Reading Time: 8 minutes

Online Privacy 2019: Experts'Insight

With the rise of scandals related to online privacy invasion and data manipulation, we have witnessed multiple awareness campaigns for an individual user regarding data protection. The implementation of privacy laws – EU General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act (CCPA) in California U.S., are an abstract of the much comprehensive matter for online privacy in 2019.

Although in 2018, the lawmakers raised concerns over the user data handling by big data companies such as Facebook and Google, many questions were left unanswered. These companies also received backlash from the general public for violation of their data privacy.

So, to assess how 2019 is going to fare in regards to the privacy and data protection laws, we reached to some experts and influencers of the industry. We asked them two basic questions:

a) In 2019, do you think an overall approach for individual’s privacy would witness a genuine atonement?

b) Should we expect anything sustainable regarding the protection of user data or more gimmicks?

We believe, this article will enable you to know better about the efforts by the lawmakers, big data companies and governmental institutions regarding online privacy future. Here is what our experts have to say about online privacy in 2019:

Experts’ Views About Online Privacy in 2019:

Dr. Eric Cole

Dr. Eric Cole

Cyber Security Scientist. Former CIA Analyst. Obama Cyber Security Advisor. Former SVP & CTO at McAfee. InfoSecurity Hall of Fame Inductee.

Actually, monitoring and surveillance are on the rise, and the government does not seem to be very concerned about our privacy. The government is holding a lot of hearings, and people are becoming aware of the continuous monitoring by social media, vendors, and third parties. But the focus seems to be more on the blame game than any actual atonement. In many cases, people are agreeing (without realizing it) when they sign up for services that they are consenting to monitor and use of their private data. In reality, there might be some ethical boundaries; there are not any legal lines that are being crossed. The main problem that is evident in the government hearings is that the people passing laws have no clue about technology and how it works.

However, U.S. lawmakers seem more concerned about arguing and fighting than doing anything to help protect U.S. citizens.

The fundamental problem is really around the word ‘free.’ An entity that provides a free service must make money. The only way to do that is to use personal information for marketing purposes. Customers need to recognize that ‘free’ is not free, and with free, their personal information is the product that is being exchanged.

Thanks to the EU and the passing of GDPR, U.S. citizens are getting some level of protection in cases where companies have databases of international citizens. GDPR is slowly being enforced, and companies are taking it seriously, so that is offering some protection. However, U.S. lawmakers seem more concerned about arguing and fighting than doing anything to help protect U.S. citizens. While cybersecurity is a top concern to our nation, we do not see a lot of focus. Besides some hearings that are no more than a dog and pony show, it seems the U.S. is more about gimmicks that any real protection of its citizens.

Anne P. Mitchell

Anne P. Mitchell

Attorney at Law. CEO/President, Institute for Social Internet Public Policy. Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose. Author: Section 6 of the CAN-SPAM Act of 2003.

I do believe that the overall approach to individual privacy – particularly online privacy – will start to be taken more into consideration and more seriously by businesses (again, particularly online businesses, and businesses with an online component).

I think that broad but highly specific data privacy laws will be lasting. They likely will be tested in court, but I believe they will stand, at least in part.

That said, I also believe that in large part, it will be because evolving privacy laws will force the change, not because businesses are generally growing more of a privacy conscience. Also, consumers are starting to become more aware of just how at-risk their personal data is, and also of just how much of their data organizations are storing, especially large organizations.

More than 4.5 billion data records were exposed in just the first half of last year, and over 24 million sensitive records were exposed last month in just the U.S. alone. With each new data breach, consumers are slowly coming to realize that every time they provide sensitive personal information to any entity, that data could end up being exposed. As a result, consumers are increasingly demanding data privacy protection.

I think that broad but highly specific data privacy laws will be lasting. They likely will be tested in court, but I believe they will stand, at least in part. Take the EU’s General Data Protection Regulation (GDPR), for example – the law is incredibly detailed (in fact along with its prefatory language it runs to about 100 pages).

There may be parts of it that will be struck down. Such as its bold statement about enforcing it against, “all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

But there will also be parts – probably many parts – which will stand, and which will even become the model for other countries.

Similarly, California’s new California Consumer Privacy Act of 2018 (CCPA) which goes into effect on 1 January 2020, is highly specific. And, I believe that they mean to enforce it (you can see the explanation here, in case you are not familiar with it).

Both of these laws are serious efforts to clamp down on data privacy violation and to protect the individual consumers, and so will be lasting.

Andrew Selepak, Ph.D.

Andrew Selepak, Ph.D.

Media Professor, Department of Telecommunication & Director of the Graduate Program in Social Media at the University of Florida.

We will have less online privacy before we have more. While we think of most of the online technology as free, we are paying with our personal information. When we do anything online, we are providing websites, social media platforms, and third parties access to tremendous amounts of information. Such as: our location, our browser, browser language, IP address, what we look for, and what we search for online. And, all of this information can be connected back to our online and offline activity. Everything is digital now. We use our email to check our bank statement and use our rewards points at the grocery store. Google Maps tracks our every movement, and our smart home devices are always listening.

