Skip to content

Privacy Settings are a Privacy Failure

January 5, 2016

The EU GDPR (General Data Protection Regulation) being written into statute this month explicitly calls for those storing or operating on personal data to follow the 7 principles of Privacy by Design.  The 2nd principle of which is “Privacy as the Default Setting”.

If you follow the simple logic that all operations on your or my personal data are private by default, then really, there is no need for privacy settings – none. In fact the number and complexity of privacy settings can be directly correlated to the inherent lack of privacy in the platform or product you are using, generally driven by the platform providers business model of the monetisation of you.

As an app developer who fully embraces these principles, it is notable that our Krowd app has no privacy settings function in the app.  By starting with respect for peoples data such that we treat it as if owned by the individual, which means maintaining provenance of all data and meta-data and derived (analytic) data, then every share has to become an explicit opt-in decision by the user, plus the app interface should make it clear what is being communicated with whom for what purpose. This is the essence of privacy.  Privacy is a function of control of what is shared with whom and why, it is not a lack of sharing.

Maintaining provenance also allows us to follow another GDPR principle – the right to delete.  Something incumbent platform providers will find almost impossible to implement in principle without having tracked provenance.

When the business model of a social platform, like Facebook, is to monetise who you are, then they have to start with the basic assumption that everything you share belongs to them not to you, as does how and when you share (meta data) and what information can be derived (through analytics) from the aggregate of all this data. Hence Facebook’s privacy policy makes it clear, all your data belongs to them.  They use privacy settings as a means to tick legal box requirements and to give a limited level of control over some of the data (none of the meta data or derived data, something that will get challenged in the future we suspect) back to the individual. On the flip side this also means that there is literally an infinite number of ways they might use your data in a manner that you may feel breaches your privacy.  Hence their platform, challenged by the latest GDPR legislation, ends up with an ever increasingly complex set of privacy settings – a list that will only get more complex over time, eventually (if it has not already) defeating the very objective of user empowerment with control over the use of ‘their’ data through those very settings.

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: