Protecting our private information from the prying eyes of other people, governments, and corporations is on many people’s minds. At the same time, our lack of control over our own data makes us wonder if privacy even matters in this day and age. In this article, I’ll argue that protecting our Personally Identifiable Information (PII) is more critical than ever. As privacy infringement incidents become more commonplace, stronger regulations and emerging technologies protect our privacy and have the potential to enable broader use of private data.
Privacy at the throne
Using the bathroom typically doesn’t require much security; for most of us in the developed world, a bathroom is a safe place where we do our business while scrolling through Twitter or TikTok. So if there’s not much to protect against, why do bathrooms have doors? The answer is obvious: privacy. Most of us close the door while using the bathroom because we value our privacy, independent from our need for security. In a world that requires us to be “on” most of the time, having some private “off” time is a relief.
Information has similar characteristics: it has varying security needs, and separately, varying degrees of privacy requirements. Your private data, if revealed, can be used against you. One of the most worrisome abuses is identity theft. Other nefarious uses include public shaming, outing, and doxing. These can ruin someone’s life and drain their savings. While they’re against the law, many countries don’t have specific laws and regulations that govern the use of private information. The European Union led the way in the early 2000s with the ePrivacy Directive, followed by the much stronger GDPR. Other countries and state regulators followed suit with similar rules, such as California’s CCPA, Canada’s PIPEDA, and Australia’s CPS 234.
These privacy regulations were put in place with the realization that data breaches are inevitable. They are an essential element precisely because security will never be absolute and data breaches are all but unavoidable, and so ensuring that private data is handled properly while in use, in transit, and in storage is critical. Take healthcare data, for example: in 2021 alone, the top 10 healthcare breaches in the U.S. exposed the data of 19 million people. Privacy regulations prevent criminals from gaining access to PII, even if they gain access to other data. These regulations are critical because the corporations we entrust our data with don’t always respect our privacy. Case in point: Facebook, it turns out, is collecting data on people even after their accounts have been deactivated. And another Meta company, WhatsApp, was fined $270 million by Irish authorities for lack of transparency around user data.
Much like security being a constant arms race between hackers and CISOs implementing the latest security technologies, privacy is a battle between slowly moving government regulators and various malicious actors finding creative ways to abuse any private data they can put their hands on without getting caught. While people like you and I may feel powerless when witnessing this clash of titans, we can vote with our wallets and our attention currency in favor of companies that respect our privacy and adopt innovative technologies with a genuine intent to guarantee it.
At the personal level, we can protect our online privacy by using search engines like Duck Duck Go and browsers like Brave (check out this browser privacy comparison). Browser extensions like Privacy Badger help thwart trackers, and companies like delete.me track down our personal data and ask information brokers to remove it. These tools are effective, to a degree. Legitimate data uses, such as banking and healthcare, require access to PII, access which we grant when opening an account or signing up for such services. Here, we have no choice but to trust these companies and government bodies with our data, hoping that they will do the right thing with it.
This brings us to privacy enhancing technologies (PET). These are designed to ensure that private information is never transferred, stored, or used in an insecure manner, while enabling data processing to be carried out. PETs are getting increasingly sophisticated, with the latest ones, like Secure Enclaves and Homomorphic Encryption, gradually going up the far edge of Gartner’s hype cycle. These advanced technologies grow in popularity as existing methods become less useful. For example, anonymization doesn’t guarantee privacy; this renders the most widely used privacy protection method toothless.
One of the strongest arguments in favor of adopting new privacy-preserving technologies is their potential to enable new data uses. One way to ensure compliance with government regulations is to keep it under lock and key. This kind of strict data governance defeats the purpose and prevents the beneficial use of this data. Privacy-enhancing technologies make it possible to realize a future where data can be processed without the need to decrypt it. This is the holy grail of privacy guarantees: give people the privacy they deserve while at the same time letting authorized corporations and governments process the data securely, without breaking regulations or infringing on anybody’s privacy.