It’s been an interesting week for observers and chroniclers of data issues, especially around privacy and what we can reasonably expect to happen to information we trust to the web and individual websites.
First there was the Ashley Madison leak, following an earlier hack, where millions of email addresses and account details of users, including sexual preferences and credit card information, were dumped online and made visible to anyone who had the time and inclination to go through them (and plenty did).
The extramarital affairs website offered a full delete service, where users could pay an extra fee to erase any trace of their usage, but this appears to have been all but useless. It was also interesting to see reports of how many company, government and military email addresses had been used, when plenty of services offer free and therefore anonymous accounts, implying a clear trust that because Ashley Madison said they were discreet, then this must be true.
As the backlash intensified, with angry users wondering why a music streaming service needed access to their phone contacts and photos, Spotify’s CEO Daniel Ek apologised for how it had been implemented, promising an “update” to the new policy and better communication in future (although interestingly not backtracking on the content of the policies themselves).
He also said that Spotify would not access or import people’s photos, contacts, sensor or GPS data without their permission.
So, what do both of these sagas tell us about the state of and awareness of data privacy online? I would argue quite a bit – and much of it positive.
While the fallout of the Ashley Madison data will have wide-ranging implications for anyone unmasked, the huge amount of coverage around the hack, subsquent leak and celebrity or well-known users will also undoubtedly raise the profile of the state of data privacy online. Namely, it has been made crystal clear that users need to take full responsibility for their own data and who they trust that with, as even sites claiming to be uber secure are just not able to ensure that is always true, particularly in the wake of a concerted hacking attack.
While not many sites are likely to suffer the fate of Ashley Madison, which was targeted by hackers The Impact Team who had an issue with the content of the site, every site holding personal data has the potential for a breach, and users often have no more than their word that all standard protocols have been followed before handing over what can be sensitive information. Indeed, companies themselves may believe they are protecting data adequately but just not have the technological know-how for that to be correct.
Equally, the Spotify backlash, while primarily among the internet-savvy Twitter usergroup, also shows a promising swell against overarching privacy policies, proving that users won’t accept absolutely anything in return for free use of a service, and increasingly have enough awareness to check what exactly they are signing up to.
Awareness of what we give away with many online transactions (excluding the likes of digi.me, which never sees your data) is the first step in making sure that anyone we hand our data to will treat it with respect, amoving on to holding those who don’t to public rebuke and account.
And thus the vastly greater awareness around data privacy issues following recent events can only be a good thing as more and more of our lives are lived online.