February 2019 - Data Protection & Privacy

The Fairy Tale of Transparent Data Protection

Particularly in times of data theft, the GDPR, and increasing digitalization, data protection is becoming more and more important for society at large. Yannick Schneeweiss from Hornetsecurity looks at how to increase the level of data protection of online services without making them too complicated for the user.

The Fairy Tale of Transparent Data Protection

© anyaberkut | istockphoto.com

“I have read and agree to the data protection policy.” – We have probably all been confronted with a sentence such as this in the digital world. However, quite a few feel a bit queasy as they set the required check mark. Is there any reason for doubt? What happens to my data if I agree to the conditions and what difference does it make if the provider is based in a foreign country? 

These are just a few of the many questions that Internet users ask themselves over and over again. The fact that in many cases the questions remain unanswered is not only due to the fact that it would often take too long to understand the data protection regulations written in the finest legalese or the corresponding legal texts. Often consumers simply cannot or do not want to miss out on certain services and therefore most find it difficult to decline the declaration.

The balancing act between data protection and usability

In a study initiated by the German industry association Bitkom, more than two thirds of the participants admitted they do not know how to protect their data on the Internet. 

90 percent believe that the privacy statements of online services are confusing and 87 percent use services although they do not trust them. At this point, it is clear that there are still too many unanswered questions about data protection.

Although the new General Data Protection Regulation (GDPR) is a real beacon project in terms of data security, it also causes confusion among users and providers. The requirements are far too complex for those who must implement them, and far too complicated for those whose data are to be protected. Long story short: Data protection needs to be more transparent and standardized. Because is there really someone out there who reads the privacy policy of every new provider they use? Or a provider who knows exactly what they are allowed to do with the obtained data? In most cases, this question would probably be answered with a “no”.

The gray area of data protection - is this still legal?

It is almost impossible to browse the Internet anonymously. However, it is still very surprising how much online services know about us and what they use this information for. It is generally assumed, for example, that smartphone apps can eavesdrop on us. Users report that they are shown tailored online advertising even though they have only talked about a product. Therefore, many suspect that our smartphones are constantly listening to us anytime and anywhere. But is that even possible, not to mention legal? Yes and no.

It is indeed the case that users are “wiretapped”. One provider has developed a software especially for this purpose and sells it to app designers. Experts have been able to confirm that this software is part of about 1,000 apps offered in the Google Playstore. These apps are often games or other apps that don’t require access to the microphone. However, when reading through the data protection terms, it becomes apparent that users, in consequence, agree to this questionable procedure. According to the software provider, only ambient noises or the sound of the television, for example, are listened to, not human voices. To what extent this is the case, cannot be said. The fact is, there is more data passed on about us to third parties than we actually know.

When there is convenience, there is no data protection 

“After all, users have to consider what’s more important to them: convenience and functionality or privacy,” says Cornelia Dlugos, editor at the German online magazine t3n. Indeed, she is right about that, because most of the convenience that we have on the Internet is only made possible by Big Data. You should consider that, as users, all Google services do not cost us a cent. We simply pay with our data.

The process of collecting data takes place in several different ways.

The most popular data collection method is the use of “cookies”. These have absolutely nothing to do with the sweet pastry but are tiny text files that contain information about us and are accessed by web servers. This allows website operators or the services they cooperate with to display customized advertising – a profitable business. As the operators know, it is far too time-consuming for the single user to read the cookie guidelines before accessing a website. Especially since it often cannot be proven whether service providers actually comply with data protection regulations.

In conclusion: Transparency is still limited in many places

Reliable data protection is essential in an increasingly digital and globalized world. But what is the point of strict data protection laws, such as the General Data Protection Regulation, if they are too complex to understand and implement? In addition, there are international differences in regulations and legal requirements. Without actually having read the data protection regulations, the single user cannot be sure about which standards his or her data will be processed in accordance with.

Cross-border, strict data protection laws, such as those now in force in the European Union thanks to the GDPR, are a step in the right direction, but still are not enough. Because now, for example, suppliers based in the USA are left behind and have to adapt to the strict legal situation that applies to their European customers. 

Not everyone could or intended to go along with this step, which is why some companies have decided to shut down their services in the European Union. As a result, the diversity offered to the consumer suffers. At this point, there need to be globally applicable, uniform principles for the processing of data. Users would then only have to deal with the topic once and would know how their data is being processed at all times.

Yannick Schneeweiss works as an online editor for the German IT security company Hornetsecurity. After successful completion of his apprenticeship as a Marketing Communications Specialist, he works as editor in the cloud security industry. In addition to editorial content, he is also responsible for the company's website.

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.