Privacy is dead.
It used to be that privacy was expected. Now, it is exploited. And most if the time you do not even know it has happened.
To drive this notion home, I have long used this loaded question: “What is Facebook?” Typically, it is described broadly as a social network or perhaps they will call out a specific feature that is particularly valuable to them. My response is always the same. “Facebook is a data mining company; the social network is a Trojan horse.”
Each time you post a photo, like a brand or product, take a survey or click a news article, a data point is created. These individual actions are then paired with the infinite number of past actions to create a frighteningly detailed profile. The information is then monetized, but you do not share in the bounty. As is often said, if you are not paying, you are the product.
It took the Cambridge Analytica scandal and the ensuing outrage to bring this discussion to the forefront. Words like “breach” and “data theft” were thrown around incorrectly. While one could argue there was something more sinister – or perhaps even fraudulent – working in the background at Cambridge Analytica, the tool worked exactly as it was intended. You just did not understand the rules of the game.
Facebook is not alone in this. I could fill pages with example after example, and sadly, I would not even begin to scratch the surface. Rather than simply rant about the egregious breaches of trust and deception, it is time for action.
It is time for us to take back our privacy. Or, at the very least, know when we are sacrificing it.
Terms and conditions, terms of use and privacy policies are a jumble of legalese that most never read, or those that do fail to grasp the gravity of what the words really mean. A law degree should not be required to have a basic understanding of what you are walking into. (Is uninformed consent really consent at all…?)
I have a solution.
But first, a little background. In 1990, the U.S. Food and Drug Administration (FDA) instituted requirements that all packaged food products display nutritional information in a standardized format.
For the first time, consumers knew exactly what they were buying when they went to the grocery. This was groundbreaking. And better yet, consumers then had a common tool with which to compare across brands. You could finally select the salad dressing that would help shave off the pounds rather than add to them.
We should do the same for data.
Keep the detailed agreements, but now, mandate a common form, standardized disclosure of what is to be collected and how it will be used. Keep it simple. Summarize and categorize. Let someone know at a glance. Empower people to make informed decisions about their data and its use.
I propose a multi-point scale much like that the Motion Picture Association of America implemented. With its standardized categorization, you know instantly whether a movie is appropriate for you or your family.
But we know not all PG-13 movies are created equally. That is why there is qualifying information attached to the ranking (like language, mild violenceor brief nudity). The rating contextualizes the appropriateness; the additional information provides qualification. If you do not like the rating, you do not buy a ticket.
It does not really matter if the data risk rating is alpha-numeric (akin to PG-13), text (low-moderate-high-severe) or color (green-yellow-orange-red). What matters is that with a glance you know if you are unwittingly giving someone the keys to everything just to plant a few rows of virtual crops, play a trivia game or post a picture of your avocado toast.
This high-level ranking should be followed by categorized listing of what is to be captured. Bolded line items like contact info, location, audio and other broad classifications should stand out, then be qualified with such detail like name, address, phone number. Similar to the Nutrition Facts, you would have a standardized reference for what data is to be collected.
But what about its use?
Like "% of Daily Value”, provide a symbol-based indication of whether it will be used outside of the platform. It could be as simple as ‘-‘ for none and ‘$’ for we will ruthlessly shill your data to enrich ourselves (perhaps for the downright outrageous data use, a skull-and-crossbones).
You get the idea, so I’ll stop here. Transparency and simplicity should prevail.
I recognize this all sounds much easier in concept than in execution. A governing institution would need to be created. Standards would have to be set. Measures created to apply the classifications. Audits to ensure compliance. And a stick with which to punish those that fail to comply or mislead.
It’s a lot, I know.
But if there is to be legislation to limit, control or disclose data capture and utilization, I hold hope that it skews towards a clean and functional solution. The real risk is that the outcome follows in the footsteps of Sarbannes-Oxley (SOX) in response to the Enron and other financial scandals. Unlike then, let’s not go nuclear.
If a legislative hydrogen bomb is dropped, a victory would be declared, but the problem would certainly prevail. Those with resources would navigate within the guidelines of the rules to willfully violate its intent (as is done with SOX), but it would stifle innovation. The basement-dwelling startup or the small, growing company cannot afford to get cute with the rules. The cost of compliance would be so high their focus would be on simply keeping their head above water.
In that case, nobody wins.
MUSIC BOX
Somebody's Watching Me by Rockwell
This is one digging deep – all the way back to 1983. But there is no better song title to draw from for this post. We have come a long way since the early 80s. Watch the video for the song. At the time, I thought it was edgy and cool. Now, it just seems campy and tame. I wonder what Rockwell would sing about if he wrote this song today? Perhaps it would be like Big Data’s The Business of Emotion.