Protecting online privacy

It is one of the biggest issues of the times–how can we protect our privacy online in the face of increasingly clever marketing and retailing ploys?

Unless we choose to switch off the computer for good and opt out completely from the digital age, there is no avoiding the fact we all have private information out in cyberspace which is vulnerable to being harvested in unscrupulous ways.

At the same time, however, we understand the importance of personal data to the modern economy and want to be able to cherry-pick the benefits of the online world when it suits us.

Our privacy is something we all guard jealously. But, as soon as we go online, we risk losing control of who has our private details and who knows about our browsing habits. In short, our individuality is up for grabs.

Let’s stop for a minute though and think about how we can claw back some control. What we need are policies that put individuals in the driver’s seat. And New Zealand, I think, could be in the vanguard of showing the world how to protect people’s privacy online.

It was when I was working in the information and communication technology (ICT) sector that I became aware of the tensions around private information and how it is used by online marketers and retailers.

I decided to pursue my doctorate in the often-fraught matter of online privacy and have made it the subject of my recent book, Privacy Online, Law and the Effective Regulation of Online Services.

In this I looked at the difficulty individuals can have ensuring their lives are not spread haphazardly and uncaringly across the internet for others to take advantage of.

While I was developing some potential remedies to this situation, it gradually dawned on me that New Zealand could show other countries the way.

New Zealand is a diverse society with diverse privacy expectations. We are largely a tolerant nation that accepts individuals’ differences.

New Zealand is also highly regarded internationally as a country with high levels of transparency and trust, and low corruption.

I see these advantages as a strength on which our IT companies can build, when or if they were granted the opportunity to act as trusted third-party personal information administrators for other countries. We would be building on our existing good reputation if we took on this role, a bit like Switzerland with its banking system.

While examining the economic and technical details of online services, I managed to pinpoint some of the privacy problems caused by service providers and by particular features of the online environment. As a result, I drafted a privacy management model to enable individuals to manage their privacy better.

It seems to me the solution is to let people see what data is collected and how it is used, and then let them fully decide about their ‘digital personae’. That would involve taking three important steps – market forces, technology and law.

The first of these is a mix of regulatory tools and the business model mentioned before, in which individuals are supported by these personal information administrators.

The second step would appear to be formulating a set of technological tools to manage data within the ICT systems of the online service providers.

The third step would be crucial to the model’s success. We would need to pass laws capable of enabling and supporting these previous two elements.

There has to be a better way of balancing both sides of the online privacy equation - to benefit from the technology, but in a way which is respectful for the individuals and builds trust.

As it stands, it is an “all or nothing” choice for people between either benefiting from digital technology or trying to keep their personal data away from the extensive corporate surveillance.

We only need look at the relatively recent case of Cambridge Analytica to understand what makes some people so nervous about their online presence.

In this, it was revealed by several major and highly reputable media outlets that that company had been taking personal data without approval from millions of people’s Facebook profiles to use in political advertising.

It showed us how easily the procedural requirements of consent and purpose limitation can be abused on a mass scale.

My hope is that the conclusions of my research will spark further debate on shaping a theoretical backbone for the next, and overdue, generation of global privacy laws.

Dr Marcin Betkier is a lecturer in Te Herenga Waka–Victoria University of Wellington’s School of Law

This article was first published on Newsroom.