Tag Archives: privacy

MEF Global Consumer Trust study 2017: all hail the rise of the savvy user

ISPs selling personal data: we need to frame the debate around consent

The US Senate’s vote to roll back rules preventing ISPs from collecting and selling personal data has generated an enormous amount of controversy.

On the one hand, de-regulating the stifled and stagnating US economy is a necessary move to restart growth and boost innovation.

And of course everyone understands businesses want and need data – it’s their fuel, their magic juice – and something they rely on heavily to try and stay ahead of their competitors.

But those arguments, valid as they are to a degree, overlook the big elephant in the room: consent. Specifically, the rights of individuals to have a say in what happens to some pretty sensitive personal data collected about them through their full browsing history.

Consent is the missing ingredient in this current debate – and its omission means all sides lose out.

Individuals, of course, lose out in this equation because their personal data is being sold on behind their backs without their consent, or indeed without any benefit to them.

But businesses are losing too because they would get better quality, more useful data if they went direct to the source – the individual themselves – and offered something desirable as an exchange.

Additionally, their ability to thrive depends on them being able to deliver the right offer to the right person at the right time. This, in turn, requires better engagement overall, and engagement means conversation. What better way to have a conversation then by starting the relationship asking for data rather than taking or buying it?

Of course, here at digi.me, where we have built our vision on the Internet of Me principles and ideals of the individual at the centre of their connected world, in control of what happens to their data, it’s no big surprise which side we are leaning towards.

But it’s clear there are an ongoing debate and awareness-raising to be had about ethics and best practice around the issue of personal data.

While the House has now also voted in favour of this bill, it’s not completely clear whether the White House will sign it without amendments.

But President Trump has said time and time again that he is the people’s voice – and now is a perfect time for this new Administration to hear this voice.

There are increasingly ways, such as digi.me, for both privacy and data-sharing to be compatible, and these should be explored –  although consent is always the better choice, resulting as it does in a more meaningful dialogue.

The bottom line here is that the ISPs are acting perfectly legally, and feeding businesses who are desperate for data and know – at the moment – of no other way to get it.

This change will come, both in awareness and through legislation such as the EU GDPR, which gives many more rights back to individuals around their personal data, and which we firmly believe will prove to be a boon to businesses and innovation when it comes into law next year.

But until then the focus should not be on condemnation or scorn, but showing a better way through the use of data consented at the source.

Then, and only then, can we move forward into a world where our data is ours alone and we share it only through choice.

10 key things you need to know about the EU GDPR and personal data

The General Data Protection Regulation (GDPR) becomes law across Europe in May 2018, replacing a patchwork of data protection laws across the various member states and essentially making privacy the new norm.

Wide-ranging in its scope, a key theme is returning a lot more power over personal data to individuals, who will have new and increased rights over what personal data is collected, what it can be used for and what happens when they want to remove consent.

The GDPR also includes a ‘right to be forgotten’ as well as the right to know when your personal data has been hacked and replaces rules dating back to 1995 when the internet was in its infancy.

Completely in tune with digi.me’s vision to unlock the power of personal data by returning control and ownership to those who create it in the first place, the new law will apply to all businesses not just based in the EU, but also those dealing with EU citizens.

Here’s a quick guide to the main features:

  1. Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed or relevant for the purposes of interacting with that app or service. Services should no longer be asking for capabilities they don’t actually need, which will immediately restrict data leakage.
  2. Explicit permission means just that – when you give permission to an app or website to have or use your details in a specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
  3. Data portability gives you the right to ask for any data that a company has about you, which should be returned in a machine-readable form so that you can reuse it, for example to give it to another service provider.
  4. Giving someone your data doesn’t mean they will always have access to it – under the GDPR you have a right to be forgotten and will be able to ask companies or platforms to delete your data if you no longer want them to have it. The two caveats to this are a) that this won’t apply to some information that there is a legal requirement to keep, for example medical records and b) that it is also a personal right to forget, distinct from the 3rd party Right to be Forgotten, where individuals can request that outdated or undesirable information about them be removed from search engines. (read more about the difference here)
  5. Clear and affirmative consent will be needed before private data is processed and this will require an “active step” such as ticking a box. The Parliament is clear that “silence, pre-ticked boxes or inactivity will thus not constitute consent. In future, it should also be as easy for a person to withdraw consent as to give it.”
  6. Right to be informed in plain and clear language – MEPs have insisted that the new rules will put an end to “small print” privacy policies and that information should be given in clear and plain language before any data is collected.
  7. Clear limits on the use of profiling – new limits where automated processing of personal data is used to “analyse or predict a person’s performance at work, economic situation, location, health, preferences, reliability or behaviour”, including creditworthiness. Under the new regulation, profiling would generally only be allowed with the consent of the person concerned, where permitted by law or when needed to pursue a contract and should comprise a human element, including an expectation of the decision to be reached. MEPs also insisted that profiling should not lead to discrimination or be based solely on sensitive data, such as ethnic origin, political opinions, religion or sexual orientation.
  8. One law for the whole continent – one of the biggest attractions is that Europe will now be covered by one law, applied in the same way everywhere, instead of a patchwork of national ones. Eliminating the need to consult local lawyers in each country a business has dealings or premises will see direct cost savings as well as legal certainty. Savings from dealing with one pan-European law rather than 28 are estimated at €2.3bn per year.
  9. Regulatory one-stop shop – businesses will only have to deal with one regulatory body rather than 28, making it simpler and cheaper for companies to do business in the EU.
  10. The new rules promote techniques such as anonymisation (removing personally identifiable information where it is not needed), pseudonymisation (replacing personally identifiable material with artificial identifiers), and encryption (encoding messages so only those authorised can read it) to protect personal data.

Overall, the new data protection rules give businesses opportunities to remove the lack of trust that can affect people’s engagement through innovative uses of personal data, while giving individuals clear, effective information about what their data is being used for will help build trust in analytics and innovation for the benefit of all.

The new rules will be backed up by harsh sanctions including fines of up to 4pc of a company’s global turnover if they don’t comply.

UK’s data protection body issues GDPR guidance on consent

The Information Commissioner in the UK has drafted guidelines for what businesses and organisations handling personal data will need to do to comply with the new GDPR out for consultation.

In the draft guidance, the ICO notes that: “The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how you use their data.

“When consent is used properly, it helps you build trust and enhance your reputation.”

The draft guidance’s key points include:

• Doing consent well should put individuals in control, build customer trust and engagement, and enhance your reputation.

• Consent means offering individuals genuine choice and control.

• Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of consent by default.

• Explicit consent requires a very clear and specific statement of consent.

• Keep your consent requests separate from other terms and conditions.

• Be specific and granular. Vague or blanket consent is not enough.

• Be clear and concise.

• Name any third parties who will rely on the consent.

• Make it easy for people to withdraw consent and tell them how.

• Keep evidence of consent – who, when, how, and what you told people.

• Keep consent under review, and refresh it if anything changes.

• Avoid making consent a precondition of a service.

Overall, the draft guidance sets out how the ICO interprets the GDPR, key changes from existing data protection regulation, and its general recommended approach to compliance and good practice.

But it is also clear that the guidance will need to evolve both to take account of future guidelines issued by relevant European authorities, and according to experience once the law is in place from May of next year.

Ad-blocking up 30pc in 2016 as privacy becomes a hot button topic

A new worldwide report into ad-blocking has found that 615 million devices globally are blocking ads on the web.

To put that in context, that figure represents over one in ten people online, and is also up 30 per cent in 12 months.

The state of the blocked web survey, by Adblock, presents a combined picture of desktop and mobile adblock usage for the first time, and found that ad-blocking on mobile is exploding, particularly in Asia.

Key stats to be aware of:

  • 615 million devices now use adblock
  • 11% of the global internet population is blocking ads on the web
  • Adblock usage grew 30% globally in 2016
  • Mobile adblock usage grew by 108 million to reach 380 million devices
  • Desktop adblock usage grew by 34 million to reach 236 million devices
  • 74% of American adblock users say they leave sites with adblock walls
  • Adblock usage is now mainstream across all ages

Certainly privacy is one of the key drivers fuelling this phenomenon, as people tire of intrusive ads tracking them around the web, although the ads’ impact on page loading speed as well as bloated pages eating through data allowances are also significant factors.

So what does the ad-blocking surge mean for the privacy landscape?

