In today’s digital world, data privacy is arguably a valid concern. Do we really even know who uses our data, when they use it, or for what purpose? Do we know what our data rights and options are? Should we care? These are just some of the many questions I’ve been considering lately.

I’m a millennial, teetering on the brink of Gen Z. I remember a time when my life wasn’t connected to the internet, but technically, I’ve never known life without it. As a digital native,  I’m used to providing my information online. An address here, a phone number there, a “log-in-with-my-Facebook-information-because-I’m-too-lazy-to-create-a-new-user-login” with basically every new website I join, never really considering the consequences.

What could they possibly gain from knowing my name, hometown, birthday, and/or friends list? It’s questions like these, that I’m only now starting to consider. But is it too late? After nearly two decades of ignorantly supplying data and enjoying an active digital life, is it paranoid to imagine that all companies have a large pile of data gathered on me? But before I write off all data collection as bad, I do want to note that I have benefited tremendously from businesses tracking and gathering my data. That big pile of data has helped considerably, be it Facebook recommending events, Apple Music suggesting new songs, or Amazon inspiring relevant purchases.

The Innocent Days

When I joined the digital world, the internet, and the collection of personal data, was still in its blissful infancy. It was easy to underestimate the impact of data collection because we didn’t understand the potential use and misuse of our digital footprint. In the early stages of the internet, the digital platforms had the advantage. No one needed Facebook, Twitter, Amazon, etc.  in order to live their lives. It was online services like these sites who set the standards and expectations for what data should, could, and would be collected. Essentially, the digital world raised itself, setting its own rules as it went. Now that the digital world is maturing and consumers are becoming more aware of data practices, we see how the unchecked power affected the growth of the digital world. Sure, many of these online platforms took initiatives and instated data privacy measures, but they also offered a take it or leave it situation – accept these terms, as they are, or else.

Yes, regulations are beginning to come in and require services to explicitly state the privacy and security measures, however services have learned how to use smoke and mirrors when it comes to the presentation of the terms. So maybe the option to opt out of specific data collection is there, but where have they hidden it?

Think about all the times you’ve been asked to accept a company’s new policies or terms. A “Please review these new terms before continuing use of this service” type of situation. Whether it’s a simple upgrade or a whole rewrite of policies, the understanding is, if I just click agree, I get to get right to using the service again. 

An issue arises, however, if I want to actually read the policy change, potentially edit what I’m accepting, and actually know what I’m agreeing to. In this case, I’ll be presented with pages on pages of super technical jargon, and somewhere buried in that mess, is the information I want. Who can be bothered? This is the attitude that services bank on. They hide the data and privacy terms in walls of text. They make the standard option, the accept all option – nudging the consumer to the choice that most benefits the service. In this way, the services comply with the rules and make the information available, just not accessible.

Trust or Regulation

Additionally problematic is that, once we accept their terms, we must simply trust that they comply with the rules they set. How would I know if they shared or misused my data? Sure, big data scandals, with millions of users can draw attention, but we’re naïve to think that this isn’t happening on small scales everywhere else.  But what can we do?

As discouraged as I may be, there’s arguably still hope. We just need stronger, more advanced, and more knowledgeable regulation. In May 2018, GDPR (General Data Protection Regulation) was finally able to be enacted after taking two years to enforce. While implementing a two-year-old data regulation scheme may seem outdated, when we note that many other major countries (e.g. USA, Australia, Canada, etc.) follow regulation established in the early 2000’s, the notion of outdated is magnified. The digital world changes every day and the problem we’re running into is that regulation is playing a game of catch-up. Government regulation needs to follow proper channels and takes time to implement, while the digital world evolves at it’s own pace. The GDPR is a step in the right direction, but regulation is going to have to stay current and relevant worldwide.

So with the digital world too integrated in the average consumer’s life to remove it, and government regulation, outside of the EU, a few years out, what are we to do? Are we cautious about the data we supply? Do we only consent to data policies we understand and fully agree with? What is the most efficient way to take responsibility and secure our data?

I can’t say if my opinion is the dominant opinion, but I can say that there are many out there that feel as I do. However, just because some people are willing to give up their data, in lieu of combing through data policies and diligently managing every shred of data, that does not lift a company’s responsibility to us. Companies need to make it easier; i.e. allow us to opt out as effortlessly as we opted in and simplify the data jargon. In my opinion, if it’s a customer’s responsibility to manage their own data, it’s even more so a company’s responsibility not to take advantage of the customer.

So while you’re mulling over the idea of securing your data, I think it’s fair to end this piece, noting that data regulation has made a difference. Consumers are becoming more aware of the implications of a digital life, and with government regulation beginning to understand and support data protection, the data playing field is beginning to level. With consumers and the government playing a more active role in data regulation, businesses using data are being required to create proper data organizational structures  and notify when cookies are being collected. Measures are being taken to ensure that consumer data is treated properly, but arguably data collection and sharing is kind of like Pandora’s box – we’ve opened the box, and we can’t go back. Now all we can do is mitigate any issues that arise, and learn from our past mistakes.