Over the past months, I’ve been reading many posts and articles about privacy breaches, unclear privacy clauses, and the need for improved legislation to protect individuals. I believe the problem and solution lies in transparency.
We all know that there’s no such thing as a free lunch, or a free service, especially online. If it’s free, then you, the information you share, is the currency provided to pay for the service.
The thing is, we don’t really know and understand how much of our “currency” we’re providing for the service.
Imagine you need Fijian dollars for your dream vacation. While it may be difficult to find an exchange that can provide you with the funds, you can quickly check online conversion rates to compare with the bank or whoever will provide the service.
You decide if the exchange makes sense.
When it comes to our personal information, very few of us understand what the data is worth. How much for my name, address, and credit score? Results from my last medical exam?
It gets even more complicated as we’re “buying” different services:
- Social/professional networks
- Fitness apps
- Free online games
A company may NEED some information to provide a specific service or to improve your experience. For example, sharing professional experience on LinkedIn may help you connect with others and land your next job.
However, does LinkedIn need your phone location data? It says it uses it to provide relevant job offers and people near you AND “other information”.
What other information? What’s the benefit?
Going back to our Fijian dollars example, we need to know EXACTLY what information is being collected, and it MUST BE linked to a feature, service, or function. No more policies or statements such as “we may collect”.
The second part is to require all organizations to provide customers with a real-time interface showing the data they’re collecting (real-time and historical). Yes, this would be onerous and complex for organizations to provide.
The alternative: don’t collect personal information, and have users pay for the service.
Third change is to make every organization that collects personal information responsible for tracking it. We can trace food back to the source when there are health issues, but citizens have to track down every “partner” a company shared our data with?
Making organizations responsible for tracking the data they sell. Having it removed when a persons makes the request could drastically change how personal information is shared.
Lastly, require applications and websites to function with a minimal set of information, such as username and password.
EVERY additional piece of personal information should be justified, and a user could refuse to share the information without losing access to the app or website.
The current situation is that it’s an all or nothing proposition: sign-off on everything or you can use our service.