Well, the numbers involved are obviously significant, which means we have a rapidly-growing online population that will modify online behaviour to avoid things that worry or irritate. And they’re doing it at scale, and across all devices, with the mobile ad-blocking increase predicted to hit North America and Europe next.

Also control is key – while this is not a revolt against digital advertising per se, rather the methods it employs, the internet population is increasingly showing it won’t be forced to watch or download things it doesn’t want to, because there is now another way.

With awareness around personal data issues also growing exponentially, this is heartening news – because the old ways are being disrupted in this industry, too, and technology such as digi.me is innovating in a way which again will benefit the consumer with minimal hassle to implement.

So all hail the ad-blocking army – user control and willingness to use a tech solution that shows a better way is good news for everyone driving the Personal Data Economy forward to a person-centred Internet of Me.

How sharing more personal data can lead to greater privacy online

The very concept of online privacy is often described as a myth, and while it’s not hard to see why, it’s more wrong now than it has ever been.

Yes, our personal data is scattered about the web, traded, sold on and held in multiple places that we can neither access nor delete – but the dominance of that situation will soon be the past, with the glorious forces of the Internet of Me riding in to replace it.

The IoM will enable all of us, no matter who we are, to take back control of our data and shape what happens to it and who is allowed to see it.

We don’t benefit from our data being traded at the moment, but the Internet of Me will flip that so that we are the primary beneficiaries, sharing that data on our own terms only when we are happy with what is offered in return.

And businesses win too, finally getting access to data that is 100 per cent accurate and rich in both depth and time – just what innovation needs. And society needs innovation, especially in areas such as health where a mass of accurate data can be hard to obtain.

Of course, online privacy has always been fluid when set against the norms of the offline world.

But the last decade has also seen personal perceptions of privacy change and evolve dramatically with the explosion in online services and social networks on which many of us regularly post huge amounts of personal information.

So how does all of this combine to create a more private world? The simple answer is technology, more specifically digi.me and other application advances that mean processing can be brought to the data, instead of data always having to be handed over.

At the very heart of the digi.me vision is the abilty for each individual having their data in a 100 per cent secure and private library under their control that we, the company, can never see, touch nor hold.

But the arrival soon of our Consented Access platform means you will be able to share your data with a company without it ever leaving your handset, as they can give permission for an app to simply run an algorithm over your data, which returns only the results and means the data never leaves your device.

More sharing, AND greater privacy for your data, is a pretty spectacular combination. And in addition to being more private, this body of data you collect through digi.me- which will shortly include financials and health – creates a body of information that is immensely more powerful than the sum of the parts scattered before this aggregation.

Incoming legislation called the GDPR will also shape this brave new world, creating much more user-centric stringent regulations on the collection of use of personal data, as well as substantial fines for non-compliance.

So privacy online becomes more about choice, with us as the guardians of our own privacy, choosing who else has access and on what terms.

There is no quick overall privacy fix, but one of the aims of digi.me will always be to return ever more privacy to its users and thus be the enablers of an increasingly private world.

Digi.me featured on Entrepreneur

Personal data and the lack of consumer trust and control over what is held by others is becoming one of the defining issues of our times.

And our founder and chairman Julian Ranger is now firmly established as an expert in how this can all be handled so much better than at present.

He is quoted extensively in this new Entrepreneur.com article looking at 4 Ways the Fight Over Data is Getting Way More Personal, which covers the fact Facebook effectively has a global monopoly as well as how new European regulation will change the face of personal data.

It also looks at how both technological advancements and public opinion are both challenging the status quo, with a focus on digi.me and its vision to bring back control to the user, putting them at the centre of their connected world in the Internet of Me.

It’s well worth reading in full, and is summed up by this very apt statement: “It will be exciting to see how entrepreneurs step into this space. In the same way that the Internet connected us in a way that few people could have imagined, returning data to its owners could change the Internet into a vastly different place yet again.”

Hurrah to that!

Positives to take from WhatsApp sharing personal data with Facebook

WhatsApp’s decision to start sharing user data with Facebook has rightly made waves around the world, mostly for the wrong reasons, but there are still positives we can take from the situation.

