The data reckoning has arrived. We’re already too familiar with the breach headlines: Equifax, Under Armour, Target. But in 2018, social media brands came under the spotlight as well: half a million accounts’ data were inadvertently exposed in Google+, and another 29 million users’ data in the Facebook breach this fall.
The repercussions of these breaches go far beyond just one service because social authentication is used with thousands of connected apps. How often have we all clicked “Sign-in with [insert social media platform]” out of convenience, instead of creating a new account?
While it’s unlikely social media companies expected to be a custodian of millions of individuals’ personal data when they first got started, after the recent revelations, it’s clear that’s what Facebook, Google, and LinkedIn do today. Consumers have been rushing to reset passwords, disconnect services from Facebook, even shut down their social media accounts. And Google+ no longer exists in its previous form.
Amid the chaos looms a larger set of questions: what is our digital identity? Who is the custodian of that information? And what rights do we, as citizens of the digital globe, have?
These are the real issues consumers need control of, and urgently.
What makes up your digital identity
To start, we need to fully consider what defines personal information. Is it your credit card number? It’s not – your credit card number is an identifier, a number that matches you to your banking information. You wouldn’t panic about losing your shipping tracking number (for most things, anyway; I’ll let your mom’s birthday gift slide). Identifying numbers like our driver’s licenses, social security numbers, and more should all be treated like that shipping number.
Instead, as people have more complex interactions online and share how they think and interact with the digital world, we’ve entered a different era than the one in which social security numbers were first printed on paper cards that couldn’t even be laminated, and passwords or PINs were the only gate needed to protect our information.
Today, software companies understand what you like; they gather biometric information like your fingerprint or heart rate; they listen to your voice commands and learn your cadence. They have a wealth of knowledge beyond identifying numbers that get at the crux of who we are as individuals. You should care far more about protecting this information.
The dual responsibility of identity custodians
Data (including data about you) is proliferating at an incredible rate: 90 percent of the world’s data was generated over the last two years alone, and 2.5 quintillion bytes of data are created every day.
Companies need to understand what information they are collecting, especially when other services might be collecting it for them (all the companies panicking about GDPR are examples of those that did not have a good handle on this), and be required to be clearer about what information of yours they’ll be sharing as a part of the consent process.
The consent process also recognizes and places equal value on the two core parties in this social contract: the individual who decides who can access information, and the receiver who uses that information for commercial ends.
A company also shouldn’t be able to exclude you from their services unless you say yes to their terms; closing this ‘bully loophole’ is another key to the safeguards needed to ensure consumer protections are maintained with meaningful consequences for failing to do so.
Know (and fight for) your data rights
Social media organizations are not — and have never been — in the business of protecting your identity. For them, your data is their business model. Whether it’s personal data being given away or data being stolen, neither is acceptable.
Consider the vast amounts of personal information that different services hold for us, and be mindful of what you give other organizations access to. Give your consent with caution, and consider alternate identity stores as the core of your connected digital ecosystem (full transparency, my company is in the business of enterprise identity).
There’s too much at stake when it comes to our online identities. The dangers of not protecting our information are staggering, growing every millisecond. We need to take action – as consumers, as technology companies, and as a global community – to have a serious conversation about the ramifications of who holds our personal information, and with whom it’s being shared.
Take back control before it’s too late.