CS Jul-Aug 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
privacy crisis<br />
an inconsistent picture across data<br />
requests to companies. Responses varied<br />
dramatically: of all the access requests<br />
put out, rates ranged from 65% of<br />
companies not responding to one<br />
volunteer to just 10% not responding to<br />
another. Under GDPR laws, companies<br />
are required to respond to consumer<br />
requests - but many did not or made the<br />
process difficult and time-consuming.<br />
The study also found that processes put<br />
in place to help consumers have more<br />
control over their information online in<br />
fact made them more likely to give it<br />
away. The biggest gateway to personal<br />
data for most users is the GDPRcompliant<br />
'cookie banners' - but Demos<br />
concluded the banner's design often<br />
actively sought to dissuade users from<br />
changing data permissions "through<br />
nudges to incentivise you to agree to the<br />
most permissive settings".<br />
The study also found "accepting all"<br />
on cookie banners frequently gave<br />
companies permission to sell consumer<br />
data onto data brokers - creating a black<br />
hole in their ability to protect customer<br />
data. "One of the biggest problems right<br />
now is companies gathering enormous<br />
amounts of data on people, selling it<br />
off to data brokers and even they don't<br />
know where it ends up," commented one<br />
volunteer.<br />
DOUBTS RAISED<br />
This made them question whether they<br />
wished to continue buying from that<br />
company, explaining: "It's not necessarily<br />
that I don't trust them as a brand not to<br />
misuse my data - it's the fact that I don't<br />
know who they're selling it to and who<br />
that broker is selling it on to".<br />
Study volunteers were also surprised by<br />
the inaccuracy of profile information<br />
companies had compiled about them,<br />
based on their online activity. This<br />
'propensity data' is intended to help<br />
advertisers target users who are most<br />
likely to be interested in their products.<br />
However, this data is also used to make<br />
decisions which have far-reaching<br />
ramifications in the real world, such<br />
as whether an individual would qualify<br />
for a mortgage or credit card.<br />
The study states: "We found a chaotic<br />
system that profits from our data, while<br />
doing little to empower users to exert<br />
their rights: data is collected and inferred<br />
about us, and used to make decisions in<br />
the dark about what sort of person we<br />
are, what sort of products and services<br />
we should be offered - from health<br />
insurance to mortgages."<br />
PANDEMIC HANGOVER<br />
Allan Dunlavy goes on to explain that<br />
much of the issue was born out of<br />
the Covid 19 pandemic: "For many<br />
companies, the rush to move to<br />
an online business model during the<br />
pandemic resulted in shortcuts being<br />
taken. We are seeing a lot of data privacy<br />
codes of practice overlooked, despite<br />
the best of intentions - with many<br />
companies often unknowingly<br />
contravening data legislation through<br />
poorly set up processes. But with privacy<br />
becoming a key focus for consumers,<br />
companies need to take these issues<br />
more seriously.<br />
"It's time every company took a long,<br />
hard look at how confident they are of<br />
their data ethics. This is a strategic<br />
reputational problem that<br />
needs addressing in the<br />
boardroom - not in<br />
isolation by a<br />
marketing or IT<br />
team."<br />
Law firm<br />
Schillings<br />
commissioned<br />
the study as part of its 'Accept All:<br />
Unacceptable?' campaign, highlighting<br />
and addressing the urgent need for<br />
society to do more to protect personal<br />
privacy online. Volunteers from the<br />
study can been seen in the documentary,<br />
'Accept All: Unacceptable?', which was<br />
also commissioned by Schillings, now<br />
available to view on YouTube here. The<br />
film sets out to answer the question :<br />
"Why should we care about online<br />
privacy?"<br />
Allan Dunlavy, Schillings: we're in the<br />
middle of the largest privacy crisis in<br />
history.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jul</strong>y/<strong>Aug</strong>ust <strong>2023</strong> computing security<br />
13