of automated decision-making and to address insidious effects of algorithmic bias (i.e., errors in computer algorithms that result in inaccurate or unfair results). Both New York and Washington state are considering the regulation of automated decision-making, while New Jersey Senator Cory Booker has taken the lead on a proposed federal bill to regulate corporate algorithms.
On Jan. 1, 2020, a new Illinois state law (known as the Artificial Intelligence Video Interview Act) regulating the algorithms used in AI-enhanced job interviews went into effect. This follows New York City’s Local Law 49, which was enacted in 2018 to study the societal impacts of automated decision-making. As algorithms and automated decision-making continue to make greater impacts on our lives, this data privacy issue will only grow in importance.
It’s never been more important for consumers or businesses to be aware of emerging data privacy issues. From data encryption to location tracking and regulatory compliance, knowledge of the wider data privacy environment helps consumers better protect their data and ensures that businesses make more informed decisions in 2020, and beyond.
The facial recognition statistics referenced in this article resulted from a survey that was conducted by GetApp in January 2020, among 487 U.S. consumers.
The data privacy statistics referenced in this article resulted from a survey that was conducted by GetApp in December 2019, among 390 U.S. consumers.
Note: This document, while intended to explain why data privacy is important, is in no way intended to provide legal advice or endorse a specific course of action.