Is privacy dead?
With every social media session we log, online shopping adventure on which we embark, and Google search we make, we happily sacrifice more information to the convenience machine. Everything we do online is a transaction of sorts and the old adage “if something is free, you’re the product” never holds more true than in today’s environment. In exchange for the services websites, apps, and mobile carriers provide, we tell them something about ourselves, often blurring the lines between convenience and privacy.
The Federal Communications Commission recently fined the largest cellphone companies in the United States a combined $200 million for “illegally sharing access to customers’ location data” without customer consent. Near a quarter billion dollars sounds like a hefty fine, but spread between the top mobile network operators, many have called it a slap on the wrist. There’s also probably a case to be made that what these mobile carriers gained from sharing our location data was worth to them $200 million (or more!).
We consciously grant tech vendors access to our digital location when we use their services. When visiting a website, I expect that website to know I’m there and I’m OK with that. But that website also logging my real-world, physical location tends to feel like more of a non-consensual invasion of privacy we still don’t expect – regardless of how prevalent it may now be.
But there are – and must be – times when we want and need a vendor to also know our physical location. If I order a pizza or Chinese food on a food-delivery app, for example, I have to share my address with the restaurant and the hosting application, so the delivery person can find my house, and I can eat my dinner (or – my particular annoyance – the restaurant can send me notifications offering me coupons).
Location-sharing is also vital to fraud-prevention. Digital banking apps need to know from where in the physical world a session originates to help them determine whether the session has a specific risky element to it or not. This is a security benefit that protects the consumer and, I would assume, most people would be welcoming of to help protect their own assets. When asked to choose between enabling location services on our phones one time and suffering an undetected attack on our bank account, none of us would select the option that makes us a victim of fraud.
But we cannot ignore the ethical implications of location-sharing. Customers must consent to the data vendors are collecting so location-tracking offers a real benefit to the consumer (preventing scammers from draining one's checking account qualifies, while helping a website to deliver more targeted ads probably doesn't). Vendors also must recognize their responsibility as stewards and custodians of consumer data and take steps to anonymize, encrypt, minimize, and protect what they collect from their users whenever possible. This includes and goes beyond regular audits to ensure compliance with data protection regulations such as GDPR and CCPA.
It seems unlikely we’re going to regain any of the privacy we’ve sacrificed in this digital era (especially with the recent advent of readily available artificial intelligence tools), but by refocusing on what vendors do with the data we give them, we can at least retain some of our anonymity in the physical world, and give consumers confidence that we are reliably handling security on their behalf.