If you aren't paying for it, you are the product not the customer. When you use a company's free product such as a social media platform or search engine do you consider yourself a customer? Many may come to the logic of yes as I am a human being while others may say no as there is no payment being provided for their product. As nothing comes free and not many companies provide their product out of the kindness of their heart, if you are using a free product consistently you realize these companies need to make money somehow. The way they make their money is by selling their product, you,or specifically your data.
Although you may realize it or not you consent at some point to the sharing of this data when you use their product, and many opportunities are actually beneficial through this business model but what can we do to make this model less predatory and more transparent. There are many factors that go into data security including ethics, privacy and computational techniques so I'd like to provide a large range of reformations to combat these issues.
Some possible solutions include stricter data protection laws, encryption and decentralized technologies, more public awareness on data usage. My main goal in this proposal is to keep both parties in my interest to keep it realistic. Although data exploitation is the issue I am working to resolve, realizing the companies will never make that change unless they get some sort of compensation in exchange. Working for both my audiences may seem to be difficult but if both sides make an effort to work toward achieving more privacy in this age of prying eyes we can once again have equity of privacy. First let's discuss this issue of security and privacy in depth and bring to light why it is such a pressing issue in this era of technology.
In today's society of constant digital use ,to the point of reliance, we have made it easier than ever to give access to our information to those who may desire it. The term "your data" is constantly thrown around but what exactly does that mean? The data being desired is not analytics, this is simply user behavior monitored by websites and apps that the app uses for feedback on their software. The data being discussed is your personal data and usage data, data which can be used to not improve a product but to instead make you the product. Usage data can be maliciously used to build a profile around you and use that profile to manipulate in the digital space. This data includes you yourself, your interests and even scariest your relationships.
This relationship data can be used to branch to even more people and create a web of digital profiles until companies can target every single person in your circle. When you give a company access to your contacts they come out with the intention of using that information to find those who have also used their phone number on the app and connect you. In reality you are really exposing everyone who is in your social circle and companies may use this to connect you but also to build an even more in-depth profile. Your phone number as well as all your other contacts are now in their database, very valuable information which can be sold to other companies or even for government demands. If someone with official authority suspects an individual of illegal activity they can request information from these databases to be used in investigations, a convenient shortcut for our government but a breach of privacy for the rest of us.
With so much of your personal information being documented in a digital space there will of course be those who will want it. Companies collecting this information is one thing, but a reputable company will be trusted to use this information for good, but what if there is a break into that data or that company is looking to make a profit off of this priceless personal data. When your privacy is breached the security of your data is now in the hands of those who collected it meaning the security of your data is to the power of the security of these companies. Cybercrime and hackers are actors that constantly threaten data security through sophisticated attacks, even able to break through the security measures of major companies. In 2013 Target suffered a major data breach that compromised the financial data of seventy million customers through finding the weak spots in Target's digital security system. This attack impacted Target's reputation as well, costing them 202 million dollars in settlement payments. This stolen data was from those who used their personal payment information at a Target location but what about data such as personal information you had no clue even existed.
Meta, formerly known as Facebook, is one of the social media giants right now, as well as one of the largest collectors of personal information. Whether you have realized it or not, Meta collects a vast array of information provided directly and indirectly such as activity, behavior and information from other websites. This data is used to target you and advertise specifically to your niche. Meta has had a rough reputation with how it handles the data of its users and it is warranted, as they often exploit this sensitive information for monetary gain. In a long running lawsuit which stemmed from the time around the 2016 election, Cambridge Analytica paid Facebook approximately one million dollars for personal information on its users. Fifty million user profiles were harvested for information as to give a certain candidate political advantage, not only a breach in privacy but also exploitative of the individual to make the powerful even stronger.
Although we have encountered issues in Privacy and Data Security many times before, the national US government has not done much in the way of creating any laws for this issue. Attempts have been made before, The American Privacy Rights Act was recently proposed which could establish national consumer data privacy rights and set standards for data security in companies. Some work has been done at the state level such as in California, Texas and Virginia to expand consumer rights and obligations for businesses.
