I’d hazard a guess that this could be more broadly stated that people world-wide don’t understand how their data is being used by companies and governments, but the basis for this generalization comes from a study published by the US by the Annenberg School for Communication entitled “Americans Can’t Consent to Companies’ Use of Their Data.” A bold statement for a country for whom a large part of their economy is derived from monetizing digital ones and zeroes, but the subtitle tells us the rest of the story: “They Admit They Don’t Understand It, Say They’re Helpless To Control It, and Believe They’re Harmed When Firms Use Their Data – Making What Companies Do Illegitimate.”
Doesn’t exactly roll off the tongue
The survey asked 2000 Americans 17 true-false questions about how companies gather and use data for digital marketing purposes, and if participants were to be graded on the traditional academic scale, most of the class failed, and only 1 person out of the 2000 got an “A”. An example of the type of knowledge tested:
FACT: The Federal Health Insurance and Portability Act (HIPAA) does not stop apps that provide information about health – such as exercise and fertility apps – from selling data collected about the app users to marketers. 82% of Americans don’t know; 45% admit they don’t know.“Americans Can’t Consent to Companies’ Use of Their Data: They Admit They Don’t Understand It, Say They’re Helpless To Control It, and Believe They’re Harmed When Firms Use Their Data – Making What Companies Do Illegitimate.” Turow, Lelkes, Draper, Waldman, 2023.
You should read this paper (or at least the summary), but I understand it if you don’t. Even though it reads easier than your typical academic paper, the topic is uncomfortable for those who have an inkling of what’s at stake, and for most of us, we’ve already resigned ourselves to not being able to do anything about it because we feel powerless to do otherwise. And this is their point – this paper wasn’t written merely as an academic exercise. The authors are basically claiming that because very few of us can understand the variety and extent to which companies collect and use our data, there is no possible way we can give genuine informed consent for them to do so. But unless there are laws that protect us in this regard, American companies can do as they please, and they will do so because their responsibility is not people but to stakeholders, and in this current market, minding everyone’s privacy is not nearly as profitable as ignoring it.
This report now provides evidence that notice-and-consent may be beyond repair—and could even be harmful to individuals and society. Companies may argue they offer ways for people to stop such tracking. But as we have seen, a great percentage of the US population has no understanding of how the basics of the commercial internet work. Expecting Americans to learn how to continually keep track of how and when to opt out, opt in, and expunge their data is folly.ibid, Page 18 (emphasis mine)
As is often the case with academic papers, rarely do the authors take on the monumental task of attempting to solve the issue, but they at least acknowledge that the possible only way to even begin is for our lawmakers to acknowledge this enormous elephant on the internet.
We hope the findings of this study will further encourage all policymakers to flip the script so that the burden of protection from commercial surveillance is not mostly on us. The social goal must be to move us away from the emptiness of consent.ibid, Page 19 (emphasis mine)
Perhaps a letter to your elected representatives asking them if they’ve read this article and have any interest in doing something about it?
Image courtesy of TAW4 at FreeDigitalPhotos.net
Starting in October of this year, pedestrians in Honolulu, Hawaii can be fined up to $100 if they are caught crossing a street with eyes on their cell phone instead of traffic. Coincidentally (and somewhat ironically), I read this bit of news on my phone, in Hawaii, while I was on vacation last week. However, I wasn’t walking so I can’t claim a trifecta. My first, flippant thought was, “How could anyone have their eyes on their phones while walking around one of the most beautiful places on earth?” In my defense, I was catching up with the news on my phone after a long day of specifically not looking at electronic screens, but it got me to thinking about how invaluable my phone was throughout the trip.
Could you take a vacation without your smartphone?
For those of us whose number one work tool is our phone, the answer is reflexively “Yes!”, but only because we aren’t remembering just how thoroughly indispensable the internet has become to destination vacations. Throughout the nine days we spent traversing the island, GPS, online reviews, local weather forecasts and instant access to just about any fact known to man allowed us to really get the most out of our vacation. And several of us had plenty of quality time with phone screens while standing in line, driving from scenic view to scenic view and staying in touch with friends and family who couldn’t be there with us. Could we have done the same things without the aid of such a device? Sure, but it would require a lot more planning, paper and reliance on human memory. On your next trip, make sure you leverage your technology to maximize your vacation, but don’t forget to observe local laws (and customs!) as it might just cost you more than you planned on spending!
