What Are Apps Doing With Your Data?
Earlier last month, the New York Times published an opinion piece titled “It’s Time To Break Up Facebook.” The title itself is not necessarily provocative — voices have been calling for the disbandment of the social media conglomerate in greater and greater numbers—but the by-line is. The article is authored by Chris Hughes, co-founder of Facebook.
Hughes’ claim that Facebook poses a “threat to democracy” is grounded in the social media’s access to an incredible amount of raw data. Facebook and its affiliates, Instagram and Whatsapp, aggregate data such as likes and dislikes, engagements, time spent watching a video, etc.; and encourage users to share even more personal information; ostensibly to improve their targeted ad services. However, as Hughes points out and the Cambridge Analytica scandal confirmed, such unfettered access to data can lead to more concerning problems than targeted ads that seem to read your mind.
Hughes is neither the first nor the only tech entrepreneur to blow the whistle over data privacy concerns, and the problems he identifies are not limited to social media. The current generation, fueled by smartphones, smart speakers, smart homes—smart everything—is waking up to the serious challenges to privacy that these technological efficiencies are potentially introducing, driving policies like the EU’s General Data Protection Regulation (GDPR).
For companies that deal with special categories of sensitive data—like medical information—the stakes are much higher, as publications like the Washington Post and Vox have enumerated. Access to information such as mental health, sex life, family planning, history of disease, physical wellness, etc. could potentially jeopardize users’ job opportunities, promotions, and may even engender or perpetuate discrimination in the workplace.
While the increased awareness of data privacy and security issues is forcing companies to take a second look at their protection policies, there are steps that consumers can and should take on their own to keep themselves informed—a “know before you go” approach.
As an executive at a data tech company, here are my five top tips for consumers to keep data private and safe:
Ask yourself: how do they make money?
If an app or tool is “free,” it’s likely collecting revenue from advertising rather than sales, which means that your data—everything from number of logins to location to the number of times you visit the app in a day—is potentially being shared with third-party sites, either in a direct or de-identified form.
Look for the company message and prioritization of security.
If a company has a chief information security officer, that likely means that data is being monitored 24/7, making it a critical part of a cybersecurity system. If the company has any users in the EU, or does any business with the EU (and this is the case with many companies), they may need to be GDPR-compliant. While there is a long list of requirements for GDPR compliance, one of the most significant is that a company must inform its consumers of a data breach without undue delay and in many circumstances within 72 hours.
Is there a consent process?
Is the app or tool upfront and transparent about data use and policies? Do you have a good understanding of how your data will be used after you have been given access to the App? Apps or tools that do not ask for permission at set up, or mask their data sharing practices in complicated language are suspect. Pay special attention to third party data sharing, including services like Apple, Alexa, and others; and make sure you are okay with this before you sign up.
Check the fine print.
Not all data use and sharing is equal. Sharing data in a de-identified and legally-compliant manner can have the positive effect of improving outcomes or performance for the benefit of all users without compromising user privacy. Check the fine print to determine what type of data sharing a company is performing.
Do your Research!
It is always a good idea to do your own research. Take the time to do a simple Google search on a company’s privacy and security policies. Look up the third-party sites that are sharing their data. Determine whether you can delete your own data from a site should you choose to. Companies may or may not adhere to regulations of data, but the consumer has the power to hold them accountable.