Privacy about our personal data continues to be a hot topic, as governments and organisations continue to streamline processes to capitalise on the abundance of data and regulate it.
In an interview with TODAY, Professor Simon Chesterman, dean of the National University of Singapore (NUS) Faculty of Law, has commented that “Everyone claims to care about privacy in theory, but then in practice they share the most intimate details of their life with telco companies, or through social media, the whole world.” Clearly, data privacy affects all of us and we should be paying more attention to it.
Let’s understand how personal information is collected and used by companies, and what regulations are in place currently. We will also give suggestions to better secure your personal data online.
How and what data are collected
Internet data including searches, visited webpages, the accounts you follow and interact with, the posts you like
The value of data is contentious and intangible. It also varies depending on the quality and authenticity. There are two possible ways of estimating the value of ads. The first way is to measure how much data is approximately worth to platforms and companies through ad revenues. In 2020, internet advertising turned US$139.8 billion in revenue.
We can also use something called the CPM (cost per thousand views), which is a metric used to measure how much advertisers spend per 1000 views to have their ads seen on Youtube, to estimate the value of our data. Singapore’s CPM is US$17.75, placing us quite high on the list, meaning advertisers value our data quite highly.
The second way we can approximate the value of data is through the amount paid by companies in acquisitions. This is particularly insightful if we look at acquisitions of companies whose value comes primarily from their ability to collect user data. For example, Facebook’s acquisition of Instagram in 2012 for US$1 billion can be attributed to wanting to consolidate their hold of being ‘the’ social media, and to be able tap into Instagram’s advertising business model.
Different forms of personal data command different prices
Credit, medical history
In the public internet and dark web, criminals peddling personal Identifiable Information (PII) such as healthcare records fetch US$250.15 per person, while payment details and banking records fetch US$5.40 and US$4.12 respectively, according to Trustware.
Email address, personal phone number, address, web accounts
On the dark web, a hacked Instagram account is worth US$45, a USA selfie with ID is worth US$100, and a stolen PayPal account details with a minimum of US$100 is worth US$30, based on research done by Privacy Affairs.
Data on different groups of people can also command different price tags
Mackeeper, the utility software, conducted an analysis of whose data is worth the most. The value of an 18-24 year old’s basic information including age, email address and location is worth the highest at US$0.36 per person, compared to around US$0.11 per person for 24-44 year olds.
While it might seem like there will be significant differences in value of an individual’s data based on income, it only spikes at around US$120,000 – US$149,999 in annual income.
What companies can and cannot use it for
Typically, data is used to 1) generate income, 2) reduce cost, and/or 3) improve public welfare and sector efficiency. Broadly speaking, personal data is most commonly used in advertising and predictive analytics.
Advertising – targeted ads reduce advertising cost and increase efficiency for companies
Apps can collect and share anything from your personal information and user content, to your search and browsing history.
According to pCloud, 52% of apps share your data with third parties. Instagram tops the list, sharing 79% of your data including everything from purchasing information, personal data, and browsing history. Another article by the Daily Wire states that TikTok shares the most data with third-party applications. Other sites such as YouTube share 42% of your data, while Facebook gives away 57%. LinkedIn also sells off 50% of the information they collect.
Predictive Analytics – companies can use data to identify new trends, assess market readiness, and refine products
These companies also use the data they collect for their own marketing purposes. The data these apps use can range from your date of birth to offer you discounts on the day encouraging you to make a purchase, through to the times you usually use the app. If Grab, for example, knows you’re often browsing at 10am on a Saturday, they’ll know when to hit you with ads.
Wired wrote a review of TikTok’s handling of your data. One of the most common social apps in Singapore, Tiktok collects information such as the device you are using, your location, IP address, search history, the content of your messages, what you’re viewing and for how long.
From this information, TikTok is able to infer your age range, gender and interests. It’s concerning to think about just how much such corporations know about you, simply from your use of their application.
What are the regulations in place?
The Personal Data Protection Act (PDPA) in Singapore regulates data collection, organisations handling data and secures individuals’ autonomy over data collected. For example, consent is required for most data collected, and its purpose must be limited to what is disclosed to the individual. Individuals can also access and change their data upon request.
Data may not be retained once its purpose has expired, and cannot be transferred to other countries haphazardly.
The General Data Protection Regulation (GDPR) in European Union protect sensitive information from being exploited or collected without content:
- Explicit opt-in consent from users
- The right to request data from companies
- The right to have your data deleted
It also imposes security obligations on companies handling your data, meaning they have to secure it adequately.
The California Consumer Privacy Act (CCPA) is the general data protection act in the United States, which specifically protects personal data including Social Security number, banking details, and health records, which the Health Insurance Portability and Accountability Act (HIPAA) also does.
Finally, the Gramm–Leach–Bliley Act (GLBA) in the US is imposed on financial institutions to explain how they handle and secure financial data, ensuring that they have adequate securities in place for such sensitive information.
Governments are not the only ones attempting to regulate data privacy. Apple’s new laws force apps to obtain permission from iPhone users before they are allowed to track those users for the purpose of offering targeted advertisements or sharing information with data brokers.
How can you protect your data?
According to Geekflare, there are multiple ways that we might protect our sensitive data on an individual level. The main ones are to:
1. Manage and organise confidential information
Orderly management of files ensures that you do not accidentally delete or share any sensitive data unintentionally.
Do not transfer confidential documents from work to your personal device. Usually, the office network has a firewall in place and security measures to prevent confidential data from being accessed.
2. Encrypt files and your device
Encrypting your files ensures that your files cannot be accessed by others when they’re being transferred.
To encrypt your device:
- For Windows: Settings > Update & Security > Device encryption
- For macOS: System Preferences -> Security & Privacy -> FileVault
- For Android and iOS, if you are using a password/passcode, the device is automatically encrypted.
3. Use password manager, and enable 2FA (two-factor authentication)
managers help you to make and remember secure passwords, and are usually available cross-platform. That means you will have to remember just one master password instead of several.
You should also enable Two-Factor Authentication (2FA) whenever possible.
4. Backup Your Data
This is so that if your sensitive data is breached and corrupted, you have a backup to refer to. A physical storage drive or USB drive can hold the backup data. You may also opt for cloud secure backup options.
5. Use a VPN When On Public Wi-Fi
If you are working remotely and connected to a public Wi-Fi network, an attacker may snoop on your activity. Using a VPN will give you extra protection against such snooping.
6. Keep Your Operating System Up-to-Date
Running an outdated operating system can compromise your data, especially if the older versions were patched because they were prone to security breaches. As much as possible, update your operating systems to fully protect against such compromises.
Your data is important and valuable. Companies use it for their own marketing and research purposes, and often share them with third parties as well. There are broad regulations in place for individuals to have more autonomy over their personal data, but it is not sufficient to rely on them alone. To protect your data well, we recommend encrypting it, keeping your systems up to data and managing your passwords well.