We are living in an age that is brimming with contradictions. Around the world, people are embracing new and exciting technologies that are improving our quality of life and changing how our societies function. At the same time, there's a growing backlash about the erosion of privacy rights as we surrender more and more information into the digital realm.
With the Internet of Things (IoT) poised to dramatically scale up the amount and types of personal data that flow through the internet, it's clear that we're heading for a showdown between technology companies and privacy rights advocates. The question is, how much privacy are we willing to sacrifice in the name of advancement? If the recently enacted privacy legislation in the EU is any indication, the answer is not very much. Here's a look at where the border between technology and privacy currently stands, and where it might be going in the near future.
An uneasy balance
Lately, it has been hard to get through an entire week without hearing about some new controversy about user data being surreptitiously collected, used, or mishandled. Facebook, in particular, has been under fire in the US and the EU over its data collection practices. At the same time though, more people than ever trust their information to Facebook and other multinational tech companies, and master of data science programs online are filled with eager students seeking to cash in on the big data revolution. The tech giants, for their part, claim that there's nothing nefarious in their data collection and use practices, but nobody seems to believe them. That has also fueled a rise in the usage of VPN services by private internet users.
Privacy sleight of hand
In the EU, the concept of online user data privacy has come to the fore in a way not yet seen in most of the rest of the world. On May 25, the General Data Protection Regulation (GDPR) went into effect throughout the EU. Among other things, the law stipulates new requirements regarding user consent and even mandates the creation of the position of Data Protection Officer in companies that process certain amounts or types of user data. At the time of this writing, there are still websites that cannot be accessed in the EU while their owners figure out how (or whether) to comply with the GDPR. Notably, Facebook altered their terms of service to avoid compliance with the GDPR for over 1.5 billion users.
We don't yet know if avoidance strategies like the ones mentioned above will actually succeed in evading the sprawling reach of the GDPR. If either strategy does, it won't be long before other companies follow suit rather than face new data handling oversight or large fines. The flight from the EU would undoubtedly start a chain reaction that would push lawmakers in the US into enacting similar privacy legislation to close the evasion loopholes. At the same time, advances in quantum computing could render existing encryption methods insecure but also introduce new, unhackable communication methods.
The future of digital privacy
It seems like a foregone conclusion at this point that users are going to demand data privacy protections as we move forward, and that governments around the world will have to comply with their demands. The reality, though, is that digital privacy is always going to remain a moving target. Businesses will always push privacy boundaries, and most individuals won't notice until there's a big, public incident to draw their attention. There also can be no universal solution to the problem in a world where most users would agree to any data collection policy, no matter how broad, without any real scrutiny. That means that the future of digital privacy is going to remain in the hands of big tech companies, who will be expected to do the right thing - even if they are never given concrete means to determine what the right thing is.