Basic ways to help protect your personal data online
Because what happens on your phone doesn’t stay on your phone
Your Instagram stories don't necessarily disappear, Shazam can track your location and Air Canada records your screen while you use their iPhone app. In other words, what happens on your phone doesn't always stay on your phone.
Social media companies, corporations and governments are tracking your location, your internet use, conversations and (whether intentionally or inadvertently), your passport and credit card numbers.
According to a 2016 survey by the Office of the Privacy Commissioner of Canada, 92 per cent of Canadians are at least somewhat concerned about their privacy, but how aware are you really when it comes to how much information you're giving away — and to whom?
The cellphone data food chain
"Mobile phones are actually full computers," says Joel Reardon, an assistant professor at the University of Calgary who specializes in mobile security and privacy. "They're storing a lot of very personal information."
This includes information captured by your phone's audio and video sensors, he says, which enable it to know what you're seeing and hearing, or its location sensors, which allow it to tap into your GPS coordinates and your WiFi network information.
When you install an app, it might request permission to access this information — and potentially much more. Reardon has designed a database that allows you to search Android apps by name to see what information these apps are accessing via your phone. He's come across apps that track your phone number, contact list, calendar entries, your phone's storage and all the apps you've downloaded.
Apps can also track your IP address, your router's serial number and, Reardon adds, even your phone's IMEI (which cell phones use to connect to cell towers). What's more, phones have their own unique advertising identifiers, which allow a profile to be built of your activity across apps.
"You're just amalgamating all of these little micro-reports about a person's behaviour as they go and live their life," says Reardon. Altogether, these bits of information — socio-demographic information and more — create what amounts to a very unique digital fingerprint.
Some apps also share this data with built-in third-party ad and analytics libraries that analyze it and sell it further down the data line. To whom is unclear, says Reardon.
The more companies know, says Andrew Peek, CEO of Toronto-based AI startup, Delphia, the more effectively they can sell us anything, be it political candidates or ideas themselves.
And gathering data isn't limited to private corporations. Ontario's Metrolinx can store information collected from Presto cards for five years or more and they don't require a warrant to hand it over to authorities.
"You have no idea how the data is being used and in what context, [and] it can come back to bite you," says Ann Cavoukian, former Information and Privacy Commissioner of Ontario and the mind behind Privacy by Design. "That's why you have to be so protective of your information."
Breaking the data chain isn't always as easy as just deleting an app or disabling tracking functions. Sometimes, Reardon explains, it will require a new SIM card, a factory reset or buying a new phone altogether.
And yet, if you do want to take more control over your data there are things you can do. "Never give up," says Cavoukian. "There are always new means by which we can put this stuff under control."
How to minimize your data exposure and raise your awareness
Take a digital hygiene class like this one run by the Toronto Public Library.
Streamline your apps and change your settings
"You don't even need to ever actually use an app for it to be collecting information about you," says Reardon. Some apps start tracking as you turn on your phone. Delete any apps you don't use, and adjust the privacy settings and access for the ones you keep. Ask yourself: Does Yelp really need to know your location all the time or only when you're using it?
Talk to your friends and family about privacy expectations
One of the biggest challenges to consolidating your apps is the fact that we use different tools to communicate with different people in our lives. Cavoukian encourages people to speak to their friends and family about their privacy concerns and agree on a solution for sharing information and keeping it private. Maybe you'll use email instead of social media to keep in touch or check in with each other before sharing photos publicly.
Use open source apps and software
"The simplest, easiest thing to do to drastically change the collection of private information from you is to use open source software," says Reardon. He uses Signal for messaging. Cavoukian uses search engine DuckDuckGo. You can also find open source internet browsers, email providers and file sharing programs. Because the code behind open source software is available for anyone to see, the security and privacy of that program is, in theory, being reviewed by many more coders and experts, to confirm it's secure, than a closed source program.
Read the privacy policy and terms and conditions for just one app
Brenda McPhail, director of the Privacy, Technology & Surveillance Project at the Canadian Civil Liberties Association recommends picking just one service that you use a lot and reviewing the privacy policy and terms of service. If you don't like what you read, let the makers know by sending them an email.
Let your government representatives know that privacy is important to you
In California, Governor Gavin Newsom has announced his intention for a data dividend that gives Californians a share of the wealth that tech companies in the state have amassed using their data.
Canada has a number of regulations governing privacy at the federal and provincial levels, including those contained in PIPEDA, the Personal Information Protection and Electronic Documents Act. If you're concerned about your privacy, reach out to your municipal, provincial and federal representatives, or make a formal complaint to the federal Privacy Commissioner.
Try a "dumb phone"
If you're ready to really go cold turkey, "dumb phones" allow you to make calls and send texts without all the features (and tracking) of a smartphone.
Join services that pay you for your data directly
Delphia takes users' existing social and digital footprint, as well as user questionnaires about attitudes, values and beliefs, and models the two to make trend predictions. It then sells these predictions (free of any personal identifiers) to hedge funds, asset managers and brands, maintaining users' privacy and rewarding them with a cut of the profits.
The future of privacy
Delphia is just one example of a business model that sources "ethical" or "clean" data from consenting users, who are then compensated. As the idea of personal information as property takes hold, says Cavoukian, the value of data will grow, necessitating "a fair price" for consumers.
"What would the world look like if people were building products and services using your data but for you [and] to your advantage?" asks Peek. "Rather than trying to swim upstream and stop the flow of data, we are going to make meaningful progress if we think about it through that lens."
As the nuances of potentially implementing a pay-for-data business model get worked out, Peek says we need to do more to support fledgling companies, making it possible for them to invest more time in the adoption of technology that protects individuals' privacy.
While some updates were made to PIPEDA last year, Cavoukian says there's still more to be done, stating that laws play an important role in conveying expectations but often lag behind technology. She says we also need "companies to develop strong measures to protect the privacy of their customers." Doing so will build loyalty and give companies a competitive advantage, she says. "It's a privacy and business interest. We have to do both."
Eva Voinigescu is a freelance journalist and producer. She writes about health and science, careers, and culture.