This is Part 2 of a series on digital privacy…or the lack thereof
In part 1 of the series, we discussed how every time you are online your activities are tracked through small pieces of data injected in your browser, called cookies.
Why do companies collect all this data? Because it is profitable. The collection of user data is all about targeting ads at the corporate level. And it works. It can increase a company’s revenue by as much as 4% (data from privacysavvy.com). Google, Facebook but also many other companies rely on advertisement to survive. You have probably heard the phrase: “if the product is free, YOU are the product”.
Some may think this is a fair trade for receiving a free service: I personally disagree. If you believe, like me, that companies should not profit from your personal data, then keep on reading. Even though “online privacy” seems like an oxymoron, there are some things you can do.
Reclaiming Your Privacy
The only way to fully protect your privacy, is stay offline, which is not realistic for most of us. You can, however, minimize the amount of personal data that is shared.
Understand that it is mainly up to you to do the dirty work. Companies won’t willingly help you protect your privacy so it is your problem, and only you can take steps to do it.
1. Choose Your Tools Carefully – Google provides some of the most used suite online products, mostly for free. It is extremely popular, and most sites use some of them, especially analytics tools. This tool helps you measure site usage and engagement metrics, such as page views, time on site, etc. There are, however, alternatives
- Use Safari or Firefox instead of Chrome. Both browsers have privacy controls enabled by default. In fact, Firefox, just announced that it will release Total Cookie Protection. Brave is another privacy-focused browser
- Do not use Google analytics: try SimpleAnalytics, Fathom, Matomo, or Squeaky
- Replace google meet with some of these resources at ethical.net
2. Set & Review your Privacy Options Often – Social media are probably the worst offenders as far as data farming. They also make it really difficult to change your setting or make it a very tedious process. And they change their policies all the time.
Well, you just got to do it, and keep on reviewing on a regular basis.
3. Change your Browser’s Default Settings – You can also change your browser’s settings to delete cookies that have already been set and to reject new cookies. To learn more, visit the help pages of your browser:
- Microsoft Edge
- Internet Explorer (not to be a snob, but if you still use Explorer…well online privacy may be the least of your concerns)
Certain third parties provide ways to opt-out of advertising cookies across multiple sites. You can learn more by visiting the sites of the Network Advertising Initiative or the Digital Advertising Alliance. In addition, there are third-party plug-ins and apps that help manage cookies.
4. Educate yourself about the existing privacy laws – Most governments are not taking any action to protect your privacy; however, there are a few exceptions. Unfortunately, even people protected by these laws, are often not aware of them.
I know, it is not light reading, but please take the time to read it. You can exercise your rights if you do not know what they are.
1. GDPR (General Data Protection Regulation) This is the first and most sweeping regulation. It was first enacted in Europe in 2018 and covers all countries in the European Union. It does also affect any company that does business with Europe, regardless of where they are located. It is a model for privacy protection laws in other jurisdictions, and recent high-profile cases have shown that authorities are willing to enforce the GDPR to protect the data rights of European citizens.
It is built on the concept of “privacy by design”, which means companies should set their defaults to the highest privacy protection and they should minimize data collection.
According to the law, EU citizens have the right to:
- opt-out of non-essential cookies
- access, correct, delete, restrict, or object to our use of your personal information
- be forgotten
- port your data
- withdraw consents as easily as it is to give it
- What is GDPR? The Basics of the EU’s General Data Protection Regulation
2. CCPA (California Consumer Privacy Act of 2018)
This law, in effect since 2020, applies to California citizens and any company making business with California; is very similar, if not as strict as GDPR. It is a data privacy law that outlines standards for data collection, consequences for businesses that cannot protect user data, and rights that California consumers can exercise over their data. The law does not apply to nonprofits or California state and local governmental entities.
According to the law, CCPA:
- Grants users rights over their data through access, transfer, editing, and deletion request
- Give consumers the ability to opt-out of certain data-processing practices
- Establish greater consequences for businesses that do not protect records adequately
- Shift accountability for data protection onto businesses that collect and handle user information
- Establishes the concept of Protected Data and Sensitive Data (race, ethnicity, etc.)
- Protects customers from discrimination if they are opting out
- CCPA: California Consumer Privacy Act Explained
3. CPRA (California Privacy Rights Act of 2020)
This extension of the California Consumer Privacy Act will be in effect on January 1, 2023.
It greatly expands CCPA:
- Expands the types of data protected
- Creates new rights, including the right to rectification.
- The new right to restriction gives consumers the ability to limit the use and disclosure of sensitive data.
- It clarifies many existing points within the CCPA.
- It creates a new agency, the California Privacy Protection Agency (CPPA), to oversee consumer privacy.
- And this being America, now consumers now have the right to sue over a loss of privacy resulting from a data breach.
- Interestingly, from a UX designer’s point of view, CPRA explicitly states that consent obtained with the use of a “dark pattern” is invalid. My designer heart skipped a beat when it read it (even though we now prefer deceptive patterns)
- cpra-10 most impactful provisions
Many other countries (and American States) are working on similar laws, and it would take too long to list them all. If you are interested, cookielaw.org has a complete inventory.
Whew, this was a lot. If you made it so far, congratulations, you are now armed and ready to protect yourself.
Follow me in part 3 as I teach you to sleigh the cookie banner monster.
originally posted on Medium on August 8, 2022