Protecting privacy when using apps
Smartphones and apps offer us many benefits, entertainment and convenience. From maintaining social contacts to navigation, mapping of physical performance and online payment options. But also many new things: identifying songs with Shazam or measuring your heart rate. The numbers do not lie: we download an average of 37 apps per person every year. All the benefits come with a price, however: a loss of privacy. You pay for these (almost) free services with your data. Without being able to do something about it, and often even without knowing about it.
The Dutch Data Protection Authority (CBP) recently concluded in a report that this is "in conflict with European privacy laws". Partly because of this report, the discussion about apps and privacy resurfaced in the media. And rightly so, because the consequences of uncovering these data can be far-reaching.
Obviously, apps need information in order to function. Your address book to chat, or your bank account to make payments. This is how developers can create new services. But that's not all. Unasked and unnoticed, location data, surfing and phone behavior are recorded, likes and photographs collected and stored. The information will be saved on servers in the United States, where the rules on privacy and ownership of data are less strict. So it can happen that your data is being be sold to commercial companies. A goldmine for marketeers to place targeted advertising campaigns and thus increase their sales significantly. Big Brother, who knows and sees all, is Big Business.
What your likes show
Personal information is even more valuable when combined with various other sources and smart algorithms, creating a very detailed profile. Click behavior can be used to deduce whether you have a partner, what your sexual orientation is and if you adhere to a specific religion. Thanks to the GPS receiver in your phone, it is visible where you work, what route you used to get there, when you're walking the dog or are on vacation - and thus not at home.
The insights and opportunities that arise by combining data are virtually endless. For example, individuals who use a service like 'TicTrac' gain new insights about themselves, but also for companies that can send targeted advertising. And governments can find out whether you live together with someone and therefore are receiving an unwarranted benefit. Does your profile reveal that you are sensitive to certain addictive substances, or that one of your parents is deceased by a hereditary disease? Getting that an insurance can suddenly become a lot trickier.
We are often unaware of the dangers that information sharing entails. It seems that commercial app-makers and governments are doing their best to keep it that way, by formulating incomprehensible conditions and regularly updating them. Often there is not even a clear contact to be found. You may wonder whether all these legal terms are really necessary. Can one not just put these on one A4 sheet? That must change.
There are already initiatives that seek opportunities for such a change. Initiatives like "Unlike Us", founded by the Institute of Network Cultures of the University of Amsterdam. A group of artists, designers, scientists and developers is going to to work on the development of privacy-aware social media. They met on 22 and 23 March to make the first steps towards this future. While it is good thing that they are working on alternatives, the fact remains that this is a responsibility for end users too. For all of us. We must realize that everything we (un)consciously share through our devices, may end up on the street.
In an ideal situation, apps and their creators shouls collect as little personal information as possible and provide a clarification about the data they collect and with whom they share it. European politicians should set strict rules regarding the collection, storage and combining of data. End users should be able to more efficiently study the conditions before, during and after an app install, so they can make an informed choice and optionally later revoke it.
Classifying apps in categories (from 'All data is public' to 'privacy proof' for example), could possibly help. But there are quite a few snags in establishing such a label. How do you ensure that all parties are (kept) involved? How do you get everyone in the same direction as there are such conflicting interests? What are the conditions we find that apps and social media must meet when it comes to our data? And perhaps most importantly, when do we find something 'privacy proof'? Only when we have clear answers to these questions, we can work to ensure appropriate solutions.