This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK
German

Forces push data privacy to the forefront

by VPNHaus | 04/24/2018 | Data Security

Until very recently, data privacy has never ranked very high in the public consciousness. In opinion polls last year, people were nearly split evenly when asked about the need for stricter regulations to make tech companies do more to keep personal information private.

However, since the turn of the year the Facebook Cambridge Analytica scandal, Microsoft’s support for the CLOUD Act and the impending arrival of Europe’s General Data Protection Regulation (GDPR) have changed the mood completely. Now, 83% of Americans would like to see Facebook and other tech platforms face harsher penalties for breaches of data privacy.

One outcome of this focus on data privacy is the renewed interest in security technologies such as virtual private networking (VPN) software that helps protect the privacy of data communications over the Internet.

Data privacy scandal hits big tech

By far, the biggest privacy breach concerns Cambridge Analytica, a British political consultancy working on data analysis for President Trump’s 2016 campaign team. In March 2018, it was revealed that personal data from 50 million Facebook users was harvested and used to target voters with highly tailored political messages.

However, data harvesting is nothing new – other tech giants routinely hold a lot of private information about us. For example, Google knows everywhere we go, what websites we visit and what apps we use. Every time we download a new app onto our phones we voluntarily give up some degree of data privacy.

According to the U.S. Federal Trade Commission, the big data brokers like Acxiom and Experian (also caught out by a data breach) can hold as many as 3,000 data points on every consumer. Elsewhere Microsoft has attracted criticism for undermining its own privacy case by supporting the CLOUD Act, thereby allowing the U.S. government to request any cloud data in its possession.

In short, consumers can no longer rely on the word of tech companies that their private personal information is safe in their hands.

Sea change in public opinion

This is reflected in a sharp shift in public opinion with respect to data privacy. At the end of 2017, a study by HarrisX showed just 49% of Americans felt tech firms needed regulation.

In the wake of the Cambridge Analytica debacle, the same survey found the proportion of Americans wanting to see Facebook and other tech companies to face tougher penalties for data privacy breaches rose sharply to an overwhelming majority (83%). A similar proportion (84%) say social platform providers should be held legally responsible for the personal content held on their systems.

Regulators tighten the rules

Technology platform providers, along with others that collect and store consumer data in large quantities, will soon have to abide by the new EU GDPR rules. Tighter regulations are meant to give European citizens more protection and more control over their personal information online – even if the companies they share data with are based outside of Europe.

Under the new rules, companies need to let customers have a copy of the data they hold on them and delete it if asked. They must also report any data breach within 72 hours. Reportedly, U.S. organizations are scrambling to be ready in time. 

Facebook has responded by altering its terms and conditions. Users that fall under its European base in Ireland will now be governed by EU rules. This still leaves 1.5 billion members outside the EU who will be subject to lighter controls.

Other tech giants are also beefing up their privacy. Google has announced a privacy dashboard to help users work out which Google apps are holding their data while Microsoft has released a new tool that lets viewers look at what personal data has been collected.

Encryption holds the key

Regulatory controls are nothing new for many industries such as banking & finance, legal and healthcare. They typically use end-to-end encryption (E2EE) technology to ensure sensitive data stays private when they are sharing information.

Furthermore, encryption is specifically mentioned by GDPR legislation as an essential component for data privacy. Data is best protected by having encryption on the device, in transit and at rest.

An effective way for users of social platforms to encrypt their personal information as it passes across the public Internet is to use VPN software. Of course, this is only part of the privacy story.

Much of the current concern focuses on the security measures and policies the main social platforms employ to stop personally identifiable information being shared with and subsequently misused by third parties. It’s up to the social media giants to decide the way forward but it is clear that something needs to change. Encryption for data at rest may have a part to play.

Sensitive business communications using Cloud applications like Microsoft’s Office 365 also requires robust privacy protection. Most professional VPNs support the main IPSec and SSL encryption protocols and switch seamlessly between data and WiFi networks.

As an added layer of security, businesses with many remote users working with cloud applications such as Microsoft’s Office 365 may also want their IT admins to be able to manage VPN clients remotely from a central point.

In summary, the business model used by social platform giants of harvesting and selling personal data to third parties so they can push personally tailored advertising or political messaging to consumers is under intense scrutiny.

Public attitudes are changing, consumers becoming less tolerant of breaches of personal privacy. Social media platforms will have to adapt in order to reassure their customers and comply with tighter regulatory controls. Users of these platforms, along with the platforms themselves, could reduce the risk of data breaches considerably by embracing encrypted remote access to PII as part of standard practice.