Digital applications often offer the convenience of personalized use. Often it remains unclear what happens with the data.
Everyone can question habits
Each:r can choose trustworthy- and privacy-friendly services
Each:r can establish new routine(s)
Digital data traces on the net
The spread of digital technologies poses new challenges for citizens in terms of data protection. Almost every activity on the Internet, be it a search query, the use of social media or online shopping, leaves behind data traces. The transfer of data to third parties has become a profitable business model for website operators. Data trading is flourishing. In addition to the many opportunities arising from the consolidation and linking of digital data from various sources, this also enables conclusions to be drawn about users. Our paper on Internet tracking shows how digital data is collected and used to create user profiles.
Asking citizens about how they handle their personal data reveals various aspects. Despite a general awareness of the disclosure of personal data on the Internet, however, knowledge of this disclosure has little effect on actual usage behavior. What is the reason for this apparent contradiction? In a representative survey we commissioned in December 2017, only 2 percent of respondents said that data protection was not important to them. However, 70 percent reveal that they don’t know how to protect their data. It is therefore not surprising that effective self-data protection is still not widespread: Only 16 percent of respondents restrict the use of location services on mobile devices, only 15 percent modify settings in their web browsers, only 4 percent use search engines that do not store data, and only 2 percent use ad blockers.
Strengthening competence in self-data protection
To build skills and empower citizens to protect their own data, we need information about effective self-protection strategies and tips on what to look for when purchasing and using devices and applications.
Self-data protection is about exercising the rights to one’s own data and deciding for oneself whether to share it. Under the heading of data care, we presented some universal principles in our impulse paper Data Carefulness – A New(ly) Look at Self-Data Protection. Self-data protection starts with questioning one’s own habits in dealing with digital data. Simple strategies such as data minimization, interruption of continuity, use of pseudonyms and encrypted services can provide citizens with more informational self-determination in the long run. In dealing with these strategies, new routines in self-data protection can thus be established.
The convenience offered by the personalized use of digital applications has a downside. Further use of data (by website operators or data brokers) often remains unclear. In the graphic, we see different everyday situations in which data protection aspects come into play: the reference to the terms and conditions for website use, which no one reads because of their length, the offer to log in with one’s social media profile instead of creating a new customer profile, the invitation to participate in a sweepstake and to disclose extensive personal data for this purpose. The implementation of simple protection routines enables informational self-determination. These principles are universally effective.
Establish new protection routines
With the call for data mindfulness, we invite a conscious consideration of the extent to which the disclosure of which data in which contexts is necessary and meaningful for which (individual or public welfare-oriented) purposes. Data minimization means avoiding information that is not necessary to be personally identifiable. Modifying settings in browsers, apps and devices and deleting data reduces the possibilities for linking personal data and breaks the continuity of profiles. The use of pseudonyms can be used to separate different roles and contexts on the Net from one another. Data care also includes the use of services with built-in encryption.
For the use and purchase of devices and applications, this means that self-data protection is also linked to the selection of suitable products. Products that take privacy principles into account are based on Privacy Enhancing Technologies Privacy Enhancing Technologies .
Privacy Enhancing Technologies (PETs) is a collective term for technologies designed to protect privacy. This includes technologies to anonymize or. Pseudonymization of identities, integrated encryption, prevention of unintentional tracking, transparency and control of one’s own data, confidential communication, and guarantee of user consent to data collection and processing that is clearly based on explicit consent, and other measures. The main objectives are to ensure data economy and data security, purpose limitation and lawfulness of the processing of personal data.