So long story short I stumbled across a great site for you to check out privacy ratings called PrivacyGrade. I actually found this through reading an article by Kim Komando highlighting the cost to our privacy when we acquire free apps. Of course some apps need our personal information such as google maps, but what about apps like the Despicable Me game or Fruit Ninja? Why on God’s earth do they need this information? Speaking of God… more on that later.
We all know we don’t read the terms and conditions and unless you are on iOS you can’t set your own privacy settings on a case by case basis. This is where PrivacyGrade can help and it is run by a team of researchers from Carnegie Mellon University who have devised a simple grading system from A+ to D. This grading model measures the gap between our expectations of privacy behavior vs the actual behavior.
For example when you download Google Maps you know they will need access to your location data, or Gmail will need access to your contacts to make sending emails easier, you know what to expect and therefor both these apps get an A. “It does what it says on the tin” so to speak.
In terms of the low scorers the most surprising was the #1 Holy Bible app which scored a D, the lowest grade. This app’s permissions require full access to your network, your user accounts, your phone status and identity, can read your contacts and track your approximate location. Not only that but you also give permissions to third parties such as Flurry, Facebook, Tapjoy, Jsoup and Oauth! Who would have thought catching up on ‘His Word’ would require so much of your passive data.
Also concerning is the related app Bible for Kids which requires the same permissions. This was graded C which I don’t understand as the details are pretty much the same and I would have thought that our expectations would be stronger around privacy considering the target audience. Targeted advertising to your kids anyone?
If you can’t be bothered to read the T&C’s check out the Privacy Guide
Trust – Ultimately it comes down to trust. How do we trust these organisations when we don’t read the terms and conditions, don’t have the education to make good decisions or receive true value from the sharing of our data?
Then there is the black market for personal information. AT&T have just confirmed a data breach of its mobile phone users (the guilty parties being employees) and earlier this year eBay saw a data breach effecting 100 million customers. Almost every day there are examples that are news worthy and demonstrate the lack of security. There are also mistakes or negligence, a woman in Florida found out that her lawyers had tossed her files into a dumpster, un-shredded. These files included medical notes, bank accounts and pay stubs.
I am a pragmatist and accept sharing some of my information in exchange for convenient shopping online, using social networks etc . But I also own my data and feel the equilibrium is restored if I work with an agency who can help me manage it. To quote someone who commented on this blog I want to be ‘passive interested’ not ‘passive stupid
A recent article in Research Live highlighted some interesting statistics through a study conducted by Coleman Parkes (on behalf of Accenture). The research was carried out across the US and UK and 2000 people were interviewed. The research showed that
- 80% of consumers believe that data privacy no longer exists
- 87% believe that adequate safeguards are not in place
- 64% are concerned with their buying behaviour being tracked
Interestingly 49% would not object to having their behaviour tracked if it would result in relevant offers and 64% welcomed in store targeted texting (this brings up IBeacon which will be discussed in future posts)
For me this tells us that we are deeply concerned and do not believe our information is being protected adequately. While we are open to sharing information if it results in better offers and services. Lastly, it implies that we are not currently feeling much value from sharing (willingly or not) our information.
By taking and managing our own data there is level playing field and information flows act much more in a loop rather than top down. So lets understand what our rights are to our own information. For this post I have focused specifically on North America and Europe
Europe – Under EU Data Protection Regulation any European citizen can request access to any document held by an EU institution including personal information. There is no limit on the number of requests the subject makes unless they are identical requests and therefor a reasonable interval of time must have elapsed. There are limits to the cost that can be charged to the consumer
US – Under the FTD Fair Information Principles consumers are allowed access and participation to their information. Access as defined in the information principles includes not only a consumers ability to view the data collected but also to verify and contest its accuracy. This access must be inexpensive and timeline in order to be useful to the consumer.
Canada – Under PIPEDA (The Personal Information Protection and Electronic Documents Act), The law gives the individual the right to access and request correction of the personal information an organisation has collected about them.
Our rights to our data provides a fantastic opportunity between the customer/organisation relationship!