“With a single click, you may be exposing yourself as well as your friends and contacts.”
Personal data is the new oil (this is now a common cliché). Every step you take on the internet you can expect to be monitored by potential “prospectors and miners” who are determined to get their hands on this precious resource that belongs to you. This generally involves various kinds of automated software that collects data about you and your online behaviour, which is then monetized via marketing.
What is the best defense in this situation?
How can we extract our “digital oil” and use it for ourselves?
1. Anonymize your browser
Your browser is your gateway to the internet. Therefore, it is worth paying attention to certain settings that make you less visible to others, especially those collecting personal data.
Using anonymous windows provides similar benefits (commonly used browsers now offer this option). The advantage of these windows is that they delete your cookies, browsing history, and other temporary files every time you close these browser windows. However, this does not mean that you are completely invisible, as it is still possible to see your IP address.
2. Beware of quizzes
Few people today reply to the customary email from a “Nigerian prince” who needs to transfer part of his inheritance to Europe and has chosen you to help him with that. However, internet con artists can still trick you into giving them access to your personal data by more sophisticated means using tactics that are difficult to recognize.
What are we talking about? For example various quizzes on social networks. Their purpose is not to get your answers, but to get your data. And you routinely grant access to them before you even start taking the quiz. With a single click, you may be exposing yourself as well as your friends and contacts. Tens of millions of victims have felt it bitterly during the recent enormous leak of data from Cambridge Analytica. So, the constantly repeated advice generally applies – allow access to your personal information as little as possible.
3. Data processing requires your consent
Of course, almost no one actually reads the extensive terms and conditions or consent agreements involving the use of their personal data. Probably no one will start reading them based on a blog article. The good news is that new regulations have been introduced in this area to protect users, plus have made it easier to have more control over your data.
The General Data Protection Regulation, commonly known as GDPR, applies in the European Union countries from May 2018. In particular, the GDPR stipulates that every online service (for example applications or social networks) can only process data that is immediately necessary for operation of the given service.
Example. You ordered a t-shirt from an e-shop and therefore they need to know your delivery address and shirt size. They don’t need to know your current location or to get data from social networks to later be used to target you with advertising.
Though the e-shop can process such necessary data in the context of general agreement with its business terms & conditions and data processing, it has to ask you separately for everything else. Hence the box for granting consent cannot be “pre-checked”, instead the customer or user has to actively indicate that it is OK for the e-shop to process the additional data.
4. You have the right to know what is being done with your data
Let’s have another look at GDPR, this time with more discerning and vigilant users in mind. The regulation also gives users the right to know which data is being stored by internet services and what it is being used for.
Yes, basically everyone can demand that, for example, Facebook would need to hand over a statement of personal data within a certain period of time, Facebook will send the user an extensive file with every possible item of stored data. It is Facebook´s duty to do this at no extra charge. This can be useful if you are an activist such as Austrian attorney Max Schrems or if you are a curious internet citizen.
Besides seeing what has been collected, you can also file an objection against the processing of your data. Based on that objection, the company must explain why it is processing your data and demonstrate that it is not infringing on your privacy. If the company is unable to do that, you have the right under the GDPR to demand that your data be deleted.
5. Control and “mine” your own data
And finally, instead of concealing your data, you also have the possibility to actively use the tools and resources of those who are “tracking” you online. Here at VETRI, we are building a tool to give you direct access to the value your data creates.
The core of VETRI is a data wallet that allows you to collect and review significant parts of your personal data. Inside the application, you alone can decide whether or not to share your data with others. You can also decide whether or not to sell your data, which you can do anonymously via the marketplace. When doing so, you will be paid in exchange for granting access to your data with data buyers. By sharing anonymized insights about yourself, you will in addition receive better and more relevant product offers.