Don't eat the forbidden cookie

4 March 2020  PRIVACY

From a few seemingly mundane data points to thousands, from anonymous to identified. Our increasingly naive attitude toward data collection is allowing companies to get to know us in the most personal and intimate way.

In this digital world, companies possess a hoarder-like mentality when it comes to collecting and storing user data. Some enterprises even make it their sole business to collect and monetize online activity. This reality that we consumers have simply learned to accept is leading to dangerous outcomes for our privacy.

They know everything about you

It only takes a few pieces of information to identify a specific person. You may think that since you don’t share your name, address, or phone number, you’re safe. Unfortunately, you’re not.

Research shows that it only takes four anonymized data points out of a collected set to identify a specific person. For example, if you click on four ads, make four credit card purchases, or visit four different locations.

But your data doesn’t get collected here and there in such tiny batches. Companies have thousands of data points on you alone. And while that information may have become “anonymized” by deleting any uniquely identifiable details, with just a few of them, you can be re-identified, not just in that series but potentially across all data ever collected. Suddenly, someone can ascertain an astonishing amount about you.

Read more: TechCrunch, “Researchers spotlight the lie of ‘anonymous’ data”

The worldwide cookie dilemma

Does the message “by continuing, you agree to our use of cookies” look familiar? Cookies are the means by which websites track and gather user data, and agreeing to this multiple times daily means that you’re leaving breadcrumbs of personal, identifiable information all over the internet.

When the GDPR (Europe’s General Data Protection Regulation) came into effect in 2018, companies that wanted to collect user information that otherwise wasn’t strictly necessary for the website’s functionality were suddenly required to notify website visitors of the use of such cookies and gain their active consent.

Not all cookies are used in this way. Some are essential to technical functions (like logging in to a website or adding an item to a cart) and do not need your consent. Therefore, any website that asks for cookie consent is, by definition, collecting unnecessary data about its visitors. These days, that can seem like the entire World Wide Web, and many are all too quick to click “I agree” without giving second thought to the consequences.

Read more: The Guardian, “'Anonymised' data can never be totally anonymous, says study”

Returning to anonymity requires a change in mindset

It’s pretty clear that we have a digital-age problem. Knowing just a few uninteresting facts about someone immediately leads to knowing all there is to know. We haven’t even examined what happens when data sets (i.e. you) fall victim to a security hack.

Credit card purchases, browsing history, clicks, views  all of our internet activity is impossible to keep anonymous. That’s why adopting a mindset of collecting and retaining as little data as possible is the only solution that works today.

Keeping unnecessary data should strictly be forbidden. If we continue down the current path, a society built on surveillance and control is just over the horizon.

Read more