Integrating digital systems into our societies has led to huge benefits in the efficiency, capacity, and complexity of our information systems. But it doesn’t just provide solutions, it also creates new problems that need to be addressed. Here are some examples:
- We are able to engage with friends and colleagues remotely through free online tools like video conferencing and social media platforms, but…
- …the information we put on these sites is used or sold for various purposes, usually without our knowledge, and is often poorly secured.
- Online shopping saves consumers time and makes it easier to compare products, but…
- …it also centralizes sales through just one or a few platforms, allowing those companies an outsized influence over what products consumers can see, and giving them detailed information about each consumer’s purchasing habits.
- Search engines have made it far easier to find information and learn, but…
- …they also track individuals’ inquiries, giving those companies detailed information about their users’ interests and lives.
From one perspective, these privacy tradeoffs are just the price of using such valuable and helpful tools. After all, nothing is truly free, and there’s no monetary fee for using most of them. From another perspective, they’re invasions of individuals’ privacy that weren’t communicated to them sufficiently beforehand.
This second perspective seems to have been gaining traction among the public and elected officials in many countries. Privacy protection regulation has been on the rise around the world, and public advocacy for individual privacy online is increasing, with movements like Global Privacy Control gaining more traction.
In this post, we wanted to summarize what some of the experts are saying about the biggest recent and ongoing trends in digital privacy. For more information about the rise of individual privacy and other trends, read on.
Regulation on the Rise
In 2018, the EU began enforcing the General Data Protection Regulation, broad legislation granting individuals more protection and control over their personal data. Since then, around $300 million in fines have been paid for violations of its rules, and more than 60 countries have proposed or enacted their own privacy regulations, including major and emerging economies like China, Russia, Brazil, and Australia. Gartner Inc., a leading research and consulting firm in the US, projects that “[b]y year-end 2024…75% of the world’s population will have its personal data covered under modern privacy regulations.”
In the US, currently, no individual privacy protection legislation exists at the federal level. However, three states (Colorado, Virginia, and California) have already enacted individual privacy regulations, and more are expected to follow suit in the near future.
Here in Canada, the Digital Charter Implementation Act, a.k.a. Bill C-27, was recently introduced to the house of commons and is currently in deliberation. Bill C-27 would enact three new pieces of legislation (CPPA, AIDA, and PIDPTA), which together would replace and expand on existing privacy regulations (i.e. PIPEDA) and break new ground in regulating AI systems.
Since the dawn of the internet, a small, technically adept set of users have been highly privacy-conscious, advocating for systems and regulations that would make internet spaces safer and fairer for individuals. Recently, however, this opinion is starting to become more commonplace. A number of major data breach scandals raised concerns about the ability and willingness of large organizations like Meta (formerly Facebook) and Google to protect the massive caches of user data they so eagerly accumulate.
According to the sources we reviewed, individual members of the public are becoming more concerned about the safety and control over their data. One study revealed that 84% of consumers polled say that they “…care about data privacy,” 80% said that they’re “…willing to spend time and money to protect [their] data,” and 48% said that they “…have switched companies or providers over their data policies…”
This rising concern exerts market pressure on companies to be more transparent and ethical about their data handling procedures if they want to attract new users to their platforms. Global Privacy Controls (GPC) is a movement that has been gathering support in the US and around the world, with backing from several legislators and privacy advocates. At present, their agenda seems to be limited to advocacy and a web browser plugin that notifies websites about individuals’ privacy preferences. As support grows, however, it’s reasonable to expect more legislators and lobbyists to get on board, and the movement could turn into a significant force for pushing consumer privacy regulation.
While it is logical to link the rise in the public’s privacy consciousness with the recent increase in privacy-focused regulations around the world, it’s important to remember that correlation ≠ causation. The rise in public awareness motivates elected officials in liberal and illiberal societies alike to appease their constituents’ wishes, but new legislation also makes headlines and further increases public awareness. Various scandals and data breaches also make headlines and raise awareness, but primarily only get attention from those who are already interested in data privacy.
What to Expect
Whatever the causation behind the rise in public concern and official regulation in consumer privacy protection, this shift will have, and has already had some notable effects:
- Times are tough for business models based on user data: Increasing regulatory pressure against invasive or insecure use of user data means some methods and technologies will have to be ditched, and new compromises will have to be implemented. But if organizations play their cards right, they can come out on the other side with more efficient and more ethical business models than ever before. Here are some of the key innovations currently offering solutions to data-driven organizations:
- Zero & First-Party data, and other cookie-less solutions: data-driven business models rely on information about individuals’ preferences and interests. Some companies are switching away from invasive cookies and other third-party sources, to simply asking consumers what their preferences are (first-party info) or using the information they’ve already volunteered as part of a transaction (zero-party info). Not only is this fairer to the individual user, but it’s also more reliable information.
- Complex Encryption Methods: New innovations in encryption allow systems to perform computations on encrypted data sets without having to decrypt them first. This means that encrypted data can be incorporated, modified, and stored without giving the systems or organizations performing those operations on it access to the contents.
- Differential Privacy & Clean Rooms: Differential privacy just means sharing information about a data set, without actually sharing the contents. Automated differential privacy systems are able to abstract trends and themes from a data set but won’t allow access to the individual pieces of information. “Clean rooms” are digital platforms built for this purpose. This compromise allows data-driven business models to continue, without compromising the privacy of individuals.
- Centralized & Automated Privacy User Experiences: one of the most notable features of legislation like the EU’s GDPR is the provision for individuals to request information about the way their data is used by a company, and the ability to request that it be deleted. These “data subject requests” (in the language of the GDPR) could become very time-consuming if processed manually, especially as individuals become more interested. To cost-effectively process large volumes of data subject requests, companies in the affected jurisdictions will need to develop automated processing systems. In addition to other privacy mandates becoming law, it makes sense for companies to create centralized user portals for handling their privacy settings.
- It’s a good time to work in Privacy: with the increased investment and demand for privacy solutions created by tightening regulations, expect jobs for qualified professionals in the field to be plentiful and lucrative.
- A mixed bag for AI: On the one hand, AI solutions for information processing and analytics automation offer a win-win compromise for data-driven businesses and individuals alike: businesses get to generate and use valuable analytics without having to see individual users’ information. On the other hand, AI has been shown to be a security liability: Gartner found that 40% of organizations surveyed had an AI-related privacy breach, and that only a quarter of these breaches were instigated by external bad actors. In an age of ever-increasing public concern for individuals’ information security, these kinds of breaches are bad for organizations’ reputations. The future of AI systems in a more privacy-focused world will likely depend more on the ability of their creators to keep them secure than on the potential benefits they can offer.