Previously in our Future of Privacy series, we not only analyzed the emerging privacy debate, but also noted that growing data collection practices are poised to fundamentally transform the economy in ways that both consumers and regulators are not prepared for. In this final post, we’ll give you a glimpse of what’s to come by looking at specific examples of practices and products that companies have recently or plan to implement and what consumers can do to prepare themselves.
Emerging trends in data privacy
We decided the best way to illustrate the future of data privacy is to take a close look at two instances of emerging trends within the data economy. Keep reading as we break down their present and future implications.
Using an Apple Watch to keep the doctor away
This year, insurance company John Hancock announced that it would only be selling so-called “interactive” life insurance policies. These are policies that use wearable devices, like Fitbits and Apple Watches, to track your lifestyle and reward you for meeting certain dietary and fitness milestones. The company began offering such policies in 2015, but these were offered alongside traditional life insurance options. It’s worth noting that although John Hancock is the first company to forgo traditional policies entirely, policyholders can choose how much data they share and can even opt out of sharing. As the program is now, it seems like the company has done a great job of ensuring that safeguards are in place to prevent misuse and, hopefully, mitigate hacks, breaches and identity theft. Additionally, the data won’t be sold or used outside of the context of offering rewards to consumers.
The concern, however, shouldn’t be placed on the policy programs of today, which allow for users to opt out and are primarily about rewarding people for sharing their personal data, but on their successors, which may not allow such flexibility. There is legitimate concern that this kind of “connected” program, along with many other aspects of the Internet of things, will encourage consumers to become accustomed to sharing information in contexts where it’s not strictly necessary. While John Hancock currently doesn’t have intentions of exploiting this by raising premiums or selling the data it acquires, who’s to say that, down the line, some other company or entity might — and consumers who’ve become habituated to sharing their data will be less suspicious of such intentions.
There’s also the worry that John Hancock can change its policies at any time. In our current privacy paradigm, the consent consumers provide for data collection is seen as indefinite, with many companies having retroactive clauses that allow them to get away with subjecting consumers to service changes without notifying them beforehand. This doesn’t seem to be the case with John Hancock, but without thoroughly reviewing its policies and terms, it’s hard to know what John Hancock’s intentions are for the present, as well as what the future fate for all this data may be. Similar to how no one predicted that Facebook privacy controls would fail to stop developers from siphoning information or allow the company to leverage its user base to create “shadow profiles” for people not using the site, there’s a limited idea of what John Hancock’s plans or policies could allow for.
This is why consumers should be somewhat critical whenever they’re asked for their information, regardless of what perks or rewards are offered in exchange, as the future can present new complexities that are simply not obvious from the start. The other major concern is that experts know that many companies, including insurance companies, are trying to use all types of data to inform the prices they should charge individual consumers. Participating in a program like John Hancock’s brings us closer to a world of personalized pricing and whatever consequences that may bring. Even if John Hancock isn’t going to be the company that brings us there, it might be paving the first bricks down that road.
The Bank of Amazon
Fintech (financial tech), an emerging industry we’ve talked about before, has the potential to truly transform the way people manage their finances. One of the more interesting developments in this industry is that companies currently not in financial services, like Amazon and T-Mobile, have announced their interest in branded consumer banking products. In the case of the T-Mobile, its service has already been soft-launched, offering higher APYs to consumers who currently use the company as their carrier. Why are retail companies suddenly interested in banking? Two words: financial data. Your saving habits, spending habits and other financial behaviors can reveal how much you’re willing to spend and what types of products you’d like to purchase. In the case of Amazon, which has extremely tentative plans at this point, it looks like it is interested in acquiring a young audience and having them grow up banking with the Amazon brand.
Tech companies’ efforts to get into the financial industry don’t inherently represent a privacy threat, but they illustrate the type of comprehensive ecosystems companies of the future are hoping to build. It’s far too early to know what these developments mean for privacy, if anything, but you should be aware of the motivations that inform the providers of these services. Similar to the fitness tracker-based insurance policies we explored above, banking tied to other services, like your mobile phone provider, could be used to help singular entities collect more data on individuals than is necessary.
How worried should you be about these developments?
Our purpose in writing this post, as well as this entire series overall, was not to stoke fear or make the coming societal changes out to be scarier than they are. We wrote these posts to provide you with the broadest possible perspective on the issue of data collection. We found that many of the articles on this topic seemed to be limited to discussing particular products and services, and failed to contextualize how the data economy will transform privacy as a whole. While specific products might be safer than others, highlighting the general privacy risks of data collection now and in the future can help consumers give truly informed consent to the companies offering the products and services they use daily. As a final consideration, keep the following advice in mind when deciding whether or not you want to provide data in a particular circumstance:
1. Read the terms of service. Before jumping on board and adopting a service, make sure to thoroughly read the terms and conditions, explicitly scanning for retroactive clauses and any other clauses that would make your consent to the terms of data collection indefinite, regardless of what changes are made to the service.
2. Think about the picture that your data paints. The crux of our Future of Privacy series, as well as most of our cybersecurity discussions on this blog, is that your data can be weaponized against you — either by hackers and identity thieves or, as we’ve pointed out, by companies who plan on using your data to influence your behavior and determine how much to charge you for products and services. If you think your data can be used against you in any of these ways, don’t share it. For example, if you are someone who doesn’t or cannot exercise regularly, you probably shouldn’t participate in programs like John Hancock’s active insurance plan. Similarly, if you fear identity theft, take the time to consider what data is reasonably necessary to use a service and give no more than that amount. If the service requires too much of your data to create the account, opt for another service.
3. Think long term. The other issue we’ve highlighted is that the current privacy paradigm requires consumers to think long term, though unfortunately, this fact isn’t explicitly apparent. When we agree to privacy notices and terms and conditions, we have to realize we’re not only making an agreement with the companies mentioned in those documents, but also any future partners or buyers that the business might have. In some cases, even future versions of the same company might have entirely different goals and objectives. None of these transformations will be represented in a static terms and conditions document. If you’re sharing any piece of information, ask yourself if you’d be okay with that information being made available to any number of parties indefinitely without your knowledge or consent.
This post marks the end of our Future of Privacy series, but if you want more in-depth posts on privacy or emerging tech stories, continue reading our technology blog.