Privacy Impact Assessment Guide: 7 Best Practices to Master PIAs
One of data privacy’s greatest challenges is that it can all feel...Read Now
June 23, 2023
“Privacy is dead.”
These days, it’s a sentiment we hear often. And though privacy experts don’t agree with it, the notion is an understandable one.
The saturation of social media in our lives coupled with increased online surveillance by data-hungry companies have sparked the belief that anonymity is lost. Feeling forever searchable and trackable erodes the idea that privacy still exists—especially when the collection and use of personal data has become so prolific in recent years.
In fact, a recent Pew Research study found that over 60% of Americans don’t believe it’s possible to go through life without companies or the government collecting personal data about them. As concerns like this and others shaped the digital landscape over the last decade, one authority stepped in to protect the public’s data privacy.
In 2018, the European Union developed what is now considered the gold standard when it comes to consumer privacy: the General Data Protection Regulation (GDPR). The regulation views data privacy as a human right, and it gives users greater control over their personal information and how it’s used. It does this through strict policies and laws that companies and institutions must follow when handling user data (or face fines and penalties). Other territories have since followed suit, one of the largest being the California Consumer Privacy Act/California Privacy Rights Act (CPRA).
And while these regulations have seen notable strides in privacy protection, some skeptics scoff at their efforts. Chiefly, they feel regulations like the GDPR are under-resourced and slow to enforce, but there seem to be clear reasons for that: The ways in which organizations must comply can be confusing, difficult to navigate, and tough to execute.
Some might argue this is all more fodder for the “privacy is dead” notion, but perhaps it’s something simpler—maybe it’s just what comes with being the guinea pig behind a universal (read: colossal) movement.
So, if privacy isn’t dead, what’s really happening? Through regulation, consumer awareness, and brand accountability, the power to protect privacy is returning to users’ hands.
Years ago, when the world associated privacy more closely with anonymity, the emerging internet threatened that. Thus, as the web evolved to become a daily staple, users sought online privacy by ultimately “masking” themselves to preserve anonymity. Still, despite their efforts, nearly 60% of internet users in 2013 started to believe masking their online footprint just wasn’t possible.
Fast forward to today’s online landscape, where users understand that any effort to wholly “mask” themselves is relatively fruitless. Personal information is out there, and many online users have come to accept it (Gen Z barely bats an eye). Alternatively, there’s a significant number of online users who still have great concerns about their online privacy (68%, according to an IAPP report).
No matter what side of the fence users fall on, collectively, they recognize that privacy does not equal anonymity. Instead, it looks more like being able to choose how private data is managed and ultimately respected.
At this point, being active and connected in the digital age means having some kind of online footprint. But thanks to ever-expanding regulations, it doesn’t mean privacy can’t be protected.
With an understanding of how companies collect and use data, users can now learn how to manage and protect it. Whether it’s requesting data deletion when they no longer want a company to have it or keeping data secure when they do allow it, data subjects now have more power over their private information.
Managing private data is possible for most things these days, from healthcare to social media to online shopping to streaming services. And the public’s expectations of how entities handle sensitive data are simple: Do it responsibly and, in the right circumstances, benefit users with what’s being collected (not just the other way around).
If your favorite show on Netflix is a ‘90s sitcom, you want the popular streaming service to know. That way, it can provide recommendations about similar shows. And when subscribing to Netflix, you expect it to keep payment information secure and your viewing history private (so no one can judge you about the fifth go-round of that ‘90s sitcom). You have trust, too, that Netflix won’t share your viewing information with third parties so targeted ads for ‘90s show swag aren’t hitting your inbox.
And if something feels “off” about how your data is being handled, current regulations allow you to take action by submitting a request for data inquiry, retrieval, adjustment, or removal.
It’s clear that, more than ever, people want agency over their information—and they’re willing to take measures to achieve that. According to the IAPP report, “consumers who are concerned about their privacy take real-world actions to protect it. Even consumers who stated they are not concerned with privacy take such actions.”
Luckily, the world’s regulations are helping the public leverage this right more and more. So how do organizations stay aligned and ultimately maintain compliance?
Even if the naysayers have a reason to balk at current regulations, one thing is true: Organizations are now faced with becoming accountable—or, at the very least, they’re having to think about it.
While some companies may not apply money or resources immediately to privacy protection, global regulations ask them to greatly consider it and, in many ways, already enforce it.
And while the IAPP reports that 35% of companies protect privacy solely to comply with said regulations, there are certainly other reasons to pull the trigger. Here’s why organizations protect data privacy, according to the IAPP:
So how can your company start its own data privacy journey?
Next up, create a user-friendly website that makes it easy for a consumer to exercise privacy rights on it. Additionally, train your employees on how to regularly communicate your privacy practices to consumers (via email, social, etc.). Sixty-one percent of IAPP respondents said this would also increase their trust.
It’s also smart to give users options: 62% of respondents said they wanted companies to hand over control of personal information associated with their accounts so they can update it themselves. Plus, instead of being opted in by default to data collection, processing, and use, consumers wish companies would allow them to opt in on their own.
Finally, find a trustworthy partner to help you navigate privacy regulations. Organizations like Osano can help. Starting your company’s data privacy path doesn’t have to be daunting or complicated: Osano provides a number of free resources to get you up to speed on compliance and, when you’re ready to take next steps, we offer solutions that help companies meet GDPR and CPRA requirements. Schedule a demo to learn more.
Rachael Ormiston is the Head of Privacy at Osano. With over 15 years of professional experience, she has deep domain expertise in Global Privacy, Cybersecurity, and Crisis and Incident Response. Rachael is an IAPP FIP and has previously served on the IAPP CIPM Exam Development board. She has a personal interest in privacy risk issues associated with emerging technologies.