There is nothing like a highly contagious pandemic to remind us how each of our lives is connected to our neighbors — and the rest of the world. That takes on a different form in our digital age, where tracing applications hold the potential of both protecting us from one another and invading our personal privacy in whole new ways.
Back in 2018, the European Union adopted landmark legislation to protect individual privacy online with the General Data Protection Regulation or GDPR. This new set of rules was designed to give online users more control over their personal data, by imposing a range of obligations to any organization operating in the EU and harsh penalties of several millions of euros for those failing to comply. It was aimed to shift the balance of power on personal privacy, from Big Tech back to you and me.
But two years later, the European Union has now admitted in an official report that is set to be published today that implementing the GDPR has proven to be more difficult than expected. The report highlights a lack of clarity of the rules when it comes to emerging technologies such as artificial intelligence and the Internet of Things, as well as discrepancies and confusion over how the rules are applied at individual country level. Small businesses with limited budgets are also struggling to comply with the regulations and its high costs.
Digital attacks on privacy are bound to continue — Photo: TNS/ZUMA
The pendulum on digital privacy protection is swinging in various directions, all around the world. And some other current examples in the world are more worrying than Google or Amazon knowing your buying habits: Moroccan journalist Omar Radi was recently targeted by sophisticated spyware made by an Israeli security firm. The Moroccan authorities used NSO's Pegasus software to access data on the journalist's cell phone — although the company had previously pledged to stop its products from being used in human rights abuses. It's only the latest sign of what Le Monde describes as a troubling "porosity" in Israel between the cyber units of the country's intelligence services and a burgeoning digital startup scene.
But now Israel's own COVID-19 tracking app has been at the heart of a controversy since it was launched in March. The government had approved the country's domestic security agency to use its counterterrorism surveillance measures to track virus patients. The order authorizing temporary use of the technology is set to expire in a few weeks and a parliamentary oversight committee is now asking the government to stop using the app. But as Israel is experiencing a second wave of infections, will the country really abandon this practice that it defended as a way to save lives?
Still, as we all know by now, most privacy invasions tend to be collateral damage in the quest to make money rather than save lives. A study conducted by the University of Texas at Dallas found that 72 mobile apps for kids out of 100 violated a federal law aimed at protecting children's online privacy. The researchers developed a tool with a 99% accuracy that identified games and apps with privacy risks and which made it easy to determine a child's identity and location.
Whether it's tracking your kid's whereabouts or hounding a journalist, digital attacks on privacy are bound to continue. GDPR, at best, was only ever going to be a deterrent, never a cure.