Attitudes to privacy have come a long way in the tech world since it was famously declared a thing of the past by Facebook’s CEO Mark Zuckerberg – it’s safe to say that privacy is ‘back’, if it ever really went away, and certainly now a primary consideration by consumers and governments. During last year’s implementation of GDPR across the EU, data privacy was barely out of the headlines, as companies sought to navigate the new regulation and a continent’s inboxes were inundated with updates explaining how much more privacy they now enjoyed. Since then, the preoccupation has never really subsided again – perhaps that process forced us to wonder, if our data was suddenly so secure, quite what was happening to it before. From the start of 2019 we saw the issue remain in the headlines – with Google’s 50 million euro fine for a lack of transparency in data handling – and throughout the year digital privacy became a mainstay of the media cycle.
It’s not just in Europe that this shift is in evidence, though. Now even in countries which have traditionally been seen as less concerned with privacy, we can see a change in emphasis. In China last week, for instance, the authorities asked internet companies to strengthen protection of personal data following indications of rising consumer anxiety. One recent report suggested that as many as 91% of over-the-top mobile apps in China were collecting more personal data than they needed to complete core functions, and the government is plainly convinced that dissatisfaction is growing at a rate sufficient to warrant national action. This has been particularly evident since September’s controversy over China’s own version of the FaceApp privacy storm, in which the app Zao allowed users to swap faces with celebrities, only for them to discover that it retained rights to use the images however it saw fit
In the US, the Senate has been holding hearings on new digital privacy laws designed to protect consumer privacy as everyday life becomes increasingly digital by default. One Senator’s demand to know what privacy protections had been put in place by Amazon subsidiary Ring – which produces a range of connected domestic surveillance cameras, and has multiple access agreements with local police forces – revealed that the company simply doesn’t see this as its responsibility. Amazon’s stable of such partnerships with police forces has been expanding briskly in recent months: from 405 at the end of August to 630 in mid-November, a rise of more than half over just ten weeks. This quiet growth in reach has led to concerns in the Senate that citizens’ privacy could, without their realising, be at risk as more and more police services – to which Ring grants access without requirements to delete data after any particular period – become able to request footage.
Ring’s response could be seen as a deflection, even a shrug of the shoulders: when asked about cameras pointed towards public spaces such as municipal sidewalks, the company said simply that “Ring’s Terms of Service state that users are responsible for their use of our products and services, including use in accordance with any applicable privacy laws”, and that “Ring includes a door/window sticker with each device that is equipped with audiovisual recording capabilities”, so that homeowners can notify anyone in the neighbourhood that they may be recorded. There is however no oversight or compliance programme in place, and this was clearly inadequate for the Senator asking the question: “Amazon Ring’s policies are an open door for privacy and civil liberty violations,” Markey said in a statement. “If you’re an adult walking your dog or a child playing on the sidewalk, you shouldn’t have to worry that Ring’s products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties.”
There’s a danger with attitudes like those expressed in Ring’s response that, as we head into another new year, the tech world as a whole could be viewed with increasing suspicion by consumers and the governments they elect. In the specific case of the mobile industry, that would be especially unfair – much of the mobile industry’s emphasis over the last year has been spent on providing alternatives in digital identity to the old norm of usernames and passwords, which according to Verizon are to blame for around 80% of all data breaches. A common refrain throughout last month’s MWC19 Los Angeles, in discussions of emerging platforms like Rich Communications Services, was to take seriously the emphasis consumer focus groups now place on privacy if these new ventures are to prove successful. And the inherent protections built into mobile operating systems mean that – according to one estimate at least, by mobile security firm Damballa, which monitors about half the mobile traffic in the US – you’re more likely to be struck by lightning than suffer a malware infection on your mobile device.
There is however plenty of work yet to do, and leading operators are increasingly recognising the scale of the challenge. As operators start to look beyond their traditional commercial horizons as providers of connectivity – moving increasingly into provision of connected services and platforms as the digital economy grows with the Internet of Things – they have a natural interest in reassuring users that their data is being treated with respect. As 2020 rolls into view, that emphasis will continue to play a major role in the work of the GSMA’s Identity programme – the digital economy relies on consumer confidence, and we are here to convene the mobile industry’s efforts to bring that about.