Data Privacy: How Information About You is Collected and What You Can Do About It
Do you ever think about how much your technology knows about you?
Your cell phone, smart devices, and even your vehicle gather information about you without you noticing it. You might even get a funny feeling your smartphone is listening to you.
But, what is there to worry about, and is it worth the hassle? What can you do to protect yourself in an era where everything seems to be keeping an eye on you?
Animikii Impact Strategist Jeff Doctor recently presented this topic to the Animikii team, and we wanted to share our thoughts on the topic with the wider Indigenous tech community.
First, let's explore data privacy and discuss how your privacy might be violated. Knowing how your data is taken and why is a fundamental element of establishing good information security habits.
How Personal is Personal Data?
When thinking about data that needs to be kept private and secure, most people think of passwords and credit card details. But as our lives become intertwined with extractive digital technologies, the data collected about us and our behaviours aren’t always obvious.
Think about all of these aspects of your life: behaviour, habits, and relations that come together to create “you.” If we were to measure this, we could call it your “personal information.”
Under Bill C-11, Canada’s newly proposed (and controversial) data privacy legislation set to replace PIPEDA, personal information is defined as any information about an identifiable individual.”
Now think about how this personal information can be quantified and captured to become “personal data.” These data, once created, need to be stored somewhere, and given their digital nature, they can be endlessly copied and shared across the internet.
This provokes the questions: Who “owns” this data? Do you? Does someone else? How do we regulate these relationships?
And the scariest question: can we?
There’s a lot of nuance to Canadian privacy legislation, including different jurisdictions and unshakeable colonial origins.
However, we want to emphasize that all anonymized data can be de-anonymized to be linked to a specific individual again.
There are many ways to do this, and it’s more common than you think. That’s not to say all personal data will be de-anonymized. However, if we adopt precautions, we can better guard ourselves for an uncertain future.
After all, data could be kept for a long time as societies change. What is “acceptable” now may be “deviant” in the future. Increased investments in AI could cause a corresponding decrease in the effort required to de-anonymize data.
To summarize, personal data can be almost any information about an individual.
Of course, it ignores the collective aspects of data which is a topic we’ve explored elsewhere. But it isn’t hyperbole to suggest your data can be easily collected by anything that connects to the internet.
How is Your Data Collected?
Smart Phones
Through calls, texts, sensors, cameras, and apps, your phone collects your personal data. These may be the most prevalent and invasive methods of surveillance. But unfortunately, many people buy into this by spending on the latest and greatest "smart" phone and overpriced data plan.
Personal Vehicles
GPS, third-party services, entertainment systems, and insurance tracking devices. Most, if not all, newer cars collect your location data anywhere you drive.
For car manufacturers and their suppliers, this is a boon for their bottom lines as they rush to find new ways to get people to pay for “features” on an object that simply moves people from point A to point B. If only our cars were “smart” enough to change their own tires.
Smart Devices or “the Internet of Things”
Personal assistant devices, smart televisions and home appliances. Easy-to-install smart home security and temperature controllers. Even smart light bulbs.
Try swapping the word “smart” with “surveillance” to get the idea.
Public Transportation and Connected Cities
Scannable bus passes, ridesharing and mapping apps, urban planning trackers. These data represent our movements. Time-stamped location data is a common way to triangulate data sets, so leaving a GPS trail makes it easier to de-anonymize your data.
Websites and Social Media
Cookies and trackers are on websites you use every day (even this one – we currently use a Google Analytics tracker for website performance). Some of these are relatively benign, used to figure out how to make websites more user-friendly; others are used to track you across the internet.
You can assume anything you log in to also logs your activities. Data collected by public social media conversations and private interactions are aggregated to create an online version of you. Even when you are careful to be anonymous online, you can be re-identified.
The Workplace
From punch clocks to schedules, direct messaging platforms and project management software, surveillance in many workplaces has become normalized.
What your employer chooses to do with this information is often impossible to know.
