Once again, it's International Data Privacy Day, and I am, as ever, unclear on the proper greeting.
"Happy International Data Privacy Day?" "Merry International Data Privacy Day?" Perhaps it's fitting to wish friends and family a private International Data Privacy Day.
Avner Levin clears things up for me.
"'Happy' is what I hear people use more often than not," he explains. "Of course, there would be some irony to that this year."
Levin is the director of the Privacy & Cyber Crime Institute at Ryerson University, which is hosting its own Data Privacy Day event.
"The goal is to raise awareness," Levin says of the annual event.
But I have to wonder: is a lack of awareness really the issue?
From the Edward Snowden revelations to data breaches at retailers such as Target and Michaels, the privacy of our personal information has never felt more front-and-centre. We're starting to see what bad privacy news looks like on a large scale.
Research suggests two-thirds of Canadians have "a significant level of concern" about their personal privacy. But somewhere between concern and action -- actually doing something to improve privacy -- there's a breakdown.
In the abstract, Canadians seem to feel that privacy matters. At the same time, we don't read privacy policies. We use terrible passwords. Many of us don't adjust our privacy settings from the defaults.
Disconnect between awareness and action
"I don't know that awareness is really the problem," says Levin.
"We've been raising awareness for several years. People in the privacy sector -- advocates or commissioners -- they're always thinking that awareness will be followed up by activities. But that's where the chain breaks."
So why is it so difficult to translate awareness into action? Perhaps it's the intangibility.
"People don't feel the impact on their daily lives," says Levin. "There is no immediate impact. There's no consequence for the lack of taking action. People don't see what difference that would make in their lives."
Intellectually, I understand that I regularly hand over huge amounts of personal information to tech companies. But it's hard to work through exactly what that means for my day-to-day existence.
What's more, being told to check your privacy settings can feel a bit like being told to eat your vegetables. Or take your vitamins. Or backup your hard drive.
"'Enough already,'" says Levin, echoing a weary consumer. "'I heard you a hundred million times. I'm acting to the best of my abilities.'"
Finally, I think part of this has to do with our desire for easy answers. We want a set-it-and-forget-it solution to our online privacy. But of course, no such thing exists.
Data privacy can be complicated, and requires constant vigilance. The absence of a silver bullet can make it easy to throw your hands in the air and say, "I give up."
Given the complexity of managing your online privacy, is it reasonable to expect individuals to keep track of all the privacy settings and behind-the-scenes machinations of data brokers?
Clearly, there's a certain level of personal responsibility here. If you hand over personal data to a company, and they do something you don't like with that data, that's partly on you.
However, Avner Levin thinks it's unrealistic to shoulder individuals with all that responsibility.
"I don't think that the answer is to berate the individual all the time about what they should be doing," he says.
That's why he's calling for increased powers for the federal privacy commissioner, something former privacy commissioner Jennifer Stoddart called for in 2011. He wants the privacy commissioner to be able to look into how companies handle personal data without the need for a complaint first.
"Give them the power to order companies to do something," he says. "And if they don't comply, [give them the power] to impose fines or sanctions like some of their provincial colleagues have here, and like some of, or most of, their European colleagues have."
According to Levin, federal oversight is the way forward for data privacy in Canada. He believes leaving it in the hands of individuals won't compel companies to change how they handle personal data.
Personally, I plan to celebrate Data Privacy Day quietly, spending a few minutes reviewing privacy settings on the social networks I use.
I've already checked Twitter, and found two checkboxes about "Personalization" and "Promoted content" that I don't remember turning on. I've adjusted those accordingly.
I'm also going to review which apps are authorized to use my accounts. After years of granting apps permission to use my Facebook and Twitter accounts, things are starting to get a bit crufty, so I'm going to tidy things up and remove the apps that I don't use anymore.
I'm also going to spend some time on the Canadian Access to Social Media Information website, to read up on the privacy policies for the services I use.
Finally, I'm going to resist the urge to tell other people they should do these same things. Because that would be like reminding you to eat your vegetables.