2012 will be something of a watershed for privacy. The new EU ‘Cookie Directive’ will begin to come into force in earnest. The Directive requires companies: to notify consumers that cookies are on their website; say what they do – i.e. what information they access, where; get permission from consumers for that access. Eight EU countries have already started to implement it, many with lead in times to enable compliance in recognition of the significant actions needed.
The Federal Trade Commission in the USA has recently published a report on Apps targeted at children and is requiring the industry to change its ways on disclosure, clarity, permission and enforcement of existing privacy laws. It is also amending its regulations on Dot Com Disclosures in 2012. The recent legal ruling against an App developer was described as a warning call to the industry about the enforcement of COPPA (Children Online Privacy Protection Act).
Apps, smart phones and tablets, social networking, and the internet have fundamentally changed how we organise our lives, stay in touch, shop, have fun – almost everything. The scale and speed of growth coupled with the growing invasiveness of Apps and cookies, plus high levels of unawareness but growing concerns about privacy among consumers and the new legislative environment are creating a hive of activity.
In 2008, when the App store was first launched, there were about 600 apps. Now there are about 500,000 on Apple and 380,000 on Android – and rising every day. To date some 28 billion downloads have generated not just large fortunes for some, but vast amounts of personal data.
Meanwhile smart phones continue to spread, albeit unevenly around the globe. 27% of all mobiles worldwide are smart phones, but account for 63% of sales in the US and about 51% of sales in the EU, but less than 20% in Asia, Africa/ Middle East and Latin America – for now.
The popularity and ease of use of tablets and touch phones mean that children are also high users, with hundreds of Apps targeting them either directly or via their parents. According to one study children use apps 77% for play, 57% for learning, and 55% for entertainment.
The myth, until recently, was that young people were less concerned about privacy, were happy to disclose everything: that myth is being dispelled. Ignorance and naivety rather than anything else are the issue. A research study in the US established that young people’s concerns and actions were very similar to those of older adults – 88% refusing to give information they felt was too personal; similar numbers wanted people to ask permission before loading a photo of them; 2/3 saying the right to know what a website knows is important and the vast majority wanting the right to remove data. What differed was their level of unawareness about the law. This unawareness is borne out by a separate study which established that significant numbers of young people did not know about or understand how to manage cookies.
‘Apps are an unregulated wild west’. But not for much longer it would seem.
Apps can enable companies to collect not only information that the user actively supplies when registering, but far, far more: basically any information that is on the device in question. Current and history of location – step by step; Unique Device Identifier, phone number and contact list plus call log – in some instances even the ability to monitor calls in progress and initiate calls; other stored information such as emails, texts and photos. Again, some can even enable photos to be taken from the device. If consumers use apps and register them via Facebook, that information and their usage data is shared – music plays, Saturday evening plans, the news they read. As one commentator described it, ‘Apps are an unregulated wild west’. But not for much longer it would seem.
The public inquiry into the News International phone hacking scandal in the UK continues to receive high levels of publicity and raise concerns on many levels. But in this context, what is significant is that the revelation that a young murder victim’s phone was hacked and her voicemails accessed in pursuit of a story, caused outrage.
While on one level there is no comparison with the horror of that story, on another there is. The public inquiry is raising awareness of deliberate hacking and access for profit, and demonstrating that it is possible; it is raising a general base level of concern with which other concerns will react. The growing publicity about and consumer understanding of the level of access which Apps are providing to truly personal content, on a personal device, and their ability to activate that device for their own profit could trigger a wave of reaction and action. Publicity campaigns by newspapers or pressure groups could find fertile ground and enable ‘buycotts’ or encourage widespread participation in hacktivist attacks on app stores, or specific providers.
The regulators are planning to get tough, and if public concern grows could get tougher. Many industry players are describing the new privacy regulations as the death of the internet; that the ease of use and convenience we have come to expect will disappear in a welter of cumbersome permissions. But the regulations require easy-to-find and easy-to-understand information about what is collected and active permission.
…free apps, adverts, and information come at a price and that price until now has been personal information.
Companies will need to be clear about their own responsibilities, policies and interventions. They will need to be as innovative in finding solutions to giving consumers protection and an understanding of what is happening, as they have been in developing Apps to help us in so many other ways. Easy it may be not; possible certainly and essential, absolutely; and good practice is beginning to emerge.
Consumers may also need to change their ways. They may need to recognise that there is no such thing as a free lunch: free apps, adverts, and information come at a price and that price until now has been personal information. If we value our personal data, we may need to be willing to recognise the value of other information. We may be seeing not just the beginning of a new era of privacy, but also a fundamental shift in how we value other forms of valuable information. If taht were the case, 2012 would truly be a watershed.
By Sheila Moorcroft
Sheila has over 20 years experience helping clients capitalise on change – identifying changes in their business environment, assessing the implications and responding effectively to them. As Research Director at Shaping Tomorrow she has completed many futures projects on topics as diverse as health care, telecommunications, innovation management, and premium products for clients in the public and private sectors. Sheila also writes a weekly Trend Alert to highlight changes that might affect a wide range of organisations. www.ShapingTomorrow.com