Data protection: The price of convenience

Do you remember when the transition happened from using technology as a tool confined to the workplace to it becoming a convenient tool that we carry around all the time? It didn’t happen overnight but in that period of transition we gradually enabled the erosion of our privacy by silently acquiescing to the drive for interactive devices: devices that enable us to talk to each other freely, to track what our friends do or where they go, and allow us to navigate to shops we have never been.

The impact of silent acquiescence

Today we crave the ability to check emails on the go, get weather reports at our fingertips and read news of all kinds at a button’s touch. All this came seamlessly but, unknown to us all, it came at the price of our privacy.

To try to keep up with the speed of technology, the European Commission released its draft of the proposed Data Protection Regulation legislation in early 2012 with the aim of strengthening and safeguarding our online privacy rights. But does the European Commission speak for each and every European citizen when it comes to what has become the almost fundamental right to use laptops, tablets, mobile technology on a daily basis?

Economic realities of regulation legislation

There are elements of the proposed new regulation that impose more obligations on the data controller and data processor to ensure the safeguarding of personal data. This extended scope also impacts non-EU companies that control or process the personal data of EU citizens. Such companies may soon be subject to the new law. Furthermore, the proposed Data Protection Regulation limits the ability of companies to profile users of its services automatically, requiring the prior express consent of such users.

But from an economic perspective the reality of companies endorsing a proposed regulation may stifle business growth and profitability, which leaves many businesses concerned.

The fact is that in order for any of our current technology devices to work we have to compromise our personal privacy. For example, we allow app providers to download and acquire full network access for our mobile devices to the point where we accept these without questioning it.

As we look to bolster our privacy under the shadow of the EU’s continuing debate on the new Data Protection Regulation, the overriding principle seems to be that users need to explicitly consent to the use of their personal data. The question remains: should the obligation on the service provider be limited to engaging in tick-box exercises or should the service provider have an obligation (whether legal, moral or ethical) to explain to users exactly what is captured and what data collected is used for (as opposed to hiding all this in its privacy policy).

Is it time to question access privileges?

Privacy policies tend to capture this information but in a broadly generic way such that the user is no more informed reading it than not. Have you ever questioned why the app provider needs full network access and permissions to your device and what this means in practice? Certain software changes are required to make the app accessible but why do a high percentage of apps require full access to your contact list, calendar or even the operating system on your device? Should we as consumers be content when some service providers may scan our emails and use the information gathered for their own commercial purposes? Should the choice just be ‘don’t download the app if you don’t like the terms’?

Let us briefly consider how this impacts us in the workplace and why we should be concerned. With the increase in Bring Your Own Device (BYOD), employees should consider that when you choose to use your personal device or laptop as your work machine you may be opening up your personal data for your employers to see. Employers don’t want their staff leaving with company data, and employees equally do not want their bosses nosing in on their personal data. There is no current platform that sandboxes or contains the data to be distinguished.

IBM’s acquisition of Fiberlink was apparently aimed at bringing privacy by design to the world of BYOD. It will be interesting to see whether IBM buying this privately held mobile management and security company will further promote BYOD in the workplace. Furthermore, for apps downloaded onto a mobile device, IBM hopes to automatically vet those apps that request unnecessary access to contact lists, calendars and the like.

Share this story

Close
Menu
Send this to a friend