Over the last few years, privacy has gotten increasing attention from many communities, from concerned citizens to watchdog groups to the halls of government. With several high-profile events in 2018, it looks like we’ll still be talking about privacy for the year to come (and that’s a good thing).
From Facebook to GDPR, here’s the year in review:
2018 was a bad year for Facebook. Throughout the year, stories poured in about Facebook’s mismanagement of users’ data—and violation of their privacy.
It began with the exposure of Cambridge Analytica, a political consulting group to whom Facebook provided the data of 50 million users. As public outrage soared and the #DeleteFacebook campaign took off, the US Federal Trade Commission and the European Union opened up probes into Facebook’s privacy practices.
Late in the year, it was further revealed that flaws in Facebook’s platform exposed up to 50 million accounts and 6.8 million users’ private images. And that’s on top of the special data sharing agreements Facebook struck with 150+ companies (including Apple, Amazon, Netflix, and Spotify) that allow these third parties to access data ranging from profile information to private messages.
Why it matters
The good news? Facebook’s blunders have helped put privacy in the spotlight for millions worldwide. Many are now questioning whether it’s worthwhile to sacrifice privacy for whatever Facebook and other services offer. Some have already decided it’s not and have begun to delete or lock down accounts accordingly.
In March 2018, Equifax announced that its 2017 data breach may have affected up to 2.4 million more individuals than originally thought. A follow-up statement in May broadened the impact to several more types of data that Equifax originally considered unnecessary to disclose.
Rewind to 2017. Equifax was breached in March, with intrusive activity being monitored and detected as late as July. When they broke the news in September, 143 million US customers were believed to be affected. Included in the stolen data were names, Social Security numbers, dates of birth, addresses, and even driver’s license numbers.
That wealth of information puts every affected individual at increased risk of identity theft and credit fraud.
Why it matters
As one of the US’s three main credit bureaus (Experian and TransUnion being the other two), Equifax has access to the credit histories and personal information of hundreds of millions of Americans and other nationals. Consumers and government officials alike are now discussing how to ensure that organizations of this size and significance are taking security seriously.
The Equifax breach is also a firm reminder that your personal data is always at risk. Check your statements and credit reports for signs of fraudulent activity. Consider placing a credit freeze or fraud alert on your files to help thwart identity thieves from opening new accounts in your name.
Remember getting a flood of privacy notices sometime around May 25, 2018? That was the GDPR going into effect.
The European Union’s General Data Protection Regulation took effect last spring, creating worldwide privacy standards to protect EU residents and ensure them greater control over their personal data. The GDPR was written to hold organizations—particularly the Microsofts, Apples, and Amazons of the world—to a higher standard of responsibility when it comes to personal information.
In the early days of summer, California passed its own privacy law: the California Consumer Privacy Act. While not as thorough or stringent as Europe’s GDPR, this new act reflects growing privacy concerns in the US and a hope for more comprehensive national legislation that offers Americans similar protections to our peers across the pond.
Why it matters
Privacy advocates lauded the regulation as a step toward consumer empowerment, arguing that individuals should be in control of their identities (the GDPR is grounded in the assertion that everyone has a right to privacy). Although the privacy industry is still waiting to see how the regulation will be enforced and what legal precedents will come of it, the GDPR still represents a huge step forward in the fight for greater individual security and privacy.
As similar legislation is passed in other jurisdictions, and as the EU ramps up enforcement, expect to see companies becoming more transparent about their data practices and giving you better control over how they can use your data.