"Digital privacy does not really exist": Q & A on data privacy around the world

Our latest survey revealed that the world's leading data privacy regulator was treating the companies it was supposed to regulate, endangering the privacy of billions of people around the world, including hundreds of millions of people around the world. United States.

Journalist Nick Vinocur answered the reader's questions on Reddit about his findings and their significance for data privacy around the world. Delivery: you should be worried.

History continues below

We have reproduced some of the main questions and answers below, slightly modified for brevity and clarity.

Question
Are you surprised by what you found in your survey?
Reply
Much of what came out of the report surprised me, especially with regard to Facebook's audit by Ireland in 2011. This was the most in-depth review of the practices of the privacy firm to date and raised issues that only came up later. For example, the Irish regulator pointed out that Facebook needed to improve job filtering applications, a central issue in the Cambridge Analytica scandal. But the regulator gave Facebook an irreproachable health check less than a year later. … What happened? This is a big question. Then there was everything the regulator had not done: a Google survey, sending regulators to Facebook or any enforcement action regarding known breaches of privacy.

Question
How has the GDPR allowed Facebook to restart sharing WhatsApp user data?
Reply
I agree that it's pretty disconcerting. When the RGPD came into force, it essentially replaced any legal precedent for data privacy across the EU. Thus, regardless of the prohibitions in force on specific issues of this type, they have become moot. Facebook then claimed that he was getting "consent" for facial recognition on the site, but the way in which consent was collected was problematic. It was not an easy option yes or no. This allowed them to bring back the tool, with the tacit approval of the Irish regulator.

Question
The GDPR seems to be better than what the United States has. Have you studied the need for privacy protection in the United States?
Reply
I fully agree that the GDPR is much better than the US because there is currently no federal privacy regulation. There is a law in California and another in the state of Washington that may be killed this weekend (!). In the latter case, we saw how the big tech companies, namely Microsoft, were heavily involved in the drafting of the bill and had in principle eliminated the threat of serious sanctions. At the same time, a survey of the Federal Trade Commission on Facebook and the Cambridge Analytica scandal could give rise to a big fine, but these companies are so big that they can escape a big fine. What really matters is changing the behavior of companies, and that can only come through laws. P.S .: A big difference in the EU is that corporate lobbying is often less effective than in the US – especially when legislation is not going to affect a European company. The GDPR largely affects Americans.

Question
Is "digital confidentiality" still available? Is there a way to protect us or have we already passed the point of no return?
Reply
I would be inclined to answer: No, digital privacy does not really exist unless you completely cut yourself off from the Internet and major applications. Basically, when we go on the Internet, we leave a trail of monetized data, whether we like it or not. The GDPR is trying to solve this problem by requiring companies to obtain your explicit consent before taking your data. But the hard truth is that it is not applied this way.

Question
What is the biggest problem with the data privacy law right now? How could it be corrected?
Reply
There are many, but for me, it's probably the use of facial recognition for mass surveillance. Basically, no law currently prevents authorities from collecting your biometric data and putting it in a central database where it can be used to track or, if necessary, prevent you from traveling. This is already a reality in the Uyghur regions of China, but it is on the right track [EU and U.S.]. Europe, for example, is developing a database of travelers for third-country nationals, which will include biometric information. The United States already has one. Facebook has giant biometric information stores from your photos. Imagine combining that with state surveillance capabilities to track people.

Question
It seems to me that digital privacy is continually eroding around the world. Would you agree with that?
Reply
I agree. Just look at what is happening in China with mass surveillance and a social credit system – it's worrying. In Europe, we have strict rules, but they are applied very unevenly, if at all. There are also huge law enforcement exemptions that allow authorities to access, collect and process a large amount of data, even when rules such as the PGR should in principle stop them. Take a look at what the EU is preparing in terms of passenger register for non-European citizens.

Question
Is there anything that an average citizen can do about it?
Reply
For sure. If you care about how your personal data is used, you can advocate for a federal privacy law (I assume you reside in the United States). As the saying goes, sign a petition or simply call your MP or congressman. On a personal level, you can start paying attention to the consent collection pages on websites. You should have the opportunity to refuse to collect your data and to continue visiting the site. Otherwise, this site does not comply with the EU rules on data protection.