• Jonathan

We have a massive personal data problem, but ‘value’ is the real sticking point.

Updated: Mar 3, 2021

Any list of the tangible effects of a misuse of data, having a tangible effect on our lives would include the Cambridge Analytica scandal and the UK’s ISO authorities’ findings that Facebook was largely complacent in allowing one million user accounts to be harvested for information.

The penalty for this was £500,000, or roughly 1p per ‘hacked’ account. A tiny sum for a company which generates more than $70bn. To put this into perspective, the company generates this kind of cash every 4 minutes or so – it would have taken Zuckerberg longer to read the summary judgement, that to earn the cash to pay the fine.

Other industries have long faced fines which are proportional to the size of their business. In April 2017, VW was found to have mislead consumers and ‘cheated’ on emissions tests. Most governments-imposed fines which varied is size, but a fine of around $30,000 dollars per car become roughly standard, and VW eventually ended up shelling out around $33bn un compensation. Putting this in perspective, Facebook was fined the emissions test cheating equivalent of 20 family sized hatchbacks, your personal data about everything that you do, your habits, your friends and your behaviours, is valued 3 million times less by our legislation, than a gassy car is.

Now, emissions have serious repercussions which can result in premature death and cheating these should have consequences. But the difference in the magnitude of fines betrays a lack of respect for and understanding of, the impact that digital crimes can have. In the case of the misuse of personal data and the all-too-common data breaches, consequences can include anything from credit card phishing and loss of personal savings to de-railing of democracy.

But how prevalent is this problem?

To underline how commonplace these are, and how little repercussions there can be I urge you, right now, to go to the website https://haveibeenpwned.com and enter one of your email addresses.

Using my personal email, I have been subject to no less than 10 data breaches in the last two years, which include Canva in May 2019, Covve in Feb 2020, DataCamp in December 2018, MyFitness in February 2019 and Zynga in September 2019. Through no fault of my own, my username and various passwords, my location data (scary), and authentication for my google account has been harvested, packaged and shared through various dark corners of the web – or traded for hash on Silk Road. When Canva failed to protect my data, they did so alongside 139 million other users. The data was stolen by powerful hacker group Gnosticplayers who have listed (and most likely sold) around 1bn compromised records this year.

Disney was forced to issue a statement earlier this year, in response to accusations that Disney+ accounts had been hijacked. In this case Disney claimed that they had not suffered from a data-breach, but instead so many username and password combination have been stolen, that when users created a new account, using old usernames, they were immediately stolen. We are constantly being told to use unique combinations for every site, and to never share our details, but if these sites were half as responsible as we are supposed to be, we would have to.

My own username/passwords are now stolen an average of five times a year, from companies that supposedly have a duty to protect my data. Most likely yours are too, and yet very few consequences exist for companies that were not prepared to pay the expense to fulfil the legal obligation to protect you, their customer.