Every day we make fundamental compromises related to our privacy in exchange for the always on, available anywhere access and convenience of the online world.
We merrily click "accept" to just about any set of terms and conditions in order to get something we want online — and next to none of us bother to read the small print.
I was prompted to think about this again as we at AIIM work to help organizations prepare for the looming May 25, 2018 European General Data Protection Regulation (GDPR) deadline, which seeks to recalibrate some of the balance between privacy rights and data usage for EU citizens.
Wrong or Just Plain Creepy?
I’ve shared the following anecdote with a number of people over the past few months and almost universally, the responses have been one of the following: 1) “You can’t be right about that” and 2) “That’s creepy.”
A couple of months ago, my wife, daughter and I went to a “California-style” taco place in New York City named Playa Betty’s. (The food was good and the beer was cold, by the way — I recommend it.)
We arrived at the restaurant a bit haphazardly after one of those long and meandering family, “Where do you want to eat?” “I’ll eat anywhere” “Where do you want to eat?” conversations as we strolled through the Upper West Side.
After much back and forth about alternatives (can you feel the tension?) and rising hunger (mine), we wound up at Playa Betty’s. The restaurant is located at 320 Amsterdam Avenue, at the corner of 75th street. The Amsterdam part of the address is important for the story that follows.
All I Wanted Was a Taco
Fast forward a couple of months and we're in town to see our daughter again. While we wait for our daughter to get out of work, my wife and I decide to get something to eat.
My wife said, “Do you remember that restaurant we went to the last time we were here? Let’s go there again.”
I said, “Do you remember the name?”
She said, “No.”
I said, “Neither do I.” (This kind of exchange is becoming far too frequent for us, whether the topic is restaurants or people I work with or movie stars or music groups.)
But I had some memory of the location: “I do remember it was on Broadway, I’m sure of it, so let’s just walk till we find it.”
After walking many blocks, we were still no closer to eating, and certainly no closer to remembering the name of the blasted place. (And as a male, there was no way I was going to actually ask anyone for directions.)
And then, an epiphany. I remembered when we were at that restaurant: Jan. 21. I remembered because it was right after Inauguration Day and we were eager to get out of Washington, DC. (Note: little did we realize that would be the day of the most massive women’s protest marches in both DC and NYC in years, but that’s another story.)
Can't Remember? Google Does
So I went into Google’s location history, entered the date and voila: Here’s what I did and where we were that day — this is actually an abridged version of the massive amount of information available with one click.
At 8:20 a.m., we took the DC Metro to Union Station.
I took some pictures of the massive Women’s March crowds at Union Station, and then boarded the train to New York.
We had lunch at a place called the Melt Shop at 1:50 p.m.
After, we took the tour at NBC Studios.
And ultimately wound up at Playa Betty's ...
... which turned out to be on Amsterdam, not Broadway.
But also a little creepy.
An Exchange of Sorts
In "Data and Goliath," author Bruce Scheiner does a far better job of describing the privacy versus convenience trade-off than I ever could:
"Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you’re unemployed, sick or pregnant. Your emails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.
"The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we’re offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.
"Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection."
GDPR Is Only the Tip of the Iceberg
We are entering into a new period in which the rules of privacy and engagement have yet to be determined. In this environment, governments will rush in to set new rules — the GDPR is just the tip of the iceberg of what is to come.
Often, the resultant rules and regulations have very little to do with actually protecting privacy. It's almost impossible for legislators to stay ahead of rapidly changing technology, especially when the governments doing the protecting are often complicit in the compromising.
But one thing is clear: Organizations must make a new commitment to protecting private information and automating how they do this — and do it now. The clock is running on the GDPR, but the GDPR is just the front edge of a longer-term conversation about privacy that is just emerging. It’s time for organizations to get serious about this conversation.