Once we acknowledge the scope and progress of these issues we can start to tackle them. I think a good place to start looking at solutions is the acknowledgment of the individual and how we can start to empower them. Giving control back to the people is one of our biggest goals so making sure to empower the individual is an important aspect of our solutions. At the company level we need to build trust between corporation and consumer once again, encouraging responsible consumption without the sacrifice of privacy. Companies must also grow with the technology around them, as malicious actors definitely already are. These are the changes I propose, adhering to these guidelines.
For a start we need to look at the individual as they are the victims of this issue. A data collecting organization is nothing without its people as that is the data others so preciously covet. This monetization of the individual has dehumanized them significantly, turning them into nothing more than a number. To give privacy back to the people we need to work on empowering them past the point of just another dollar in a big corporation's pocket.
To achieve empowerment to the individual when it comes to their data security and privacy we need to focus on education, transparency and providing the necessary tools for control. The minimal education on this topic is one of larger contributions to this issue as rapid growth of surveillance technology has left a lot of those clueless on the matter. Reading up on your data privacy rights and how companies may be exploiting them can help raise awareness and outcry towards this cause. Transparency of companies allows for easier education as well since having service providers admit their data collection methods and how its used may illuminate your decision on who to trust. Password managers, two factor authentication and encryption protocols help ensure users are in control of their own security measures, not the large corporations.
For the companies' duty in all of this they must close the divide in trust that has grown between corporation and consumer. This can be done through some of the aforementioned strategies such as transparency and user control as an equal relationship is one you can place trust in. Data minimization is another method where users only input data that is necessary for the company, this can build trust as it makes it clear the company has no ulterior motives and reduces leakage of sensitive information. Having a straightforward user agreement allows for the user to agree what they are even agreeing to. It has become common practice to be faced with a ten page contract which is incredibly easy to just skip through, but in reality that is what these companies want. If companies provided a clear cut agreement that demonstrated without confusion what a user was agreeing to and what of their data was being collected many would never agree, this shift may encourage companies to be less reliant on user data.
Something we must also anticipate is our future technology as rapid advancement is how we ended up with so many uneducated individuals and little legal jurisdiction in the realm of data. As technology advances corporations must be on top of updating their technological architecture to anticipate new security threats. Corporations may tend to rely on older technology as that's just how they function but malicious hackers are typically up to speed with the most efficient technology meaning these companies are unprepared for this constantly evolving environment. Keeping companies up to date on the latest technological advances is just as important for the consumer. As an individual being online at this time puts you at high risk for you to be compromised but knowing how to keep your data safe with new technology is also your responsibility. Better encryption methods and securing your accounts with new methods like two factor authentication let you adapt to the evolving cyber threats
Although it may cost these companies more in the long run, building these relationships between companies and customers may provide more benefit in the long run. The proposed changes to data security and privacy are necessary not just for ethical and personal reasons but for economic sustainability. Companies with more trust are naturally going to have the competitive edge, companies who have actively worked toward user trust have benefitted from this as they have such long term customer retention. This linkage between ethical practice and profitability show that these two parties' interests can align.
Money wise there will be some financial and operational costs that need to be addressed. Adopting new technologies such as more advanced encryption and new security infrastructure will allow for more efficient work. Hiring cyber security professionals and writing new user agreements will also take some money but will be essential to building a good reputation. Finally the short term loss in giving up data monetization, which will hopefully be offset by the long term benefits like reduced risk exposure and positive brand recognition.
For evaluation one would need to review the qualitative and quantitative statistics before and after the shift toward user empowerment and better security. Metrics such as user feedback will give direct feedback on the level of privacy they feel after the changes, and sales numbers will display the reputation of the company. Consistency of data breaches will also reveal how efficient new security measures have been.