By Keisha M. McClellan • May 30, 2018•Writers in Residence, Issues, Other Issues
There’s little doubt that being able to access your emails, texts, photos, and personal fitness stats on multiple devices, in multiple locations, is convenient. But from workplace privacy to Internet of Things (IoT) devices, the increasing concern is what is the hidden cost for connectivity and your data privacy? Does checking your personal email while connected to your employer’s wi-fi mean the company can access that personal content as well? Is your wearable fitness tracker data aggregated in a way that could compromise your ability to qualify for health insurance in the future? Could your robotic vacuum convey personal details about your home that could be shared? Possibly. Where you allow access to your data and how this data can be used raises concerning privacy implications in your everyday life. The universal truth is that using technology in today’s world goes hand in hand with some form of data being reviewed and/or collected as a quid pro quo.
For example, some organizations incentivize employees to use their own devices for work purposes in exchange for the company paying a portion of an employee’s monthly mobile bill. While this may allow for a work/life balance that supports telecommuting and decreases overhead costs for employers, it can also encourage 21st century workplace intrusions. For the employee, unauthorized monitoring of employees’ private affairs may accompany personal devices attached to the company’s wi-fi network. And there are threats to companies’ security as well. Work materials that are stored on and shared by personal devices could expose companies to cyberattacks that are challenging to contain. As is often the case with privacy concerns, the trade-offs between protecting individual rights and protecting the larger good is, indeed, a slippery slope.
The digital age presents privacy concerns that test the limits of data privacy laws. The sector-specific approach to privacy that is a hallmark of the American system sharply contrasts with the more dimensional approach to privacy that defines the newly-launched European Union’s General Data Protection Regulation (GDPR) where protecting the individual is at the core of privacy protections. “The United States has historically regulated privacy in context, with piecemeal laws for the privacy of healthcare records, financial documents, and federal communications.” In contrast, the EU’s GDPR approach places individual privacy rights front and center and then uses laws to support that intention. The GDPR requires companies to get a person’s consent before collecting data and to provide clear terms of service: it also creates a robust punitive structure to deter privacy violations. In short, GDPR enables "people [to] request their online data and restricts how companies obtain and handle the information.”
In all, while technology may enhance many aspects of everyday life, the potential for data privacy intrusions warrant privacy protections that evolve with the changing times.