Police and the Government
Depending on who you are or what you believe in, a frightening array of your daily interactions are tracked by the police. From carding to traffic stops, injunctions to “exclusion areas,” the police hold overwhelming surveillance power over everyone.
While there are supposedly checks and balances to protect civil liberties, these do not apply to everyone.
Both Digital and Physical Transactions
As websites track you, they’ll also track what you buy from them. It’s hard to stay anonymous as credit card transactions, loyalty programs, surveillance cameras and even some sneaky digital ad boards and mall kiosks track your every move.
Hacks, Breaches, and Attacks
Even if you think it’s okay your data is collected by someone or something else, and you trust them, what happens if they lose control of your data?
Malware, ransomware, phishing, and social engineering are ways that data can be stolen or “breached” by unsuspecting individuals and organizations with lax data protection standards.
Why is it Important to Prioritize Data Security?
The sheer number of ways your data are collected can be enough to make you give up on doing anything about it.
Many of us will feel our data privacy doesn’t matter that much, especially with how easy it is to fall into a state of fear and paranoia.
Surveillance and Power Go Hand-in-Hand
People marginalized by white supremacy, colonialism, queerphobia, transphobia, etc., face greater data privacy risks in terms of police and government surveillance.
In addition, anything that makes you different from other people can make you a target for corporations and advertisers.
Data is Forever, But Societies Change
Your data can last a long time, but the people who hold the keys to your digital footprint can change at any time.
Governments change laws or regulations, corporations change policies or owners, and data brokers don’t seem to be held accountable by anyone.
Then there’s what’s often called the “dark web,” where no one knows where your data will end up or what will be done with it.
More Surveillance Does Not Mean Less Crime
You may think, “I’m not doing anything wrong, and maybe my data should be captured so that criminals are caught!”
"Could you imagine a world where we could predict crime and stop it before it happens?!” Have you seen the movie Minority Report?
Indigenous Peoples and other marginalized groups are well aware of how often we are criminalized for going about our business.
Unfortunately, fighting for fundamental social justice is a near-guaranteed way to be monitored in Canada. Besides, even CCTV surveillance technology has no sure effect on deterring crime, so what really is the purpose of increased surveillance?
How Can You Protect Your Data?
The full scope of data privacy can be scary, but thankfully there are things you can do about it. Here’s how to reduce your digital footprint:
VPN
A Virtual Private Network (VPN) masks your device’s IP address. This address isn’t the only way to track you across the internet, but it’s one of the most effective.
People use VPNs for various reasons, like making it difficult for data brokers to buy and sell their “personal profile” and browsing the web using another country’s servers. With encryption being more common across the internet, VPNs aren’t as necessary as they used to be. VPN providers are complicated, so don’t buy into the hype that they alone will keep you safe. Besides, there are many other ways to track you other than IP addresses.
Encrypted Messaging Apps
When you use a messaging app, you trust that the communication is private. While that may be the case in most situations where messages are encrypted, many service providers hold the encryption “keys” and can de-encrypt your communications. There’s a lot of technical and policy nuance here. Sometimes it’s better to say nothing online, depending on your risk profile.
Ad Blockers
Ad Blockers on your browser stand in the way of behavioural and advertising data collection. This also has the side benefit of stopping annoying and malicious ads, but not all blockers are created equal. There are also script blockers and other tools you can look into, but be wary of what you use because these add-ons also monitor your traffic.
Avoidance
Easier said than done, but (spoiler) sometimes the only winning move is not to play. There are many choices you can make, so it’s best to be informed and think about what you are getting from a product or service and what you are giving away. Look into the reputation of anyone or anything that could be collecting your data and try to understand the basic technicalities.
Exploring Data Privacy
Want to learn more about how data privacy applies to people, organizations, and Indigenous communities worldwide?
Our Decolonizing Digital article series will take you further down the rabbit hole. Start off with our Contextualizing Indigenous Data Sovereignty to get the lay of the land, then explore our articles on data rights, data storage, and more.
Further recommendations are the Tech Won’t Save Us podcast, their reading list, or listening to our Impact Strategist Jeff Doctor’s Big Tech podcast episode.