Whether browsing online for clothes or catching up on the latest news, we’ve all had that unwanted internet cookie pop-up appear. At face-value they may seem harmless, but cookies are a goldmine of private information, posing a serious risk to your data privacy. Today, consumers face a new predicament surrounding attitudes toward their valuable data. When personal data is stolen by a cybercriminal, that offense is the online equivalent of a physical robbery, but the severity of data theft is being overlooked.
From a regulatory standpoint, concerns over data privacy have prompted stricter actions from governments and organizations globally as they try to grapple with the challenge of striking a balance between data security and user privacy. Now, in response to increasingly sophisticated criminal tactics, there must be a shift from slow, reactive regulation towards adopting more proactive strategies that both anticipate and mitigate against potential risks. This will be key to shaping a secure, privacy-conscious future.
‘The Digital Specter’
Put simply, digital advancements in areas like data processing practices are outstripping the ability of data protection legislation to keep up. As technology advances, cybercriminal tactics are evolving at an alarming rate, resulting in increasingly sophisticated methods of exploiting personal information. When personal data is mishandled or insufficiently protected by a company, this leaves an open invitation for a ‘digital specter’ to infiltrate, extract, and exploit data, turning our digital landscape into a vulnerable playground for threat actors.
This has led to an increase in identity theft, financial fraud, and other crimes being committed against consumers. In 2022, over £1.2 billion was stolen by criminals through fraud — this is the equivalent of over £2,300 every minute. It’s no surprise, then, 97 percent of people are concerned about cybersecurity threats, including data breaches, identity theft, and personal information exposure.
Mission impossible?
In the pursuit of a safer digital landscape, several regulatory measures have been put in place, most recently the roll-out of the Online Safety Bill and The Data Protection and Digital Information Bill prioritizing important initiatives such as child safety. Part of their purpose is to regulate social media companies and marketers by holding them accountable for protecting users, but there’s a catch.
In the event of suspicious activity, a company’s attempt to enhance security by investigating the flagged activity inadvertently encroaches upon individual privacy rights, raising surveillance concerns. We need regulations that strike the right balance between privacy and security so that users can feel empowered rather than simply at risk.
Equally, if social media companies take action, cybercriminals can simply switch platforms or operations to circumvent new regulations, making this a losing game for our legal system. Regulatory measures are inherently reactive, often playing catch-up in defining and preventing criminal uses of data. What’s more, the enforcement of General Data Protection Regulation has arguably been too slow and posed significant challenges to Big Tech and the online advertising industry protecting their users’ privacy effectively and promptly addressing complaints.
So, in an increasingly digitized society that has exposed people’s personal lives to unprecedented levels, this begs the question: what more can be done to safeguard users?
Charting consumer digital security
We have already observed that regulatory measures increasing companies’ accountability can only go so far. The answer to the problem starts with consumers becoming their own ‘protective agents’. Right now, there is an unacceptably low level of education on data privacy among consumers. Many individuals are aware of the problem, but don’t have the knowledge to deal with it — worst of all, it isn’t their fault.
Data accumulation is more than just bits and bytes. There are 5.3 billion internet users, and given the sheer volume of devices and account logins across the web and social media, data is being produced at an astounding rate every day. In fact, it is now more accurate to say that a comprehensive overview of you is being collected, from your regular jogging route to your purchasing preferences or your health symptoms, creating potentially very personal data vulnerabilities.
On the mission toward online safety, governments, and Big Tech alike should be doing more help empower and protect people’s privacy. This involves changing everyday consumers’ mentality of having “nothing to hide”, to one of caring deeply about their privacy and the risks posed by their exposed data.
Finally, organizations need to provide users with more access to the right tools, or ‘gadgets’ on their mission, including solutions like private internet browsers, ad blocking services and basic encryption, so users can stay three steps ahead. In this digital battleground, it’s important to remember that privacy isn’t about having something to hide. Instead, it’s about empowering consumers to share what they want to share, when they want to share it.
Photo credit: Rawpixel.com / Shutterstock
Oren Arar is VP of Consumer Privacy at Malwarebytes.
