In the early internet age, paying for goods online or transferring funds was a risky business. Users had to open up their treasure trove of credit card numbers and bank account details to third parties, putting themselves at risk of their data being misused, hacked or sold on.
Then, in the year 1999, the knight in shining armor PayPal, emerged as a reliable middleman which could instantaneously transfer funds between individual users’ secure, individual payment ‘wallets’, without needing to share any sensitive data with the recipient. Problem solved.
In the current digital landscape, whether they know they are doing so or not, users are constantly offering up personal data with every click they make on e-commerce platforms, news sites, search engines, and social channels. The vast majority of users are blissfully unaware of the value of this data to third parties, or the potential risks facing them should this data be used by the wrong people.
So what are the risks facing internet users, and would it be possible to take lessons from PayPal in creating safe havens where all user data can be stored, safe from prying eyes, and only available to entities approved by the user?
- Your data is a commodity
In the pre-PayPal age, people were at least aware of the risks of handing out their personal financial data. If funds went missing, or there was unusual activity on their bank accounts, they could probably have fingered the blame at a select few sites or companies who they had recently dealt with.
Now, however, billions of internet users tap away daily, offering up valuable personal information to unknown sources, with very little regard for what information they are sharing with who, and what platforms can legally do with their data. To make matters worse, in March 2017, the US House of Representatives voted to repeal legislation launched under the Obama administration which blocked internet service providers (ISPs) from selling their customers’ web browsing and app usage data without asking them first.
This new legislation, effectively gave the legal green light for ISPs and online platforms like Google or Facebook to sell on user data for profit.
And they were already doing this anyway. Unless internet users are using a VPN, almost every action made online is recorded digitally. Free online services like Facebook, Yahoo, CNN, Youtube or Amazon use algorithms to track billions of users online behaviour, the products they click on, the articles they read, the photos they like, or the searches they make. They then share or sell this information to advertising companies, or brands, who use the data to target users with specific content and advertising which is likely to resonate with them based on everything they do online.
Recent studies estimate Facebook earns US$4.23 from each user on average: $17.07 in USA/Canada , $5.42 in Europe, $1.98 in Asia — from selling on this data, which allow brands to advertise to the right people at the right time. Considering there are an estimated 2 billion Facebook users around the world, this is earning Facebook a pretty penny.
- What are the risks involved of unrestricted use of user data?
So considering how valuable this data is to marketers, should users not have some power to protect who is using their information, and who it is being shared with?
The E.U. commission thinks so. When May 2018 rolls around, thanks to the passing of the General Data Protection Regulation (GDPR), companies and brands will need to have systems in place to inform users if they hold any data relating to them, and ‘forget’ their data if requested. Companies who fail to comply will be hit with fines amounting to hundreds of millions of dollars.
So why are the E.U. taking such a tough stance? Well, there is the moral question of whether it is right that large organizations can secretly profit from the data of their users, without letting them know they are gathering, storing, or sharing it. But there are other factors too.
A recent hack of American credit reporting agency Equifax which was announced in September 2017, is estimated to have revealed highly sensitive information of 143 million Americans, more than a third of the total population of the country. The data includes Social Security numbers, birthdates and addresses and even driver’s license numbers, exactly the sort of information which hackers, or online fraudsters could use to steal identities, and commit online crimes.
There are other ways this could affect users financially. In 2012, an expose by the Wall Street Journal revealed that travel price comparison site Orbitz Worldwide had discovered Apple Mac owners tend to spend as much as 30% more a night on hotels, and started funneling more expensive hotel offers to Mac users based on their computer data. Staples was found to be charging users who didn’t live near one of their stores higher prices than those living in close proximity.
There is also the issue of privacy. Companies target users with adverts based on their online behaviour. Many users would not want searches for more personal products related to health, personal hygiene, sex etc. coming up as banner ads on their Facebook page when at work. A recent article on the Dooth blog offers the example of someone searching for divorce lawyers only to then have their family computer bombarded with adverts for local divorce lawyers, not the most tactful way to raise the theme with the kids! The potential for uncomfortable situations are endless.
There are also legal implications too. Whether users know they are being tracked or not, their online behaviour is usable as evidence in trial, and ISPs can be subpoenaed to provide data records for criminal cases.
- How can we ‘PayPal’ protect our data?
So considering how valuable, and sensitive our online data is, aside from using a VPN, or trusting that the GDPR will force companies to play by the rules, is there a way that users can be more proactive in guarding their digital footprint from prying eyes?
Thanks to emerging blockchain technology, yes. In the same way as PayPal guards sensitive user information in protected ‘wallets’, blockchain technology allows users to backup any structured data, from a wide ranges of sources, be it financial, social media data, or data gathered by IoT devices or sensors to a database backed by a blockchain ledger. This would offer users much more anonymity online, and more control of who can access, use, and share their data. It would also offer users the chance to earn their share of the value of their personal data to third party organisations like Openrise and DataMarket.
In a recent report McKinsey researchers highlight that digital marketplaces — platforms which allow data to be offered, shared or sold to third parties — are growing in abundance, and are essential in allowing companies and individuals to deal with the huge amount of data being created thanks to IoT technologies.
Blockchain technology is still in its infancy, but the opportunities for storing, securing and offering users the power to choose if, and when they share their data are endless. However, the first step is that internet users around the globe, take heed of the fact that their data is out in the open, and take steps to control access and protect their treasure troves to the best of their abilities.
