How much data privacy can you expect to have?
Very little, experts say, given technological advancements and lagging privacy laws
Staying away from social media such as Facebook and Twitter and deliberately limiting the amount of personal information you disclose online may not be enough to protect yourself from having your private data exposed.
Last week, the mobile phone messaging client WhatsApp came under fire from Canadian and Dutch privacy czars for forcing those who download the app to upload their entire address book.
In a statement, the office of the Canadian privacy commissioner said it had "reasonable grounds" to believe the California-based developer was "collecting, using, disclosing and retaining personal information" of those who had never used the app, but may have given their phone numbers to a friend or contact who does use the app.
Although yesterday was Safer Internet Day, which promotes the responsible use of the web and mobile phones, given that we rely on technology to navigate almost every facet of our lives, how much privacy can we now realistically expect?
Very little, experts say.
It's done so unobtrusively so you can't really tell what data is being accessed by whom, and what they're doing with it.
With social networking sites and communication technology making it so easy for organizations to gather and aggregate information, it is increasingly difficult to stay in control of your personal data, says Andrew Clement, a professor of information studies at the University of Toronto.
"It's extremely hard to do that, even if you are diligent as an individual, if you want to take advantage of the features of smartphone apps and social networking sites... And then also there's a tremendous financial incentive for organizations to do this. [Data is] lucrative for them," he said.
"And they've got an incentive to get it and it's done so unobtrusively, so you can't really tell what data is being accessed by whom and what they're doing with it."
Privacy laws hard to enforce
Although there are laws and watchdogs such as Canada's privacy commissioner in place to protect Canadian citizens, the rules are not always enforced, Clement added.
"The privacy commissioner really doesn't have any teeth, and they can't fine these organizations," said Clement. "They have rather limited ability to take any sanctions, and this is a weakness in the law."
Scott Hutchinson, manager of external communications for the Office of the Privacy Commissioner of Canada, said the Privacy Act, which applies to federal departments and agencies, "has not been substantially amended in more than 30 years and, as a result, citizens have little mechanism for redress when things go wrong." He says the federal privacy law for the private sector "is also well overdue for an update."
Ann Curry, a professor of information sciences at the University of Alberta, says communication technology is evolving fast, and the laws and mechanisms available to keep it in check are lagging behind.
"The new technologies are outpacing what we do and governments are notoriously slow at putting public policy in place. And commerce is just leaping ahead," she said.
The controversy over WhatsApp is just the most recent incident in a string of publicized privacy threats.
On Jan. 24, a group of journalists, privacy advocates and internet activists called for software giant Microsoft to regularly release a report outlining information requests it receives related to its internet telephone service, Skype.
The group wrote an open letter asking Microsoft for greater transparency, including disclosing which governments have requested information, what type of data was requested and the details of all user data Microsoft and Skype currently stores. Google and microblogging site Twitter already release their own regular transparency reports.
A leading privacy expert last week also sounded the alarm over cloud computing, warning Europeans that U.S. laws allow American authorities to spy on documents and data uploaded to these virtual servers, the BBC reported.
Going to your local shopping mall may also leave you vulnerable.
Clement, who is also a co-founder of the Identity, Privacy and Security Institute, conducted a study of video surveillance cameras in stores and businesses in the Toronto area, and found most did not follow the rules. Merchants are required to have a sign alerting customers to the camera's use and purpose. It should also display a contact number so people can inquire about how they can obtain a copy of footage that contains their image, Clement said.
To illustrate the lack of compliance with these new federal laws, Clement has offered a $100 reward to anyone who can find a camera that meets the requirements. No one has successfully claimed his money yet, he said.
"The longer this goes on, the more this points to the fact that there is basically no minimally compliant [camera] with the law here."
He added that as video surveillance technology is increasingly digitized, computers can now be used to analyze these images, and identify the people in them using face-recognition software. Businesses may soon be able to alert staff when regular customers come in or market certain products based on their shopping patterns, Clement added.
"This, again, shifts the power away from individuals to organizations … There is a whole set of concerns that aren't visible on the face of it. And I think the risk will grow over time, but more and more people get used to it," he said.
Some willing to trade personal info for free services
Sidneyeve Matrix, a media professor at Queen's University in Kingston, Ont., said Canadians can expect that privacy will be "commodified and compromised at every opportunity."
But she says she is willing to give up a bit of it in exchange for services, such as email.
"Our data is so valuable. There's two sides. I may trade some of my data in order to use something like Facebook or trade to get better Google search engine results. I may opt into Foursquare to get a free coupon. These are choices that I'm making, and I know the price I'm paying."
She's not alone in her view.
A 2010 study commissioned by the European Union found that 74 per cent of Europeans said disclosing personal information was a part of modern life.
About one-third said that disclosing personal information was not an issue, and 29 per cent said they did not mind giving up personal data in return for free online services, such as email.
But there was a clear divide among the generations. Roughly 43 per cent of Europeans surveyed between the age of 15 and 24 who were born and raised with digital technology said that disclosing personal information was not a big deal, and 48 per cent of this age group said they did not mind disclosing their info in return for free services online.
Still, about 70 per cent of Europeans surveyed said they were concerned that their personal information was being held by companies and may be used for a purpose other than that for which it was collected.
Only 7% of Canadians read privacy policies
About 6 in 10 Canadians said they felt they had less protection of their personal information in their daily lives than they did a decade ago, according to a 2011 study conducted by the federal Office of the Privacy Commissioner.
About 55 per cent of Canadians said they had privacy concerns related to social networking sites. But those who actually use these sites seemed less worried – 45 per cent of them were concerned, compared to 66 per cent of non-users.
Despite their worries, just seven per cent said they read the privacy policies of the websites they visit.
"Most of us don't read the terms of service," said Leslie Shade, associate professor of information studies at the University of Toronto. "The terms tend to be written in very convoluted, legalistic fashion. They're very long, and they're also incomprehensible. So, there's very few social media platforms that have good terms of service."
One example is the recent uproar over Instagram's proposed changes to its terms, which had users worrying their photos would be used in advertising. The photo-sharing app said it didn't intend to sell customer's images in that way, and changed the wording to "eliminate the confusion."
"Are we adequately informed of the consequences? The short- and long-term consequences?… I don't believe we are," said Clement. "We are not in a position to make informed judgements. We just close our eyes and click 'Accept.'"
Clement likened the issue of data privacy to societal attitudes on environmental degradation and waste a few decades ago, when people knew very little about how the garbage and greenhouse gases would affect the environment. It wasn't until after it became apparent that our actions were polluting the environment that people took action.
"I think we're in a similar situation. We're now treating the information ecosystem as a kind of a carefree waste zone or open ground where we can just leave our information around, and we don't have to worry about it," said Clement. "It doesn't come back and bite us immediately."
But with information being collected from hundreds of millions of app or social media users, Clement said, "you are potentially creating a dangerous ecosystem.
"That information is now out of our control, individually and collectively," he said. "And there are quite a number of ways that can be abused."
In addition to being as careful as possible when signing on to these services, Curry said, people need to push harder for governments to put strong measures in place to protect users.
"I think that laws, legislation, policy only really come about when the citizens push. And I don't think that for governments right now, particularly the Canadian government, this is high on their agenda … I still think we have unrealistic expectations of a security bubble around our data."
With files from Canadian Press