Today, January 24, marks the beginning of what we are calling Data Privacy Week—an extended observation of Data Privacy Day, which is the annual, multinational event in which governments, companies, and schools can inform the public about how to protect their privacy online.
While we at Malwarebytes Labs appreciate this calendar reminder to address data privacy head-on, the truth is that data privacy is not a 24-hour talking point (or even a week-long talking point)—it is a discussion that has evolved for years, shaped by public opinion, corporate mishap, Congressional inquiry, and an increasingly-hungry online advertising regime that hoovers up the data of non-suspecting Internet users every day. And that’s not even mentioning the influence of threat actors.
The good news is that there are many ways that users can reclaim their privacy online, depending on what they hope to defend. For users who want to prevent their personally identifiable information from ending up in the hands of thieves, there are best practices in avoiding malicious links and emails. For users who want to hide their activity from their Internet Service Provider, VPNs can encrypt and obscure their traffic. For users who want to prevent online ads from following them across the Internet, a variety of browser plug-ins provide strong guardrails against this activity, and several privacy-forward web browsers include similar features by default. And for those who want to keep their private searches private, there are services online that do not use search data to serve up ads. Instead, they simply give users what they want: answers.
This week, as Malwarebytes begins to commemorate Data Privacy Day, so, too, will many others. First conceived in 2007 by the Council of Europe (as National Data Protection Day), the United States later adopted this annual public awareness campaign in 2009. It is now observed in Canada, Israel, and 47 other countries.
Importantly, Data Privacy Day serves as a reminder that data privacy should be a right, exercisable by all. It is not reserved for people who have something to hide. It is not a sole function for covering up wrong-doing.
It is, instead, for everyone.
Why does data privacy matter?
Privacy is core to a safer Internet. It protects who you are and what you look at, and it empowers you to go online with confidence. By protecting your data privacy, the sites you visit, the videos you watch, even the devices you favor, will be nobody’s business but your own.
Unfortunately, data privacy today is not the default.
Instead, everyday online activities lead to countless non-private moments for users, often by design. In these moments, someone, somewhere, is making a dollar off your compromised privacy.
When you sign up to use a major social media platform or mobile app, the companies behind them require you to sign an end-user license agreement that gives them near-total control over how your data is collected, stored, and shared.
Last year, the editorial board for The New York Times zeroed in on this power imbalance between companies and their users, in which companies “may feel emboldened to insert terms that advantage them at their customers’ expense.”
“That includes provisions that most consumers wouldn’t knowingly agree to: an inability to delete one’s own account, granting companies the right to claim credit for or alter their creative work, letting companies retain content even after a user deletes it, letting them gain access to a user’s full browsing history and giving them blanket indemnity.”
Separate from potentially overbearing user agreements, whenever you browse the Internet to read the news, shop online, watch videos, or post pictures, a cadre of data brokers slowly amass information to build profiles about your search history, age, location, interests, political affiliations, religious beliefs, sexual orientation, and more. In fact, some data brokers scour the web for public records, collating information about divorce and traffic records and tying it to your profile. The data brokers then serve as a middleman for advertisers, selling the opportunity to place an ad in front of a specific type of user.
Further, depending on where you live, your online activity may become the interest of your government, which could request more information about your Internet traffic from your Internet Service Provider. Or perhaps you’re attending a university that you think shouldn’t be looking at your Internet traffic, as you may be questioning your sexuality or personal beliefs. Who we are online has increasingly blurred with who we are offline, and you deserve as much privacy in one realm as in the other.
In every situation described above, users are better equipped when they know who is collecting their data and where that data is going. Without that knowledge, users risk entering into skewed agreements with the titans of the web, who have more resources and more time to enforce their rules, whether or not those rules are fair.
Are you fighting alone?
You are not alone in fighting to preserve your data privacy. In fact, there are three major bulwarks aiding you today.
First, many digital tools can help protect your online privacy:
- Several browser plug-ins can prevent online ad tracking across websites, and they can warn you about malicious websites looking to steal your sensitive information
- VPNs can prevent ISPs from getting detailed information about your Internet traffic
- Private search engines can keep your searches private and your search data away from any advertising schemes
- Privacy-forward web browsers can default to the most private setting, preventing advertisers from following you around the web and profiling your activity
Second, a variety of organizations routinely defend user rights by engaging directly with Congress members, advocating for better laws, and building grassroots coalitions. Electronic Frontier Foundation, American Civil Liberties Union, Fight for the Future, Common Sense Media, Privacy International, Access Now, and Human Rights Watch are just a few to remember.
Across the world, the legislative appetite for data privacy rights has outpaced the United States. Since May 2018, more than 450 million Europeans have been protected by the General Data Protection Regulation (GDPR), which demands strict controls over how their data is used and stored, and violations are punishable by stringent fines. That law’s impact cannot be understated. Following its passage, many countries began to follow suit, extending new rights of data protection, access, portability, and transparency to their residents.
Third, a handful of companies increasingly recognize the value of user privacy. Apple, Mozilla, Brave, DuckDuckGo, and Signal, among others, have become privacy champions for some users, implementing privacy features that have angered other companies, and sometimes pushing one another to do better. Companies that have taken missteps on user privacy, on the other hand, have drawn the ire of Congress and suffered dips in user numbers.
Through many of these developments, Malwarebytes has been there—providing thoughtful analysis on the Malwarebytes Labs blog and releasing products that can directly benefit user privacy. We know the companies who care, we talk to the advocates who fight, and we embrace a pro-user stance to guide us.
In fact, we spoke to a few privacy defenders in our special Data Privacy Day podcast last year, which you can listen to below in full.
The future of data privacy
Data privacy has only increased in importance for the public with every passing year. That means that next week, just like this week and the many weeks before, Malwarebytes will be there to defend and advocate for data privacy.
We will cover the developments that could help—or could be detrimental—to data privacy. We will release tools that can provide data privacy. We will talk to the experts in this field and we will routinely take pro-user stances because it is the right thing to do.
We look forward to helping you in this fight.