An environmental, social, and governance (ESG) framework is not a new business term, but what it means for a given company is constantly changing. There’s an emerging area that’s quickly gaining traction in the new, better understanding of ESG - data privacy.
Data Privacy
Technological development has always outpaced privacy concerns, but never more so than in the past decade. Collection and centralization of personally identifiable information (PII), tracking of movements and digital surveillance are all at unprecedented levels. Regulations and laws are only just beginning to catch up to the ability of both governments and private entities to deploy these capabilities.
What exactly is there to worry about? The mass collection and centralization of data by giant multinationals such as Facebook and Google is as good of a place to start as any. Two decades of vacuuming up the personal data of users of various online services has created the most impressive marketing capabilities in history, but these profiles have astounding potential for damage when they are used the wrong way or fall into the wrong hands.
Unauthorized information that is captured in data breaches tends to find its way to massive “combo lists” that are sold and traded on the dark web. Social security numbers are added from this breach, home addresses and phone numbers from that one, personal health information from yet another. Soon, a frighteningly complete profile of millions of individuals is available to anyone willing to pay the asking price.
These are just the established data privacy issues. The emerging ones are even worse. High-quality facial recognition technology is just beginning to roll out across the public places of some countries. Artificial intelligence is not only making mass facial recognition possible, but magnifies the power and reach of any application that involves capturing and sorting information: scanning pictures, analyzing speech, sifting through text and location data. This threatens to not only shatter anonymity and privacy, but allow for highly advanced impersonation and take the concept of “identity theft” to new levels.
Some businesses chafe at the trouble and added expense of new and emerging data privacy regulations, but they are vital to both protecting rights and privacy and instilling confidence in end users. Customers want to be able to submit their payment information without worry about data breaches and identity theft, use services without wondering what is being done with their personal information and use devices without fear of surveillance or having location data tracked. The need for meaningful safeguards only grows greater as technological capabilities increase.
Security researchers with Lookout Threat Lab did not specify who the specific surveillance targets of the Android spyware were, but raised concerns based on the government response to protests in Kazakhstan.
Germany has opened an antitrust probe into Apple’s App Tracking Transparency framework. This follows a probe initiated by Poland in late 2021, and the expression of concerns along similar lines by both France and the UK.
Change to India's cybersecurity laws has sent VPN providers running from the country ahead of the slated June 27 start date for the new terms.
Changes in the risk and compliance arena are accelerating in the recent years. With these developments it is urgently needed to redefine the place of privacy and the privacy team in this evolving landscape just the same as establishing links with overlapping, adjacent and related areas of risk and compliance.
During the privacy-last era, consumer trust in brands was repeatedly broken when brands captured, sold, and abused data without consent - even though it was technically legal. To rebuild trust, brands need to change their strategies to be privacy-first instead of last.
Face search engines that trawl the internet are not a new concept, but this apparent level of accuracy (backed by an advanced AI algorithm) has not previously been made available to the general public.
FLEDGE and Google Topics can now be blocked either individually or together in the DuckDuckGo Chrome extension. Together, FLEDGE and Topics are meant to replace the standard tracking cookie used for ad targeting.
The DuckDuckGo disclosure is an opportunity to reflect, for individuals and companies alike. As an individual, who defines what privacy means to you? As an organization, is your internal definition of "user privacy" consistent with what your users expect?
DuckDuckGo sells itself on its lack of user tracking. However, some new security research reveals that policy does not apply equally to Microsoft trackers.