Privacy issue in today’s technology driven world is one of the major concerns for everyone involved. After various scandals that have come to light in the recent times including the Cambridge Analytica Scandal, the danger of data breaches and misuse of personal data has become a glaring thought to all those who hadn’t even considered the need for privacy before.
APIs and data privacy have been key topics of recent discussions, especially when things go wrong. You only need to look back to the Cambridge Analytica scandal to see the high-level of criticism that was leveled against Facebook’s Open Graph API, which enabled the former to collate user information. Web APIs underpin much of the modern web, but they also have a unique role to play. An increasing number of services provide APIs that give third parties – such as apps, website developers and advertisers – direct or indirect access to data about a service’s users.
Today even the common man is rightfully concerned with how and where his personal information is being stored and used by the companies that have access to it. The government has made many attempts to regulate the use of online data but there is still a lack of clarity on who really owns all this data in practice.
It is needless to remind everyone today that any thoughtless act done online, is etched in stone forever in the unforgiving digital world. Sexting rings are one such example of instances where nude pictures of teenage girls and boys are shared among countless people who keep them as trophies and further share them innumerable times not giving a second thought to the fact that the said girls or boys will eventually grow up and other than just their self-esteem, their professional and personal lives may be ruined forever. Apps like Instagarm and Facebook make everything even worse by perpetuating the need among the youngsters to show everyone the larger than life image that they are trying to project.
Apart from paying for your own online mistakes forever, the issue of the ease with which one can access other people’s personal information through the online medium can also not be ignored. It is said that getting information from the internet is like drinking water from a tap- too easy! The existence of large databases like Linkedin, Yahoo, Drop Box, JP Morgan to name a few where billions of personal accounts have been hacked just goes on to prove that tons of personal information is being leaked on an everyday basis.
Even though it might seem that it’s too late to set the clock right, all is not lost. We need to establish clearer rules and higher standards of protections for the future generations to come and though 2004 - the year when the Facebook was launched just seems yesterday, we have come a long way and are still trying to find our foothold in the digital world.
Marlon Brando has rightly said, “privacy is not something I am entitled to, it’s an absolute prerequisite!”
We know that our privacy must be protected at all costs, yet we do everything in our power to spread our own private information across the world voluntarily. In the age of Instagram and Facebook, we do everything we can to negate our privacy and tell people everything we do, from eating to sleeping, traveling and even having relationships! A lot of people seem happy to let random strangers track their location at all times and know exactly what they’re doing, what they like and the people they meet. Can security and laws really do something to protect people’s privacy, when everyone is actively providing so much unnecessary information about his or her personal life to everybody out there?
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” These words said by Tim Cook, Apple’s CEO, scary though they might sound, depict the exact status of today’s conditions. The importance of securing one’s own device, just like we lock and secure our other worldly possessions like our house or jewelry cannot be over-emphasized. There are still innumerable people out there who fail to install a proper anti-virus system on their devices and use jaded passwords like-“12345”!
Even though it is very inspiring to read quotes like today’s employee is tomorrow’s employer, many of us fail to appreciate the fact that tomorrow’s employer may become a competitor of yesterday’s employer, and still have access to his former company’s data. Customer data is very frequently shared with multiple service providers, and employees might unknowingly grant access to corporate and private data. Even the simplest video conferencing tool might require access to users’ contacts and calendars, which can include sensitive data such as customer information. In fact, a lot of hacks that occurred in the years 2018 and 2019- the period right before the onset of the pandemic, were due to former employees of companies hacked who still had some form of access to their system. IT departments need easier ways to track which tools are in use by whom and make sure all the private data of former employees as well as their access to the company’s system is deleted when they leave the company.
The companies who use and further illegally share the personal information of their clients must also remember that- “If you make customers unhappy in the physical world, they might each tell 6 friends but if you make customers unhappy on the Internet, they can each tell 6,000 friends.”
Keeping their customers happy and protecting their personal information is not only the moral obligation of such companies, it is also the legal right of the customers. It further needs to be kept in mind that private info can be sold, but once someone pays for it, it cannot be bought back and hence needs to be handled with extreme caution.
In today’s free market approach, where the customer is the king, the companies and organizations are also starting to understand how much their assets are endangered if they cannot provide their customers with sufficient reassurance.
Just like every dark cloud comes with a silver lining, all is not bad with the digital world. Collecting data for marketing purposes is not necessarily a bad thing if it’s done in an ethical and straightforward way. Everybody enjoys the many benefits of targeted ads nowadays. Moreover, privacy means different things to different people. In the words of Steve Jobs, “Privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.”
In other words, there might be people who say, it is much better to be informed about all the products we want and the trends we care for, than being overwhelmed by a massive amount of spammy and non-relevant ads. Without the info that we agreed to exchange with them, countless extremely useful online services and apps could not exist at all.
Companies need our data to offer us a better service, after all, and get all the feedback they need to improve their products. At the end of the day, one cannot have the benefits of a medicine without enduring its bad taste! Information must be exchanged and shared for the sake of progress and in order to move ahead. Medical information, for example, shouldn’t be kept private. As Craig Venter explained, being able to share medical info immediately and without unnecessary filters may save a lot of human beings as it will speed up research.
There are innumerable instances of medical emergencies such as the pandemic that the world just experienced and is still reeling under the shock of, where there is no time to get into the cumbersome privacy policies. There is a wealth of information regarding a patient’s diagnosis, symptoms and state of health that needs to be shared with everyone for the sake of the greater good with no need to disclose personal or sensitive information.
The need of the hour today is not to stop sharing our Information. That cannot be done. That is regressive and is like trying to put the chick back in its shell. What needs to be done today is that the consumer needs to become more conscious of their rights to privacy and data regulations and further the businesses need to take data security more seriously.
API owners must consistently evaluate their security to ensure they are staying compliant. API access requests from third parties need to be properly scrutinized and vetted before granting access, to ensure that data is shared appropriately. At the same time, internal policies around API usage must be clear and comprehensive for third-party users, to avoid confusion. The API owners also need to regularly audit the usage of their internal user-base so that any API consumers using data inappropriately may be identified and removed.
Likewise, setting up monitoring in the API management layer can improve the security of the platform as a whole. While speed and agility may be a primary focus for developers in the API economy, security associated with data management can no longer be an afterthought.”
As Lisa Rapp, Vice President of Data Ethics at LiveRamp, has said, “This level of collaboration and commitment to accountability needs to be the “default setting” of any organization that uses data about people.” Until this is done, we are still very far from truly reaping the benefits of the digital world.