...it will soon only be possible to protect your data by going off the grid or if enough of the population finally forces the politicians to do something.

Most people don’t even realize how much personal data these companies are collecting about them on a daily basis. Many don’t even care to know instead preferring to be blissfully unaware or under a misguided belief that nothing negative can come to them based on their online activity. Without an uproar from the people, politicians will not act to prevent companies from collecting more data on us. Why? Because not only are politicians getting campaign contributions from the tech companies that are collecting our data. But politicians are also using this data for either national security reasons to monitor citizens. Or, for their political campaigns to target voters with their messages at a cost much cheaper than traditional mass media.

Essentially, the people don’t care enough to protect their privacy, and the politicians are not motivated enough to do anything about it – at least not in the United States. While the European Union and countries in Europe might try and combat tech companies from collecting information about us, tech companies will find ways around any new toothless laws passed by the EU because their entire business model revolves around collecting our data. Facebook makes money off selling advertising. And, they can only do this if they are collecting information about not only everything we do on Facebook and Facebook products but from all of our online activity even when we are not using Facebook. Netflix can only suggest programming based on our interests if they collect data on what we watch and what others watch who are similar to us with similar tastes.

And, while as individuals we can do small things to try and better protect our privacy like using a VPN, using Duck Duck Go for searches, or not signing up for reward programs based on our email or phone numbers, there is not much we can do. As the world increasingly goes digital with digital money, GPS, social media, online medical records, online banking, and automated vehicles, it will soon only be possible to protect your data by going off the grid or if enough of the population finally forces the politicians to do something. Both, however, seem unlikely any time soon so long we continue to either not know or not care.

Magnus Steinberg - SurfShark

Magnus Steinberg

Chief Technology Officer for SurfShark

A core issue with the term “individual’s privacy” in today’s world is principally philosophical. It is difficult to define an individual’s privacy or at least where are the realms of it. In other words, people have not yet agreed where privacy ends, while the level of discussions about this matter differs across societies. For this reason, sadly, the atonement will hardly ever be genuine. More likely, it will be happening slowly over many years to come.

...the sooner our societies reach the critical point of understanding that privacy is a human right and not a privilege, the earlier it will take the route of sustainability.

Nevertheless, slow atonement has already been happening. A good example is GDPR in the European Union. The law that is enacted and implemented with an intention to protect the privacy of individual citizens. There have also been similar developments in other countries over the last couple of years. So, we may firmly project that this tendency will continue.

As for the people, we have witnessed growing concern about the value of personal data. And the reason that triggered this concern is the constant circulation of news about data exploitation and breaches. The rocketing market of VPN services is a perfect illustration of how the approach to individual’s privacy is changing as more and more people around the world are getting themselves easy-to-use software products to protect their digital lives.

We should suspect that the path to defining and safeguarding an individual’s online privacy will be winding. There will be both positive and negative moments, and we can only hope that the former will dominate the scene. Nevertheless, since user data protection is directly dependent on political determination as well as institutional preparation, which takes time, it will hardly become sustainable in the upcoming years.

That’s why it is important that companies working in the field of user data protection invest their time and effort into educating people. Educating them about what is happening or might potentially happen to their personal information if it is not protected. In other words, the sooner our societies reach the critical point of understanding that privacy is a human right and not a privilege, the earlier it will take the route of sustainability.

Attila Tomaschek

Attila Tomaschek

Digital Privacy Expert for ProPrivacy.com

With the seemingly constant occurrence of large-scale data breaches and major cybersecurity oversights these days, the issue of consumer privacy is quickly coming to the forefront of public consciousness. Cybersecurity advocates, lawmakers, and now ever more increasingly, some of the most influential tech executives are bringing necessary attention to the weight of the issue and calling for stronger data security legislation and greater accountability for organizations collecting and processing consumer data.

We can’t expect that a massive change will happen overnight, but the path towards genuine privacy protections for consumers is indeed flaring up.

Tech companies for far too long have been able to act with impunity with regards to how they handled customer data, which naturally led in many cases to gross mismanagement of that sensitive data in favor of attending to the bottom line. These days are mercifully coming to an end. Organizations, in general, are now much more aware of the importance of properly protecting consumer data than they were maybe even just a few years ago. Whether it’s pressure from lawmakers or influence from privacy advocates and others in the industry, tech companies are starting to get serious about protecting consumer data privacy, and that’s a good sign.

