New ISOC Privacy Tutorials

Well, the annual Data Privacy Day (Jan 28th) has been and gone: how was it for you? Did you follow through on your brief flurry of privacy-related good intentions? Delete your Facebook account? Update your browser privacy plug-ins? (By all means, read these questions in ascending, Stewie Griffin style if it helps set the mood…). “No? Well… you’ve been knocking yourself out… you deserve a break”. ;^)

So, in my supportive way, here’s something much simpler you can do in a few easy, 5-minute bursts. My Internet Society colleagues have launched some online tutorials to help people understand and manage their online privacy, and I hope you will help spread the word. But first, a short digression about why we’re doing this.

For a while now, I’ve been grumbling about the phrase “personally identifiable information”. It has been a useful expression, but I think it has outlived its usefulness, and is now actually constraining our thinking about how to achieve good privacy outcomes for data subjects.

We need to move away from the idea that privacy is achieved by managing lists of the pieces of data that count as “personally identifiable” and ignoring the pieces that aren’t on the list. Privacy is more subtle and contextual than that, and can be impacted by data that is not currently on anyone’s list of PII.

I want to start re-defining PII as “privacy-impacting information”.

If the explosion of social, mobile and cloud-based services has taught us anything, it is that there is money to be made out of ‘big data’, especially when it can be mined for information about individuals’ behaviour, preferences and aspirations. So, if you thought your behaviour, preferences and aspirations were none of anyone else’s business, think again – they are, literally, someone else’s business.

The information in the “information economy” is… us.

We are being bought, sold, and traded in an economy whose workings are almost entirely opaque. Every time we go online, we add to a personal digital footprint that’s interconnected across multiple service providers, and we enrich massive caches of personal data that identify us, whether we have explicitly authenticated or not. Your digital footprint is invisible to you – and it’s really hard to manage something you can’t even see.

That may make you feel somewhat uneasy.

So, here are some simple and realistic privacy steps for all of us. Try them – you’ll feel better:

First, let’s revisit our assumptions about the online “bargain”

  1. Online transactions (whether retail or social) are seldom a two-party affair these days. Who else is in the transaction chain? Does a social networking service see all your private messages to your buddies? Is a retailer selling your purchase history to advertisers?
  1. There’s no such thing as a free service. More often than not, we pay by giving up information about ourselves, without appreciating its value. Understanding the bargain is key.
  1. Often these costs fundamentally change our online experience. Yes, you may get personalised recommendations – but are you also being offered (or denied) services because of data the service provider passed on to a third party? Are you being offered higher prices because of the brand of laptop you use?

Second, let’s take time to reflect on our privacy values

Our behaviour is driven by our values. When we value convenience over privacy, we set our priorities accordingly. Until we adjust the value we place on privacy, the steps we can take to preserve it will continue to seem like an inconvenience to be put off until later.

Third, let’s take some small practical steps in the right direction

The first step towards protecting our digital footprint is to learn more about it.

The Internet Society has developed three interactive tutorials to help everyone learn more about their digital footprint. Each lasts about 5 minutes and is aimed at helping all of us become more aware of how we disclose information and how we can keep it more private. Please take a look, and forward them to people you think would find them useful.

After all, if we are the currency of the new economy, shouldn’t we have a say in what we’re worth?