Did you survive #GDPRday, and the associated barrage of e-mails letting you know about updated privacy policies, or asking you to opt-in to mailing lists?
Let’s hope this new regulation will be a catalyst for change in organisations’ attitudes towards personal data. However, we can neither lay all the blame on organisations, nor all the responsibility on regulators. Ultimately, it is up to all of us to consider not only how we are putting our personal information at risk, but also our friends’ and colleagues’. And, unfortunately, the situation there is rather bleak.
An article recently published in MIT Sloan Management Review, authored by Bernadette Kamleitner, Vincent W. Mitchell, Andrew Stephen, and Ardi Kolah, reveals that 9 out of 10 internet users share the personal information of their peers without consent, because they underestimate the extent to which they are giving their peers’ data away. In many cases, this is because they do not really understand that they are infringing on other people’s rights via their actions. For instance, they may be aware that, when they sign up to an app it will access their list of contacts (names, addresses, phone numbers and so on). However, they do not consider that such data are personal data and that, by giving the app access to those data, they are infringing on someone else’s rights.
What is most worrying, however, is that, when participants in the Kamleitner et al study were alerted to the fact that they were infringing on another people’s privacy, most still decided to go ahead with downloading and using the app.
This finding echoes that from a Nominet investigation of social media posting behaviour by parents. That study revealed that, on average, by the time a child reaches their 5th birthday, their parents had posted nearly 1,500 photos of them. Moreover, on average, parents had uploaded a photo of someone else’s child nearly 30 times in the previous year. And while a third of the parents (33%) expected others to ask permission before posting a photo of their child, only 16% did so themselves. In fact, more than a third of the respondents in Nominet’s study had posted pictures of other children without asking permission from the child’s parents.
As usual, the weakest link in security and privacy is… the human. Most people have great difficulty in understanding the insight generated by personal data, or anticipating how such information may be used against them. Most worryingly, though, many have a depressingly permissive attitude towards giving way other people’s personal data.
Clearly, GPDR is a great initiative when it comes to valuing and protecting personal data, but not enough. A change in attitudes is urgently needed.