Privacy strikes back

Between Europe's General Data Protection Regulation launch and Apple Inc. WWDC keynote, the last two weeks have seen a major push to enhance privacy for individuals worldwide. 

These two developments send clear signals that governments and regulators are stepping in to rein in the data breaches and identify theft chaos of the past decade. It's evident that companies, such as Apple, are seeing a clear business case in embracing security and privacy by design in their products and services. 

GDPR comes into force

Friday, May 25th was a big day for privacy law as the world's most aggressive data protection and privacy regulations came into force after five years of development. The new regulation gives broad powers to EU member nations to hold firms accountable for digital privacy. 

The five things you need to know about GDPR:

  1. It has teeth: Firms can be fined up to 20 millions Euros or 4% of global turnover, whatever is higher. It's unlikely that fines of this force will be leveed against small and medium size firms, but they're designed to send a clear shot to global entities such as a Facebook, Google, Apple and Microsoft. 
  2. It is based on a concept known as Privacy by Design PbD was developed by an outstanding Canadian expert in privacy, Ann Cavoukian. Privacy by Design requires that privacy be taken into account in the entire lifecycle of online services and digital products from architecture to coding, from lifetime use to retirement. 
  3. It requires firms to be clear with users about what data is being gathered, why it is being gathered, how it will be used and who it will be shared with. This is why you've likely received a flurry of privacy updates from firms over the past two months. 
  4. It applies to any firm any where in the world that does business with European entities or citizens.
  5. It's set the bar for security and privacy. Global firms, such as Microsoft, have embraced it as their global standard. For any firm doing business globally, it makes sense to follow Microsoft's lead on this and embrace GDPR. Doing so will not only enhance compliance with laws, it will also help reduce business risks associated with digital privacy and security. 

Apple hits back at invasive tracking online

Apple's forthcoming operating system updates to its MacOS and iOS continue to build on its clear  embrace of privacy and security for its customers. It's also ramping up its growing battle with other Silicon Valley giants such as Facebook and Google over privacy. 

"I think that the privacy thing has gotten totally out of control and I think most people are not aware of who is tracking them, how much they're being tracked and the large amounts of detailed data that are out there about them ... We think privacy is a fundamental human right - " Apple CEO Tim Cook, June 4, 2017. 

There were three notable takeaways from Apple's keynote that will have a significant impact on firms that rely on digital tracking of online users as part of their marketing and sales strategy and tactics:

  1. Users will now be warned when they're being tracked across websites by cookies. One way this is done is through like, share or comment buttons offered on websites through platforms, such as Facebook. Even if you don't interact with these elements, they can be used to track and attribute your activities. This builds on Apple's work on its Do Not Track feature in Safari. 
  2. Apple's Safari browser (available exclusively on MacOS and iOS devices) will now make it harder to do digital fingerprinting. Digital fingerprinting is the use of various data points provided by your device or software (software version, hardware info, plugins installed, fonts installed, that combined can create a unique identifier that can be tracked. With the forthcoming updates, Safari will provide only a generic data set to online services that will make your device difficult to distinguish from others. 
  3. The new version of MacOS includes better support for third-party password management tools, which is a win for customers everywhere as well all have far to many passwords to manage manually these days. MacOS will also include more explicit protection and permissions for apps that want to use your built-in camera, microphone or access apps such as Mail, Contacts or Calendar. 

David Shipley is the CEO and Co-Founder of Beauceron Security Inc., a New Brunswick-based cybersecurity software firm with clients across North America. David is a certified information security manager and frequently writes and speaks about cybersecurity issues across North America.