Facebook landed in hot water recently following reports that data from the service was harvested by third parties.
Political consulting firm Cambridge Analytica was accused of using the data while working on Donald Trump’s campaign to become US President.
It disputed the allegations, saying it used data from other sources.
South Africa has also seen its own large-scale leaks of personal data, with over 75 million unique records exposed when Jigsaw Holdings left a database unprotected on a web server.
Having your personal information leaked online as part of the “Master Deeds” database in 2017 is upsetting, but SensePost CTO Dominic White said credit unions sell such data for a small fee.
Compared to the Master Deeds leak, the data from credit unions will also be more complete and up-to-date, said White.
This raises the question: With so much of our personal information readily available, why even worry about protecting it?
Personal data for sale
“There’s a lot of data out there, but let’s not pretend it’s all the data, or that all the data that matters,” White told MyBroadband.
White said there is a great philosophical argument for privacy as intimacy, rather than weaker formulations like “the right to be forgotten”.
“Knowing my phone number and getting spammed by insurance brokers is irritating. Combining my phone number with my social profile to infer an economic level to modify loan conditions is creepily discriminatory. But a human being surveilling conversations between me and my wife or children is… horrifying,” he said.
The other reason to care about protecting your personal information online is because consumers can insist on changes, said White.
“We can change the status quo. Just because anyone could rob you, doesn’t mean you shouldn’t put up walls and try make it harder in the future.”
He argued that people should care about the whole data broking ecosystem, though, and not selectively target people like Cambridge Analytica or Jigsaw Holdings when news of their leaks is reported.
“We’re just playing outrage whack-a-mole,” said White.
He said legislation like South Africa’s Protection of Personal Information Act or the European Union’s GDPR helps by putting in robust consent, anti-aggregation, and disclosure in place.
However, banks will still require you to consent to sharing your data with credit unions.
“Next, we need to make it so you can meaningfully opt out, without also opting out of the economy,” said White.