The internet gods handed me a lovely birthday gift last week as I went full viral for a tweet about Google’s acquisition of Fitbit.
FIXED: Google buys your health data for $2.1 billion. https://t.co/TpVwBRgYXQ
— Douglas A. Boneparth (@dougboneparth) November 1, 2019
Apparently, people are very sensitive about their data. And can you blame them? Here’s a list of notable data breaches this year alone:
Adobe Inc. | 7,500,000 | Poor Security |
Amazon Japan G.K. | n/a | Accidentally Uploaded |
Bulgarian Revenue Agency | 5,000,000+ | Hacked |
Canva | 140,000,000 | Hacked |
Capital One | 106,000,000 | Hacked |
Desjardins | 2,900,000 | Inside Job |
DoorDash | 4,900,000 | Hacked |
540,000,000 | Poor Security | |
1,500,000 | Accidentally Uploaded | |
First American Corporation | 885,000,000 | Poor Security |
Health Sciences Authority | 808,000 | Poor Security |
Justdial | 100,000,000 | Unprotected API |
Ministry of Health | 14,200 | Poor Security |
Mobile TeleSystems (MTS) | 100,000,000 | Poor Security |
Quest Diagnostics | 11,900,000 | Poor Security |
StockX | 6,800,000 | Hacked |
Truecaller | 299,055,000 | Unknown |
Universiti Teknologi MARA | 1,164,540 | Hacked |
Woodruff Arts Center | n/a | Poor Security |
Zynga | 218,000,000 | Hacked |
Westpac | 98,000 | Hacked |
In today’s digital world, the last thing you want is for your personally identifiable information (PII) ending up in the wrong hands. Ask anyone who’s had their identity stolen and they will tell you how much time, energy or money they’ve lost after it was absconded. Hearing their stories should make your sick to your stomach and think twice about who you’re trusting with your info, but I am willing to bet that it won’t and that you’ll continue blindly clicking “accept” to all future privacy policy notices that pop up on your screen.
Identity theft isn’t the only thing that gets people up in arms when it comes to their information. The 2016 election showed us just how scary things can get when large swaths of data are used to strategically target you on social media and the web. Platforms like Facebook seem to have no problem letting “advertisers” lie to you, especially when it comes to purveying news and disseminating information. We now need to worry about things like deep fakes–or the spreading of misinformation that looks and feels so real, you can barely separate it from the truth.
Some say this has all gone too far and that it’s high time we took back our data, placing ourselves in greater control of how it’s collected, used and sold. For many, the only alternative is saying goodbye (for now) to certain social media platforms, applications and businesses that have either violated their trust or couldn’t be trusted in the first place. I commend these data activists for taking matters into their own hands and fighting for reforms to data usage and privacy. Truly, I do.
Over in Europe, the EU implemented General Data Protection Regulation (GDPR) back in 2015. It’s a new set of rules designed to give citizens greater control over their personal data by simplifying the regulatory environment. GDPR aims to benefit both consumers and businesses by offering greater transparency and control over how data is used. Lagging behind our European counterparts, a handful of states are working on greater privacy protection laws. Congress has been trying to place together GDPR type legislation this year but, given the political climate, I wouldn’t hold my breath on seeing that any time soon.
Personally, I can’t help but feel a bit cynical when it comes to who has my data and what companies are doing with it. The truth is, I’ve been Google searching things before you knew what Google was. I’ve owned every iPhone since the original and now wear an Apple Watch. Hell, I even wore a Fitbit for a few months back when I though it was cool. Worse yet, I’m an original Facebook user and current Twitter addict. I’ve spread my personal information far and wide across the internet. At this point, I’m confident all the big names in big data own a piece of my digital life and I assume they’re doing whatever they want with it.
I know this sounds defeatist but, when it comes to my data, I feel like there’s not much I can do at this point. They’ve got me. It’s like the government sending a black ops team to crash through my bedroom window and extract me out from my warm bed in the middle of a cold dark night. I will say my goodbyes now because I’m guessing I won’t have access to the internet when I am being detained at Gitmo. At the risk of sounding like a complete conspiracy theorist/nut loon, I digress. But you get my point. There’s only so much I can do when I’ve already given up so much control.
Now, in the instance of Google buying Fitbit, Google arguably picked up a trove of personal data for a bargain. At the very least, they could use Fitbit’s location data to enhance their own mapping technology and location services. Maybe they’ll create a wearable device of their own to go along with their Pixel smartphone. Or perhaps they’re going big and set the stage for a massive play in the healthcare space. Don’t forget about Google’s funding of 23andMe, a privately held personal genomics and biotechnology company known for providing a direct-to-consumer genetic testing. Queue the Stranger Things theme song.
Whatever they do with the Fitbit data, I’m actually more intrigued to see what comes of it than I’m concerned about what they are using it for. While I’m sure someone will be happy to remind me of how naive I’m being, I also can’t ignore, if not admire, how Google’s products and services have enhanced my life. It makes me wonder if it’s worth being the product as long as I continue to receive things that make my life better. I know there are risks involved with where my data ends up, but am I off base for generally being okay with them?
I ultimately think everyone needs to determine how comfortable they are sharing their data with third parties and what actions they’re willing to take to protect it. My potentially extreme view is certainly not for everyone and even though I don’t worry about my data as much others might, it also doesn’t mean I don’t take protecting it seriously, especially when that data is someone else’s like my client’s.
Nonetheless, the big wheel of big data has been turning long before we’ve opened our eyes to it. We could waiting years before meaningful and practical reforms are put in place to protect us. In the meantime, we all must answer the question. Where do you draw the line with protecting your personal data today and what, if anything, are you going to do about it?
Come tell us how much candy you scored trick or treating over on Twitter:
Imagine not liking candy corn. pic.twitter.com/IIg0JpTTYG
— Douglas A. Boneparth (@dougboneparth) November 1, 2019