The Power of Privacy

At this juncture, it is no exaggeration to say that data, specifically personal data, is the lifeblood with which practically all businesses survive and thrive. Thanks to the increased availability of high-speed internet, the affordability of mobile devices, and less reliance on face-to-face transactions and brick-and-mortar stores due to the pandemic, almost all aspects of day-to-day life can now be accomplished virtually, from the mundane, to the cutting edge.

Whether it be something as simple as sending messages, to ordering food and buying groceries, booking rides, paying bills, sending and receiving money, doing government transactions, working from home, to consuming various forms of media, traversing virtual landscapes in video games, and yes, even gambling, almost everything can now be done online, no matter where you are, as long as you are connected to the internet.

Our very existence and how we live our lives are now manifested by the personal data that we use to identify ourselves and facilitate our dealings. The dark side of this reality is that the very same personal data we rely on may be used against us to rob us of our identities, our online abilities, our property, and perhaps, most noteworthy, our anonymity. What happens on the internet, stays on the internet. Somewhere out there in the ether of cyberspace, on a drive in some unknown data center lies who you are, the things that you’ve done online, and someone else may have access to that information.

In 2017, Scott McNealy, the former CEO of Sun Microsystems declared “You already have no privacy, get over it.” There are others who claim that privacy isn’t necessary if you have nothing to hide. To a lot of people, myself included, this way of thinking is simply wrong, unacceptable, and just plain dangerous. Providing your personal data for specific purposes shouldn’t mean a wholesale renunciation of your privacy. It shouldn’t be an “either-or” proposition.

To be perfectly honest, pursuing data privacy is an uphill battle of sorts. Not only have you take into consideration various threats, you still have to deal with the changing sensibilities of the times. Not so long ago we were taught as children not to talk to strangers, now we do it all the time on social media. We were warned as youths not to get into strangers’ cars, now we do it using ride sharing apps. We were told not to purchase things without seeing them first, now we do most of our shopping online. People nowadays have no compunctions over sharing almost everything, be it what they had for lunch, the places they’ve visited, or even their most innermost thoughts on social media platforms which for the most part are trusted blindly. The online landscape as it exists today is built on the expectation of trust, but too much trust can quickly be a bad thing.

As with all other aspects of human existence, there exists individuals and organizations who wouldn’t think twice over taking advantage of your trust. As data is indeed the lifeblood of this modern age, it can easily be used for personal or for commercial gain, with or without your permission. These uses can range from the benign and annoying, such as sending marketing text messages and emails, to the despicable, such as divulging confidential information, identity theft, online robbery, scams and confidence schemes, to holding the data of organizations hostage, or just wanton vandalism, and all of these can be done on a massive scale simply because of the reach of the internet.

Therein lies the importance of data privacy. Personal data is a necessary element of navigating modern society, but in unscrupulous hands, it can be weaponized and leave data subjects exploited, discriminated and victimized. With as many potential data subjects as there are people on this planet, and with information technology advancing by leaps and bounds, the dangers of ignoring data privacy are real, extensive and must be guarded against.

Privacy is recognized as a fundamental right in most modern democratic societies. Whether or not one has something to hide has nothing to do with the exercise of a right. Part of the exercise of that right is being able to exercise control on what your personal data is used for. Simply put, your data, your choice, thought it would seem that nowadays, the option to exercise anonymity has become limited. Current society is essentially built on surveillance, with everything from security cameras, web browsers, mobile phones, apps and social media tracking your every move.

The blunt truth is that there is no longer any way to be totally anonymous, from both a figurative and literal sense, and still be able to partake of the online conveniences of modern living. However, the law has imposed restrictions on how personal data may be collected and processed in order to protect the privacy rights of individuals…data subjects.

Entities which process your personal data...often referred to as personal information controllers or personal information processors, have to be transparent, collect and process only as much of your data as necessary to achieve the desired objectives, and can only process it if there is an appropriate lawful basis, such as consent, a contract, a law, or vital, national, or other legitimate interests.

Your privacy rights as a data subject include the right to be informed of how your data is processed, the right to access your data, the right to object to the collection and processing of your data, the right to have your data erased or blocked, the right to rectify your data if there are errors, the right to be able obtain, move, copy or transfer your data, and the right to complain.

As employees of organizations which also collects and processes personal data, we are bound by law to abide by these conditions with respect to the data subjects who avail of our products and services. It is not just expecting our own privacy to be respected, it comes full circle and we also have to respect the privacy of our stakeholders. Adopting this data protection mindset throughout an organization can be referred to as adopting a culture of privacy. Without this culture of privacy, privacy rights can be violated, personal data can be compromised, damage can be incurred by individuals and organizations, and in many jurisdictions, including the Philippines, laws can be violated, and with those violations, criminal penalties can be meted out.

Achieving a culture of data privacy is perhaps the most difficult of data privacy measures to be achieved, as it can only be accomplished slowly and gradually. While policies, on paper at least, can be implemented with the stroke of a pen, and technical safeguards can easily be procured, changing the culture of an organization is a lot more nuanced.?It’s not just awareness, education and training…it also requires acceptance…and these are things which just can’t be done overnight.

We are riding the crest of a huge wave towards data privacy, whether are aware of it or not. With the latest iteration of the internet known as Web 3.0 on the horizon, new paradigms such as blockchains, the Internet-Of-Things, artificial intelligence, quantum computing, and the metaverse will inevitably head towards the mainstream. In this environment, data privacy will not just be a necessity, it will be a business driver that will break enterprises if they are unable to keep up.

As an organization, we may have already made significant strides towards ensuring the privacy of our stakeholders, but often this is nowhere anything close towards what we truly need with what’s coming soon. While many businesses may be content to treat data privacy is a mere compliance item, data privacy has for some become a business advantage, and others will inevitably follow suit. Companies like Microsoft, Apple and Twitter have been touting privacy as a selling point in its products and services. Whether we opt to be prepared and move with the times, or allow ourselves to be blindsided, that’s up to us. All things being equal, it will be the enterprises that value data privacy in the third iteration of the web that will thrive. The rest will either be mired in regulatory compliance, or worse, lose its customer base, and thus its relevance.

Francis Bacon has stated that “knowledge itself is power” in his work Meditationes Sacrae. According to him, knowledge is the cornerstone of reputation and influence, and therefore power. While this still certainly holds up in the present day, with so much more information and potential threats at every turn, privacy has become a powerful concept in its own right, perhaps even more powerful than knowledge. Data has become commoditized to the point where it can be readily bought, traded or sold like any other resource. The power as envisioned by Bacon lies in the possession of knowledge, but with privacy, power now lies with the gatekeeping of knowledge. Governments and citizens everywhere have already started to figure this out, hence the demand for stronger privacy guarantees through greater regulation. Data subjects are no longer amenable to the unbridled use of personal data as fuel for big business. The irresponsible use of data to the detriment of the individuals who own that data is simply no longer acceptable.?

In this new archetype, power now lies with those who put the protection of data, and therefore of people, ahead of everything else. Best we be ready for what the future holds.

Privacy is power. What people don’t know, they can’t ruin. - Anonymous