What’s with All the Privacy Policy Updates?

If you have a lot of online accounts, you have likely received many notices over the last few weeks regarding privacy policy updates. There is a simple reason for this. It’s called the GDPR or the General Data Protection Regulation. If you don’t live in the European Union, you might not be familiar with it. It is an EU law that goes into effect tomorrow (May 25, 2018) “to give control to citizens and residents over their personal data.” Because so many Internet-based companies do business worldwide, it is easier for many of them to simply adopt the practices necessary to meet the GDPR for all of their users. That’s why you are getting all those emails asking you to review new privacy policies.

So how does the GDPR affect citizens of the EU and the users of companies that adopt the GDPR in general? Here are some highlights.

  • Companies who collect any personal information from you must
    • clearly disclose what data is being collected and how
    • why it is being processed
    • how long it is being retained
    • if it is being shared with any third-parties
  • You have the right to request a portable version of the data collected and stored about you in a common format that would be easy for you to read; in other words, they can’t send it to you in a file format that you would need to purchase expensive software to read
  • You have the right to have your data erased in certain circumstances
  • Any breach of data must be reported within 72 hours
  • And any business who primarily processes personal data must appoint a Data Protection Officer (DPO) who is responsible for managing all this

Keep in mind that these regulations only legally apply to those individuals within the EU and companies who do business within the EU. However, since so many companies do business around the world and collect personal information to do so, there is a high likelihood that you will have many more ways to control how your data is stored and shared.

Be sure to not simply ignore all those updates to those privacy policies. It is worth taking a little time to review them. They should be much easier and clearer now in many cases due to the new GDPR regulations that take affect tomorrow in the EU.

Informed Convenience

The GAFA companies (Google, Apple, Facebook, and Amazon) were on Capitol Hill earlier this month facing Congress. The questions asked of them boiled down to, “Do you realize how your services can be used to subvert our democracy? Are you taking this as seriously as your bottom line?” The not so subtle threat behind this is the possibility of government regulation. And Congress wasn’t impressed by who they sent, either. Instead of their CEOs, they all sent lawyers. It seems that maybe they aren’t taking this as seriously as they should. This got me to wondering, “How did we get here?”

When these now giant companies started in the 90s, they were just startups. Amazon’s business plan didn’t show it making a profit for ten years. Facebook was the way college students (only) connected with each other. Google was a new search engine that was only starting to replace Yahoo! as people’s first choice to find things on the internet. And Apple was a niche computer maker with a very small part of the market. Each of these companies worked like crazy to attract users. They focused on serving those users and a big part of that was making a space to meet a particular need and then getting out of the user’s way. In many ways, they were legitimately creating a (largely) free and unfettered online community. You could say and do whatever you wanted. What you saw on Facebook was all the updates of all your friends, no matter how overwhelming. But as the internet grew and mobile computing came along in 2007, this changed.

Those funding these startups began to pressure them to be profitable and go public. Advertising began to be more and more a part of the experience. And, with the overwhelming amount of information that became available, they all began to curate their user experience in some way. And we all welcomed this help sorting through the sea of information that the internet became. But we never evolved our understanding of these companies along with that change. They stopped being simple meeting places and tools. They started to become filters of our online experiences. Again, not bad — just a fact. Instead of using their products, we became the product.

How can we keep the services we like and use everyday without being taken advantage of? I think the key is transparency. I don’t mean that Facebook and Google should publish their algorithms. I do mean that they should explain broadly what their algorithms do. For example, it was sometime after they changed their feed policy before I learned that I was no longer simply seeing an unfiltered list of my Facebook friends’ feeds. Facebook now only shows you some of the feeds of your friends. If you look at your friend’s page itself you will see it all, but they show you only the best and what they think will keep you on Facebook. And they insert promoted content, too. They weren’t transparent about this. They should be.

These companies continue to claim that they should not be responsible for the content published on their platforms as they have no control over what users post. At the same time, they manipulate what their users see without clearly telling them that’s what they are doing. They can’t have it both ways. They need to go back to being completely unfiltered, or be transparent about the way they are curating the user experience. And if they choose neither, Congress is likely to begin regulating them.

In the meantime, what is the average user to do? All this change behind the scenes is frustrating and makes us feel used. Indeed, many say we are being used, that we are the product being sold rather than being the customer. For me the answer is what I call informed convenience. The internet and mobile are such a part of our everyday lives that there is no going back. Short of not having a mobile phone at all or never using the internet, we will encounter these companies and their products. So, we need to become better digital citizens. How do we do that without becoming paralegals in order to understand those Terms of Service we all have to agree to but never read?

Today there are many tools and websites to help you figure out in plain English what the terms of service are for a site or service. Here are three I found on a quick search:

  1. Terms of Service; Didn’t Read
  2. Clickwrapped
  3. Terms & Conditions Checker

Also, many of these companies have started to provide or use alternative services. Encrypt your computer hard drive and smartphone (both Android and iPhone have this capability). Make sure you know what rights you are giving up by using Facebook, Twitter, and Instagram. Use DuckDuckGo for search instead of Google because DuckDuckGo doesn’t track you. Pay for private email instead of using free email that it selling information about you. Buy books at your local bookstore instead from Amazon.

And if you are okay with what all of these companies are doing, don’t do anything differently. I am not trying to tell you what services you should or shouldn’t use. I am suggesting that you decide knowing what you are agreeing to. After doing a little research you may find that you have to give up a little convenience to live closer to the digital life you want to live. That’s okay. And rather than unknowingly being used, you will be practicing informed convenience.


Share your thoughts on this post in the comments below or contact me directly. Be sure to sign up in the sidebar to the right to receive a notification when new content is posted.

Live Presentation

Every year my local library has a summers series of lunch presentations on Fridays. Last year they invited me to present on the topic of passwords. I am doing a similar presentation this Friday at noon about Password Security and Privacy. See the details in the flyer below. Next week, I will review the experience here on my blog.

In preparation for the event, I have been reading a recent book about privacy and security called The Art of Invisibility by Kevin Mitnick. The author is a hacker who explains a bit how technology works and a lot about how it affects you and your privacy and security. One of the most important points he makes is to make sure that you have a password on your smartphone. This will be one my first points in my presentation on Friday. If you are in the area, I hope to see you there!

Managing Passwords

Bad Password

There are a lot of recommendations out there about how to create secure passwords.

  • Use a unique password on each site
  • Make them hard to guess
  • Use numbers and special characters (like *~$#@)
  • Don’t write them down any where

If we do all that, how are we supposed to remember the seemingly zillions of passwords we need to remember? It seems an impossible task.

One highly recommended solution is to use a password manager. I use one every day. The most popular ones even include a password generator to help you create better passwords. Essentially, a password manager is a place to create and store your passwords. You secure access to it with a password, but this password becomes the only password you need to remember. All of your other passwords are locked in your password manager. When you need to enter a password, you simply open up your password manager to find the password for the site and copy and paste it into the login screen. Many managers even have browser plugins that will do this for you automatically!

There are many password managers out there. Most of them have a free version as well as a premium version. The premium versions are generally inexpensive (I know of one that is $12/month). The one that is best for you will depend on how you use passwords and what digital tools you use (smartphone, tablet, computer). Here is a list (in alphabetical order) of some of the most popular ones.

Finally, here are a few recent articles reviewing password managers.

So, don’t wait. It will take a little bit of work and time. But it will be worth it to protect your data and information from all the hackers and security breaches that seem to fill the news today. And if you have any questions, let me know in the comments.