Image courtesy of blackzheep at FreeDigitalPhotos.net
Despite the recent setbacks the Republican-controlled congress suffered in the healthcare reform arena, they managed to pick themselves up off the mat and delivered a solid drubbing in another area of consumer interest: internet privacy. Following a 50-48 Senate vote, the House passed 215-205 a “joint resolution of congressional disapproval” of the rules put in place by the FCC in October of last year to govern how internet service providers would be required to handle the piles of data they collect on your internet usage. Implementation of these rules, set to take effect in December of this year, were intended to make sure ISP’s handled your data with full transparency and clearly visible warnings (no fine text agreements) as well as protecting it via industry standard security. Proponents of the bill contend that the FCC overstepped its authority with rules that would be confusing and costly to enforce, arguing successfully that the FTC would be better suited to protect consumer and business interests in this area.
Why should this be important to me?
It’s important to understand a few things:
- Search engines like Google, Bing and Yahoo have been making money off your search history for years.
- ISP’s have probably been doing the same, but have likely been less forthcoming about it than the above companies.
- Your data, however mundane or irrelevant you believe it to be, is extremely valuable to every industry.
- In most cases, you can opt out of a vendor’s usage of your data, but you have to request it. You are opted in by default with most ISP’s and cellular carriers.
- Very few people in the US have more than two choices in internet service. It is essentially impossible to “switch” to a provider that operates with your best interests in mind.
- There are ways to secure your privacy despite your ISP’s practices, but they are fairly technical, not consumer friendly, and definitely not foolproof.
Have a look at how your senators and representatives voted on this measure. For the record, both California Senators and my House Representative voted “Nay” on this measure, but if your congress-critter’s view on this matter did not match yours, you should probably do something about that. Regardless of where you stand on the privacy issue, you should know that despite the FCC ruling last year, the rules they intended to enact never went into effect, and pending the President’s signature, likely never will, at least via the FCC’s hand as this joint measure also specifically forbids the FCC from attempting something like this again – also unlikely in the near future given the new Chair’s deregulation leanings.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Despite industry opposition and a failed first attempt, California’s governor signed into law a bill that requires smartphone manufacturers to install and enable kill switch functionality on all smartphones sold after July 1, 2015. Though California isn’t the first state to enact a killswitch law – Minnesota enacted a similar law back in May – it’s the first to require that the kill switch be enabled by factory default. Opponents of the law were quick to point out that any state’s effort to enforce this capability are redundant, as many smartphones already have this functionality, and it is quickly becoming a standard for all manufacturers. Both Apple and Samsung feature some variation of activation locking that prevents stolen phones from being used, but as the authors of the California bill were quick to point out, having it available and actually enabling it are two different things.
What this means for you:
Even if you aren’t a California or Minnesota resident, it’s possible you already own a phone that has some form of kill switch capability, especially if the device was made in the past two years. Even if you are one of the careful 9 out of 10 people who hasn’t had a smartphone stolen, you should enable any kill switch and anti-theft capabilities your phone has to offer, including putting a passcode of some form on your phone. Misplacing a phone could be just as devestating without it, and even though it wasn’t technically “stolen”, no kill switch means that a less scrupulous individual just got a brand new smartphone for free. You should also enable recovery and theft prevention features on any tablet you own – both iOS and Android offer location and security as standard features of the OS – and keep in mind that California’s law only applies to smartphones, not tablets.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Canadian lawmakers have finally had enough spam in their email boxes and just passed legislation which essentially outlaws all unsolicited commercial emails. If you want to send commercial email to a Canadian, you must have their express consent, regardless of where your company is in the world. At first blush, you may be tempted to say, “Good for them. Fight the good fight, Canada!” and you’d be counted sane to believe this was enacted with good intentions, but we know where those types of roads sometimes lead. As many others have pointed out, this will likely negatively impact the businesses and organizations we do want to hear from, and will have little to no impact on spammers who already ignore laws, ethics, logic, spelling and common sense. Rather than having an inbox filled with all sorts of email, Canadians can look forward to only getting spam from scofflaws. Oh, and a ton of emails from companies asking for their permission to keep their addresses on their lists.
What this means for you:
If you send commercial email to your clients or customers, and some of them happen to be Canadian, you now have to sort them out and get a positive confirmation from them, regardless of whether they had actively or tacitly agreed to be on your mailing list. In other words, you have to send out what is likely to be viewed as an unwanted email to someone who already has too much email, asking if they are OK with you sending emails to them in the future. The fines for violating CASL are quite stiff (up to $1M for individuals), so you can be sure businesses with Canadian customers are taking this very seriously. And this law isn’t just limited to advertisement emails. This newsletter is technically an email with commercial intent, and if I were to send it to Canadians without their express consent, I could be held liable. Is a law similar to CASL likely to be considered in the US? Seeing as our politicians have trouble agreeing on just about anything lately, I’d say we’d only have to worry about the Spam Mounties for the moment.
Image courtesy of renjith krishnan / FreeDigitalPhotos.net