Tips for securing your privacy in a digital environment

Worth considering

1. It is possible that some groups online are trying to influence your opinions and behaviour with targeted content. This content may attempt to, for example, make you stop voting or vote for a specific political party.

Influencing people’s opinions, thoughts and behaviour has always been done. The internet is a powerful tool for quickly and effectively reaching a lot of people. Different groups might want to, for example, make you stop smoking or vote for a specific political party.

2. Governments set the rules for how data is shared by companies and other entities that collect your data. In Europe, the GDPR has had an effect on how personal data is used and shared. Such regulations have global effects, as data moves across country borders.

3. Imagine a future where your consent is needed for companies and other entities to collect and use your data. Companies could share their customer data with one other and exploit that data to offer more innovative and personalised services, with your consent.

For example, your digital well-being application could combine information on your grocery shopping, sleeping habits, sports activities and health, and offer you more personalised well-being services.

What should you know?

4. The GDPR, the General Data Protection Regulation, is a set of rules that companies operating in the EU need to follow to protect personal data.

The GDPR gives you the following rights, among others:

• The right to have access to any personal data the service provider has collected from you.
• The right to have any personal data collected from you corrected or updated.
• The right to have any personal data collected from you deleted.
• The right to move any personal data from one system to another.
• The right to know how and for what purpose your personal data is used.
• The right to be informed when there is a service provider data breach involving your data.
• The right to restrict the handling of your personal data, especially where automated decision-making is concerned.

More information about the GDPR is available here: www.gdprexplained.eu.

5. Under the General Data Protection Regulation, the service provider must supply the details of the data collected on you (incl. the profiling information) when requested. The first service provider usually discloses data on you to third parties and for this reason, you should also ask them about the collection of the data. The third parties concerned should be listed in the privacy statement of the main service provider. If you do not receive any replies to your information requests, you can contact the Office of the Data Protection Ombudsman for further measures.

6. Whatever you do online can potentially be used by a service to learn something about you and your behaviour. This data is raw material for profiling.

Profiling helps service providers tailor a service to match your needs. For example, a service may show you options that are similar to choices you have previously made.

A profile is made up of assumptions about the preferences, abilities or needs of an individual or a group of individuals. It is based on an analysis of, for example, a user’s browsing history, updates on social media, products bought online and registered customer information.

According to the European General Data Protection Regulation, profiling data is to be regarded as personal data, even though the data may not strictly represent factual information.

7. According to the European General Data Protection Regulation, data profiles are regarded as personal data, even though it is partly made up of assumptions. You have the right to ask and be informed about what kind of profiles service providers have created on you.

8. Private browsing does not make you unknown on the internet. Your ISP, employer, or website can still track which websites you visit.

9. Cookies are a necessary tool for building modern internet services. It is good to understand how they are used.

• “When I accept a cookie for one service, only that service can track my data”. This option is incorrect.
  • When you visit a website, you are a target for both first and third-party cookies. First-party cookies originate from (or are sent to) the website you’re currently viewing. Third-party cookies originate from websites that are using third-party advertising and they may track your online habits for marketing purposes.
• “When I shop online the contents of my shopping cart are stored in a cookie.” This option is correct.
• “Blocking cookies is the most effective way I can prevent the tracking of my data, but then I will not be able to use some websites. If you want to block or clear cookies, go to your browser’s settings.” This option is correct.

10. One example of a data-driven business is a “freemium” service, where you only need to pay if you use the more advanced features of the products, or if you use more content and more often (such as digital media).

The data economy has different business models. Here are some examples.

• Product development. Most or all services collect user data to improve their products and services. Understanding how services are used helps companies to price their products and provide better services. Collected data can also be used to create new products and business revenue.
• Advertising. Targeted advertising is more likely to lead to a sale than untargeted advertising. You can get offers that are more relevant to you.
• Selling data. In the EU, the GDPR ensures that organisations require your permission to sell your personal data. The permission request is usually embedded in the privacy policy or in the terms and conditions. If you do not agree with the terms or conditions, you may not be able to use the service.
• Data-driven service. Data can also be used as a core part of a service. For example, fitness trackers, rings and wristbands collect health data. Map services use customers’ location data to offer personalised tips on road conditions such as traffic congestion.
• The data broker. There are several data broker companies that buy consumer data, analyse it and sell it on. Some of them started before personal computers existed, but the internet era has made data collection easier.

11. In many cases, data on you collected by the main service provider (such as a newspaper) may be disclosed to the service provider’s partners. Read the terms and conditions of the service or the cookie notices to find out how you can influence the data flows.

12. It is possible to deduce a lot of information about a user, such as the name, postal address, mobile number and purchase history, from digital trails, technical information and publicly available personal data. All that information is part of a user profile that may be used to assess users’ purchasing power.

What can you do?

13. Consider whether you let service providers know your location all the time. When you have location tracking on, services running on your device can store information and know where you have been. If you want to limit services storing data about your whereabouts, the best solution is to turn off your phone’s location services (GPS and related functionalities) completely when you do not need them.

14. As with anything, location features may have positive and negative impacts. The most common reason for you to need location data is when you use a map on your device to find a place or search for directions. Also, if you lose your device, the location feature might help you locate the lost device. However, services running on your device can store information and know where you are when you have location tracking on all the time. Therefore, you can turn the location feature off when you do not need it.

15. Question the motives of humorous and free services. Most of the light-hearted tests you see on social media are designed to collect your data.

Humorous tests are often data collection tools. They harvest data from the respondents to teach artificial intelligence and to support the service provider’s business. For example, if you download your photo to see how you might look in 20 years, the service could use your data to create advertisements or train face-recognition algorithms.

16. Respect others and their data by letting them decide what to share online. Asking permission is an easy first step.

17. It is recommended that all cookies are cleared regularly to delete your browsing history.

Cookies are small pieces of information a website can ask your web browser to store on your computer or mobile device. This information helps the website to remember your preferences or your contact information. However, it might be used to track your use of the site, too.
A simple online search will tell you how to clear cookies on your browser!

18. Think twice before using your social media account to log into another service. This gives permission for these services to share your data with each other.

19. Be active in protecting your personal data! Checking the privacy settings of each application you are using is recommended to stay safe online. Many online services offer extensive privacy settings. Changing these settings can do a lot to protect your privacy.

20. By installing an adblocker in your browser, you can block the connection between your browser and the ad server. The adblocker either blocks all advertisements or prevents the browser from downloading them altogether. The user will not see the advertisements but is able to view all other media content.

21. Always read the privacy policy if you do not know the service provider. It explains how the service provider plans to protect your privacy and says a lot about the reliability of the service provider. Especially with free services, it is good to have a look at the privacy policy to see how the service provider protects your data and to consider the risks with the data you need to share.