Firstly, WhatsApp was upfront about what it was planning to do, (handing over personal information including users’ phone numbers to Facebook as part of plans to allow businesses to message users, which will also allow Facebook to better target ads). Now, they may well have thought they couldn’t hide it even if they wanted to, as it required a change to their privacy policy, but still – openness about what companies are doing with personal data is always to be commended, and will become a legal requirement for companies operating in the EU from 2018 when the GDPR comes in.

That said, of course, WhatsApp should never have forced this on their users, and opt-in would have been an immensely better decision. (If you want to opt out, see here for details regardless of whether you’ve accepted the new terms and conditions.)

Secondly, users and the media didn’t just take it lying down – there were multiple articles outlining why this was a mistake for WhatsApp and criticising both companies across not just tech outlets but respected mainstream media – so the days of people just shrugging when massive changes are made to privacy policies without consultation are over.

Thirdly – and arguably most importantly – those in charge of protecting and safeguarding our privacy are showing they have teeth (and plan to use them) with both the UK’s Information Commissioner and France’s CNIL saying they plan to look into the decision and would be following it ‘with great vigilance’. in addition to a complaint to the Federal Trades Commission from US privacy groups.

Fourth, and finally, there are (very early) signs that people aren’t as ready to be loyal to messaging platforms, even popular ones, with a wealth of online comment of WhatsApp users looking for other, more private, platforms, and mainstream articles such as this one in Mashable.

Obviously we all hope for less, rather than more, personal data sharing without our consent, and there’s rightly a lot of anger at this move. But a sea change is coming, where users will be the ones back in control of their data, sharing it on their terms, and the public visibility and understanding needed to help make that a reality is very much underway.

digi.me now available for free on iOS and Android

mobile digi.me

We are delighted to announce that a digi.me app is now available on the Apple App Store so everyone can see, search, save and share all their social media pictures and pins on the move.

digi.me has brought the best of its desktop application available on PC and Mac to mobile, so you can see all your Facebook, Instagram, Twitter, Flickr and Pinterest pictures and pins you’ve posted and liked in one place.

The digi.me app automatically shows you all your content, which you can browse through at leisure. It also features improved search as well as filtering functions so you can narrow down what you look for by keyword, platform post and type, person, time period, album, board or a combination of these.

When you have found what you are looking for or you have re-discovered a forgotten gem, one Swipe helps you save it to your device, send it in a message or email, see it in its original location, complete with likes and comments.  You can also save your favourite searches to come back to quickly and easily to the content or topics you are regularly looking for.

“The team have worked hard to make sure you get to the photo you’re looking for as quickly as you can think of it. We’ve had a lot of fun building, optimising and using the app and hope that is reflected in your day to day use”, said Pascal Wheeler, digi.me Chief Creative Officer.

“We’ve created widgets for Flashback, your posts, your likes, and photos you’re tagged in – and more are in development, so stay tuned!”

As with the digi.me desktop version, all user data remains wholly private as digi.me doesn’t see, touch or hold any of your information, which you download directly to your device or your personal cloud that only you have access to.

An Android version of the App has also been launched and can be downloaded here.

In pictures: a month in the life of digi.me

We always working hard to improve both our apps and personal data privacy in general – but we get around the world a bit as well!

julian-iceland

Our founder and chairman Julian Ranger is in demand as a privacy expert and speaker worldwide, and here he is speaking at a conference on the future of data in banking in Iceland…

Icelandic-press

…and making the Icelandic press with our defining vision of the Internet of Me, where the individual is at the centre of their connected life.

jim-julian-tongham

The digi.me team are based all over the world – but a meet-up near our Farnham HQ was a welcome chance to catch up as well as discuss strategy for the (exciting) year ahead. Our EVP North America Jim Pasquale here with Julian…

rory-jim-tongham

…and our CEO Rory Donnelly…

jim-designers-tongham

…and meeting some of our developers (and making them laugh, he’s a funny guy!)

pascal-jim-tongham(1)

There was time for a few photos (here with Chief Creative Officer Pascal Wheeler)…

julian-jim-un

…before he and Julian headed back to New York for the UN ID2020 event…

julian-jim-un-again

… a global initiative looking at how to provide legal identity and inclusion for trafficked people, refugees, children and disaster relief victims

rory-tnw-launchpad

Rory presenting digi.me at The Next Web’s Super Launchpad in Amsterdam…

rory-tnw

…before taking charge of the stand in the Microsoft booth demonstrating our app to eager attendees