Some organizations, however, are a bit slow to come around to the idea that protecting consumer privacy should be their top priority. Leading video conferencing software provider, Zoom recently found itself in hot water with privacy advocates following its bizarre downplaying of a serious vulnerability in its application. The application has a security flaw that allowed a remote actor to enable Mac users’ microphones and cameras automatically. In another recent revelation, the Florida Department of Motor Vehicles was exposed for selling Florida drivers’ personal information to dozens of third-party private entities including data brokers and marketing firms without drivers’ express knowledge. Though these types of security gaffes still certainly abound, consumer privacy protection, on the whole, does seem to be heading in the right direction. We can’t expect that a massive change will happen overnight, but the path towards genuine privacy protections for consumers is indeed flaring up.

The notion of data privacy is finally getting the attention that it deserves. Consumers are no longer willing to put up with corporations mishandling their sensitive data. Lawmakers and privacy advocates are calling for robust data protection regulations and greater accountability for companies that collect and process user data. Even some of the biggest names in the industry the likes of Mark Zuckerberg, Bill Gates, and Tim Cook have all in one way or another shown support for increased data privacy regulations, transparency, and accountability. That speaks volumes, especially at a time when data has arguably surpassed oil as the world’s most valuable resource.

It took a rash of recent major data breaches and embarrassing security blunders involving some of the biggest corporations on Earth, but positive and meaningful change is now happening in many corners of the world with regards to digital privacy. Last spring, the European Union enacted bold and sweeping data privacy laws via the GDPR. In the United States, the state of California followed with its own Consumer Privacy Act that affords consumers in California similar protections as those afforded in the EU. The states of Maine and Nevada have also enacted similar data privacy regulations, with more than a dozen other states having proposed their own privacy legislation.

While it is commendable that several individual states have stepped up with meaningful action to protect the digital privacy of their residents, what the U.S. lacks is a comprehensive federal data protection law that would cover all consumers throughout the entire country. Several lawmakers have already floated federal privacy regulation proposals, but none have yet gained any significant traction. Comprehensive federal data privacy legislation would be more effective for both businesses and consumers than a patchwork of individual state laws. And, that is something lawmakers in the U.S. are ultimately hoping to make happen. Nonetheless, the work being done in Europe and the U.S. is encouraging and shows that progress is indeed being made towards establishing consumer data protections that are successful and sustainable. Going forward, we can expect continued progress from both legislators and corporations in committing to strengthening the protection of consumer data privacy rights.

Steffan Heuer

Steffan Heuer

Co-Author: Fake It! Your Guide to Digital Self-Defense. U.S. Correspondent, brand eins Wirtschaftsmagazin

Even though Google and Facebook now claim that online privacy matters and is supposedly at the core of their business in 2019, more than ever, consumers and citizens need to take matters into their own hands. That means we all need to practice smart digital self-defense and take our business to companies that offer products and services designed around data ethics.

While lawmakers struggle with what to do, companies are still grabbing all the data they can.

The fact that large platforms have embraced a concept they claimed was dead for so long speaks volumes. They have realized that politicians and regulators will hold them accountable and impose fines or might even discuss breaking them up. The EU’s GDPR and CCPA in California are two milestones of what’s to come. While lawmakers struggle with what to do, companies are still grabbing all the data they can.

In this gray area, the individual has the opportunity and obligation to withhold data, obscure data, and encrypt data. In daily life, that means abstaining from platforms that are built around tracking and selling off our digital identities (Facebook, Google), avoid technologies that beckon with convenience but are inherently insecure (Amazon Alexa), and be wary of what’s touted as free for mobile devices. Apple is one of the few big companies that has managed to put out a consistent message and followed through with continuous improvements on behalf of its customers.

Sustainable changes in matters of privacy happen all the time yet are to most of us inconspicuous and incremental. Then something big happens to change the debate. 2019 promises to deliver on both.

One, the public is finally sensitized and angry enough for lawmakers to act (think facial recognition, addressing privacy fails by design at the big platforms). Second, beneath that discussion, we see many improvements and tweaks that are not gimmicks but change our bargaining position when it comes to data transactions with big entities. More and more browsers let you block most cookies, tracking scripts and even device fingerprinting attempts by default. Alternative search beyond the Google monopoly has become a standard-setting. App stores are cracking down on apps that skirt permission settings (iOS 13 and Android Q). End to end encrypted communications are booming; even WhatsApp is now partially on board. And finally, a new crop of startups that emphasize data ethics are here to stay, often coming out of Europe.

So, I don’t see the year dominated by gimmicks but tangible change, driven by tech under siege and lawmakers waking up.

Do you think your Online Privacy is protected in 2019?

As per our experts, there is a still a long way to go for effective laws and adequate protective measures to be implemented regarding online privacy in 2019. Plus, it’s not just about the policy-makers and lawmakers; it’s also about our responsibility as a user. Despite all the commotion regarding user privacy and data management, we, the users still haven’t learned from the eye-opening and shocking revelations of information manipulation and incentivization. We must understand that with the usage of mobile apps with more intrusive access permissions, we are increasing the risk of our privacy violation. It is preferred that we act vigilant on our part.