In an era of unprecedented global changes brought by the pandemic, our reliance on digital solutions has rapidly increased in every aspect of our lives; from shopping, working, education, to exercise, socialising and seeking healthcare. This abrupt change has meant that organisations and consumers have had to adapt quickly to new challenges by deploying or using digital solutions at pace.
I have been witness to this first-hand – as a mum of two children, the last 12 months have been particularly challenging in that my children have needed to adapt from classroom-based education to remote learning. Education software has been invaluable in continuing our children’s’ education during this time. Meanwhile, the increase in the use of digital solutions has also rocketed cyber-attacks and fraud as was highlighted in the Annual Review 2020 conducted by the National Cyber Security Centre. An increase in cases such as stolen credential-related hacking, ransomwares and phishing emails playing on the fear of the virus have been observed.
As we know, data is a highly valuable commodity. As we live a more digital life, the more data collected by big tech enterprises (our interests, likes, consumer behaviour, gender, job role, location, number of people in the household etc.), the more accurate they can predict our behaviour and the more powerful their nudges can be.
Everything we do online has a digital footprint and this information continues to be accessed, used and sold without our knowledge and consent. Totallymoney.com conducted research in June 2016 to identify the price third party companies would pay for personal data used in marketing campaigns. They found that most of our personal information can be purchased for £0.45p.
How can organisations protect consumers’ data and be more transparent in the information age?
- Training employees: Continuously educate employees about new threats and encourage them to report unusual emails, behaviour or content to IT.
- Security Patching: Invest in patch assessment tools to ensure operating systems and applications are up-to-date with the latest security fixes.
- Use of removable storage devices: Put in place a device control strategy to identify and control the use of removable storage devices to avoid data loss prevention.
- Security: Ensure business continuity plans in place and there is a secure cloud strategy.
- Privacy notices: Communicate clearly to customers about how their personal information is collected and what is done with it. Be creative in how this is communicated so that it is easily understood (e.g. use of engaging videos).
- Consent: Make informed consent a priority.
What can we do to protect ourselves?
- Strong Passwords: We need to secure our accounts with passwords that contain a mixture of numbers, words and characters.
- Cookies: Clearing out our cookie caches and browser histories can prevent ad networks from collecting too much information about us.
- Shopping: When making purchases, we must make sure the website has https:// in the address bar.
- Security: Security updates must be applied to our devices when available.
- Anti-Virus: We must install anti-virus software and scan regularly.
What’s on the horizon for improving consumer protection?
Within the next 12 months, we could hope to finally see the long-awaited ePrivacy Regulation adopted by the European Union although it’s not yet known whether the UK will implement this regulation.
The ePrivacy Regulation, when it’s enforced, will include stricter cookie rules, requiring explicit consent from consumers to opt-in for information to be used for different purposes, such as consent to receive marketing material, which would be beneficial to everyone.
Whilst much of the proposals are not yet enforced enshrined in law, they are going in the right direction for consumer protection, such as:
- The requirement for new players providing electronic communication services such as Whatsapp / Facebook Messenger to ensure that their services guarantee the same level of confidentiality of communications as traditional telecoms operators.
- Simpler and user-friendly rules on cookies to stop internet users from being overloaded by consent requests.
- More effective and stringent enforcement regime to align with GDPR.
The Information Commissioner’s Office (ICO) announced on 22 January 2021 that their advertising technology (adtech) investigation will resume. The investigation will seek to address significant concerns about how information is processed, used and shared. The ICO will provide an appropriate regulatory response when completed.
Online services accessible by children
The ICO published the Children’s Code (Age Appropriate Design Code for online services), which came into force on 2 September 2020 and organisations should conform by 2 September 2021. This code outlines the expectations to:
- Create an open, transparent and protected place for children when online.
- Follow specific standards and consider best interests of children when developing or providing online services likely to be accessed by children.
As the collection of our digital information continues to grow, consumers need to be able to exert more control over their data and for this to happen, organisations need to be increasingly transparent in how they handle consumers’ data.
Speak to one of Gemserv’s Data Protection experts to assess how your personal data or organisation’s data is being used firstname.lastname@example.org