Internet privacy: Mind your own business

We live in a world of constant data collection – online and off. Increasingly, everything we do, every step we take, every transaction we enter into is memorialized in digital data. These digital footprints are then collected, stored, manipulated and often shared by third parties, usually without meaningful notice or consent.

Frequently, we volunteer this information, especially online, through more than 30 billion e-mails and billions of text messages a day, 113 billion searches a year, the deluge of photos and videos we post to YouTube and Flickr, and MySpace and Facebook profiles that get a reported 100 billion page views per month.

Even information we don’t provide online is consistently converted to electronic format and launched onto computer networks. This is true of the 30 billion cheque and 48 billion credit and debit card transactions that we engage in annually. More surprising is how much personal data is collected and stored that we are never aware of.

Consider, for example, location information. There are upwards of 2.7 billion mobile phones worldwide, which 95 per cent of users say they keep within three feet of themselves at all times. Mobile phones thus constitute the world’s largest sensor network. Through GPS and triangulation, these phones generate increasingly precise information about the location, speed and direction of movement of the user. In the United States, under federal law, all cell phones now have to provide the cell phone service provider—not the user—with precise information about the location of each cell phone.

In the face of ubiquitous digital data, the edifices of data protection we have built are looking increasingly outdated. Even more problematic, no matter how solid the data protection surrounding the sea of digital data in which we are awash, we are reminded almost daily that personal information in even our best institutions is vulnerable to theft, loss, and mishandling. The more data an institution holds, the more it has to lose.

Of greatest concern, however, is that this data is increasingly available to our governments. In many instances, our laws require that the private sector report our activities to the government. Moreover, because we apply weaker privacy protections to anti-crime and anti-terrorism efforts—if we apply any at all—government authorities have ready access to the massive store of digital data about each of us, no matter what privacy protections were promised by private-sector intermediaries.

Protecting privacy in the face of ubiquitous data requires many tools: technology, education, market pressure but most of all it requires strong laws that impose serious obligations on industry to act as stewards, not merely processors, of our data, and firm limits on government access to those data.

The United Kingdom, under a rigorously independent information commissioner, Richard Thomas, has made important strides in this area. Regrettably, the United States lags farther behind. But we all have a long way to go if we are going to accord individual privacy—the bedrock of human dignity—the respect it deserves.