It is by now widely accepted that millennials spend a good chunk of their lives online, scrolling through Facebook and uploading photos of their lunches on Instagram. Data privacy concerns were not as widely spread 5-10 years ago (when we first onboarded the networks) as they are now and we were happy to share date of birth, hometown and phone number, amongst others info, just so that we could make and stay connected with more friends.
In the aftermath of Facebook & Cambridge Analytica's scandal, a few people I know requested their data exports from Facebook. When I asked them if they are preparing to disable their accounts, they said something along the lines of "No, it's ok, I have nothing to hide". I guess their reasoning was that they are not important or dangerous enough to be spied on (think Interpol's most wanted and similar), so why worry about what they share online and who they give their data to?
Perhaps it is an easy trap to fall into. Thinking of my own Facebook profile, it mostly shows a certain fascination with badgers and a few prominent cat accounts and who in the world is interested in using this? Apart from a few cat food sellers potentially.
But I think in reality the biggest risk comes from data handling that happens behind the scenes and the data we share unknowingly. Most people are not aware that they are sharing their location with social networks for example or how to change their preferences. They may have given their consent because the app asked them the first time they opened it, but it was all through clever UX design that highlighted the Yes button and provided no context or explanation on how this may be used. So let's just click Yes so that the annoying little rectangle disappears from my screen and I can go back to looking at Kate's lunch. But if a breach does occur, then criminals will know what time you go to work, what route you take to get there and what time you come back home. So the choice seems to be between missing out on the Facebook banter against having some peace of mind that you are being careful with your digital footprint.
In reality, the ideal solution is having trust that there will be a robust legal framework to protect you (GDPR springs to mind in the EU and UK) and data controllers and processors will have enough good sense to abide by it. In light of this, I think that Zuckerberg, for example, is on the wrong side of history. Revamping their system to be "directionally, in spirit" compliant with GDPR is too weak of a commitment and in my view sets Facebook up for future lawsuits and investigations. Not to mention that inevitably, other world regions will follow in EU's example and adopt stricter rules on data processing, so I wouldn't be surprised if before long we hear of another Facebook "mishap" outside of the Old Continent.
Until then, I am staying on Facebook because I need to know how Goran the Badger is doing, but will pay closer attention to my sharing settings.
Zuckerberg told Reuters in a phone interview that Facebook was working on a version of the law that would work globally, bringing some European privacy guarantees worldwide, but the 33-year-old billionaire demurred when asked what parts of the law he would not extend worldwide. “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” Zuckerberg said. He did not elaborate.