Facebook’s Timeline, Google, and what you can do to protect your own online data – Andrea Figari of Transparency International discusses all this and more in an interview by Johanna Arlinghaus of Schlossplatz³, the quarterly student magazine from the Hertie School of Governance, Berlin. This interview originally appeared in the Spring 2012 edition, available here.
Schlossplatz³: Where do you see the link between transparency and data protection?
Andrea Figari: In many situations it helps to be transparent about the policies on data protection. An example is Google’s new privacy policy. Regulators in many different countries are saying that they want Google to wait to implement. It is not clear if this policy is lawful according to different country’s privacy laws. It would definitely help if Google were more transparent about what they are doing with the data, how they store it, and for how long do they store it. Transparency in the way that a company deals with people’s data helps to build confidence and trust for consumers concerning what happens with their information after registering.
A limiting area is, for example, national security. In Germany, some years ago, legislation was passed which requires telephone and internet providers to save all information about a person’s calls or movements on the internet for a long period of time, because the data should be available in case someone is investigated on terrorist charges or suspicions. Data protection activists are protesting against this, saying that not everyone’s data should be saved, but [rather] that of people under surveillance. I think that there should be very clear rules, safeguards and guidelines, from the policy side, about who keeps information, for how long, and for what purposes it is used.
What can individuals do to protect their data, but also to stake their claims on the right to privacy?
A lot concerning effective data protection has to do with people’s own behaviour and not just with the law. Individuals can do a lot to protect their data in that they are aware of how they make this data available in the first place. There has to be more awareness among people about when is it safe to disclose information. Many times people are signing up for promotions or consumer points without realizing that whoever endorses this information can even know which brand of toilet paper they are buying, giving them a lot of insights into your life.
There are some simple steps everyone can take: if you download an app, look at the permissions. Some apps want to have access to private contacts or calendar information – if you don’t understand why an app needs certain information, don’t download it. There is a policy and there is a behavioural response – get better information and behave accordingly. If you don’t have clarity on one policy, you can adjust your behaviour, such as not downloading the app or not sending sensitive information via email.
How can civil society organisations play a role concerning data protection and transparency?
There are a lot of things going on already and civil society definitely has a role to play. For example, in the last months, when the debate about the SOPA/PIPA laws was taking place in the US, apart from the big PR exercises of Wikipedia and other websites blacking out, many companies started to publicly say that they do not support these policies. In one particular case, there was a very big web hosting and web domain registry (godaddy.com) with millions of websites registered under them, which supported the laws. As a response, people started to cancel their membership with the companies registered under the domain and they saw lots of customers going away. It is not the role of civil society to control in the legal way, but it can always act as a watchdog. Organisations such as the CCC and other organisations that work on data protection and data privacy always have a lot to say on these issues. Many issues such as ACTA, SOPA or PIPA are very technical and complex, and I have the impression that sometimes even parliamentarians are overwhelmed by the complexity of these matters. It is very important that someone tries to break these issues down into bits and pieces in order to make the public understand what it is all about. Thus, there definitely is a role for civil society to play. What they can do is help to disseminate information, mobilise public opinion for or against certain issues, create awareness and explain how things are or how they could be if the laws in question were applied.
How do you picture the future role of social media and networks?
In this respect, special attention needs to be paid [to informing the public], especially from the side of civil society and activists, that these tools can also uncover who you are, what you do and where you are. Before, repressive regimes had to torture people to find out who you are, what you do and who your friends are. Today, they can just hack into [your] Facebook profile or similar and discover absolutely everything about you.
Once something is [posted], you lose control over it, especially in the terms of use of Facebook. Of course they are written in a way that makes you think that it is quite alright, but it really means, for example, for pictures that you grant them unlimited access and use of any and all photos you upload onto their website, so you are basically transferring property of all your images to them and they can use it for anything they want: publicity, sell it, posters, et cetera.
So do you think that we are entering a post privacy society? Do users still have a choice if they want to share information or not?
Actually, you do have a choice. All information that is about you out there, somebody has to put it [there]. So, you have the choice at the beginning to decide, “Yes I want to upload this” or not. I think users still have a lot of control to decide what goes up and what does not. In some cases, it might be very difficult to get it out. In a lot of places, even if you delete stuff, it will be on the servers or in the archives. This concern was not there at the beginning of this kind of Internet rush and I think people are now starting to be more aware. The “Timeline” of Facebook made a lot of people more aware about how much information is still stored because everything you posted in the last ten years shows up. That feature made a lot of people think about it.
In terms of transparency and options, it would have been a good thing for a company like that to give people choice to decide if users want it or not. And of course as a user of Facebook you did not have a choice because the information was already out there and they did not consult you. Companies that have data would do a great deal in going out and talking to their users about preferences, options, and about putting data in this or that format. Of course, the bigger the company, the more complex it is; but if you want to create ownership about how things are done in your company with your community of users or clients, of course there is more ownership from those people who are using your services and more trust.
People are getting aware about the market value of their data. People need to be more diligent in deciding where to give their data. I hope that people are becoming more aware of this. With cases such as identity and credit cards theft, that didn’t happen fifty years ago; there is the policy, there is the day-to-day application and enforcement, but there is also the behavioural response. I think all three areas are evolving right now, so we are living in interesting times.