Each and every week, we hear of new data breaches, hacks, and disclosures of sensitive financial and personal information.
Last month, it was the cyberattack on the Colonial Pipeline in the United States, causing spikes in gas prices and long lines at the pump. Before that, news broke of a data leak affecting half a billion Facebook accounts, a bot that has successfully scraped 500 million LinkedIn accounts, and a hack at Stanford University that exposed thousands of social security numbers and financial details. The cycle is endless.
The sheer number of reports of data leaks, hacks, and scams on affected accounts has now grown so gargantuan that consumers and users are left numb. The more that number grows, the more we grow numb.
But breaches of private data matter. And consumers should be rightly ticked off.
Because for every company screw-up, hacker exploit, and insecure government database, there are thousands of firms and organizations doing it right, keeping users’ data secure, encrypted, and away from prying eyes.
And while individual countries in the European Union have their own privacy and data laws, the more troublesome aspect here is the troubled General Data Protection Regulation (GDPR), which all too often makes it more difficult for legitimate businesses to secure data, not less.
While we should always be vigilant about potentials for leaks and hacks, a chief concern of a smart and common-sense data privacy law or directive should be in championing innovation, which isn't the case at present.
For every new health data company, logistics firm, or consumer wearable, proper data collection and retention are a core value. The more that rules are uniform, clear, and do not create barriers to entry, the more innovation we will see when it comes to data protection.
We should incentivize firms to adopt interoperability and open data standards to ensure data is portable and easy to access for users. Major social media networks now allow this prevision, and it has been the standard for website data for several years.
If that becomes the standard, consumers will be able to choose the brands and services that best cater to their needs and interests, rather than just companies left standing in the wake of overregulation.
At the same time, if we are to have revised privacy rules in the EU, we should enshrine the principle of technology neutrality, where government avoids decreeing winners and losers. That means that regulating or endorsing various formats of data, algorithms, or technology should be determined by firms and consumers, not government agencies without the knowledge necessary to make good decisions. The EU’s recent attempt to designate the “common phone charger” as the micro-USB connection, at a time when USB-C connections are becoming the industry standard, is an easy example.
This also extends to innovation practices such as targeted advertising, geo-targeting, or personalization, which are key to the consumer experience.
Added to that, we should be wary of all attempts to outlaw encryption for both commercial and personal use.
Pressure has mounted on the European Commission to overhaul encryption by private actors, but that would be a mistake.
The reason encryption remains a powerful tool in the arsenal of companies and agencies that handle our data and communications is because it works. We must defend it at any cost.
While there is plenty to be concerned about when it comes to online breaches and hacks, consumers should be able to benefit from an innovative marketplace of products and services, unencumbered by regulations that all too often restrict progress.
This balance is possible and necessary, both if we want to have a more secure online experience, and if we want to continue to have the best technology at our disposal to improve our lives.
Yaël Ossowski is a Canadian-American writer and journalist living in Vienna, deputy director at the Consumer Choice Center, and co-host of the syndicated show Consumer Choice Radio.