In an era of unprecedented data collection, taking control of your data has become a critical yet daunting challenge.
You might be surprised to learn just how much personal data is collected about you online, even without your explicit consent.
Speaking to Infosecurity, Dr Valerie Lyons, COO at BH Consulting, noted that it is not just the data you voluntarily hand over that is collected by websites and applications but also location, browsing history, the devices consumers use to access these systems and inferred personal data such their personal relationships or sexuality.
As a result, taking control of your data can seem like an “insurmountable” task, said Alexander Linton, President at Session Technology Foundation, a Swiss foundation dedicated to promoting digital innovation and digital rights.
“A lot of people never get started because they feel overwhelmed by the state of 'big tech'.”Alexander Linton, President, Session Technology Foundation
“It is very difficult to opt-out and delete everything all at once, so start with small steps that are manageable for you,” Linton said.
Lack of Transparency on What Happens to Your Data
Lyons pointed out that many privacy and ‘opt-out’ policies are unclear, making it difficult for consumers to understand or control data collection.
Meanwhile, there are many misconceptions about how consumer data is used, according to Professor Oli Buckley, a Professor in Cyber Security at Loughborough University.
He noted that despite deleting an account, or the app, data can still be held by a particular organization in line with data retention policies, which vary from company to company.
He warned that these issues persist regardless of the size or status of the organization.
“Consumers often assume that a bigger company means that they (and their data) are much safer, which leads to people placing a lot of trust with large social media companies like Meta or retailers such as Amazon. There’s a common thread running through the top companies in the world in terms of profitability – they all make their money in data,” he explained to Infosecurity.
Buckley highlighted that even “fairly innocuous data” can be used for profiling and targeted ads.
Industry-leading data privacy experts Infosecurity spoke to shared advice on how you can take control of your data today.
Tips on Taking Control of Your Data
Limit the Data You Share with Online Services
Almost everything online requires you to enter your name and email address for access, sometimes going further to request your data of birth and asking to activate your location on your device.
“Signing up for new online accounts can expose your data to unnecessary risks, but a few proactive steps can make a big difference,” Buckley said. “Be wary of ‘free’ services, if you’re not paying, your data is likely the product. Avoid handing over unnecessary personal information like your phone number or address unless it’s absolutely essential.”
Dr. Micah Altman, Social and Information Scientist, MIT & senior member, ACM at Association for Computing Machinery, noted that one of the biggest threats to consumer privacy is the “invisible risk creep” as apps and online services collect personal data.
“When it comes to protecting your personal information, you should put the least trust in free services - and the most trust in organizations that have a direct fiduciary duty to you,” Altman said.
He emphasized that consumer-friendly apps will only ask for information when absolutely necessary to provide a service and will not hold it any longer than needed.
Altman urged consumers to continuously ask whether individual apps and websites really need the data they are requesting, such as weather apps requesting access to your GPS location 24/7.
““Be choosy in granting access to data -- and delete information, apps, and accounts that you are no longer providing you with value,” Altman explained.
Finally, Lyons said consumers should regularly review and revoke unnecessary app and service permissions.
Know Your Data Privacy Rights
Laws like the EU’s GDPR and the UK’s Data Protection Act allow you to access, correct or delete your data.
Most companies should have a privacy policy on their website which provides instructions on how to submit a request to find out what data they hold relating to you and how that data can be deleted.
“If they don’t respond or comply, you can escalate the issue to a data protection authority like the Information Commissioner’s Office (ICO) in the UK,” Buckley said.
Unfortunately, in the US comprehensive federal privacy laws are still lacking. This means the burden falls more heavily on consumers to be mindful of what data is being shared and implementing privacy tools that can help safeguard it.
Leverage Security and Privacy Tools
There is a plethora of tools that consumers can use to help them manage and protect their data.
Altman advised that consumers should use services that build in privacy from the beginning.
“Encryption-based tools like secure browsers or privacy-first search engines are no longer for the tech-savvy -- they’re a necessity,” he said.
Meanwhile, Linton highlighted the need to adopt good security and privacy habits. For example, exploring the use of password managers and ensuring all of accounts have securely generated, random, and unique passwords.
Lyons also suggested installing advertising tracker blockers to limit data collection.
It is also important that consumers take privacy and security considerations into account in regard to the applications and technology that they use the most and make changes accordingly.
For example, if you spend a lot of time messaging friends and family, you should consider using messaging apps that place a big emphasis on data protection, such as Signal and Session, Linton noted.
“If you spend a lot of time browsing the internet, look into which browsers best protect your privacy — many of them will also have additional settings and optional plugins that can increase your protection even further," he advised.
Conclusion
Consumers must be empowered to take control of their data. Without the knowledge of where their data is and whom it is being used by there are risks that many individuals could have their data misused.
Unfortunately, data privacy remains a full-time challenge for consumers as the landscape is complex and data privacy information can be difficult to understand.
“The burden shouldn’t fall solely on consumers, though. Companies and governments have an ethical obligation to integrate privacy-enhancing technologies like differential privacy and encryption into their systems. But just as importantly, we need regulation that reflects the realities of today’s data economy -- where a single digital interaction can cascade into years of data exposure,” urged MIT’s Altman.
By taking proactive steps to understand and control our data, we can reclaim our digital sovereignty and build a more privacy-respectful online world.