By Mark Lanterman
How many times have you found yourself discussing something with a friend or coworker only to see an ad for that very thing appear a few moments later? I, like many, have often had this bizarre experience and while it’s easy to laugh these moments off as merely “creepy,” it’s remarkable to think about the vast amounts of data that are routinely collected about us. I was recently interviewed by CBS to discuss the often ignored reality that we allow huge amounts of data about us to be collected, stored, and traded every single day.1
Though many people actually like the convenience of customized ads, others see them as an invasion of privacy. I have often said that utilizing the many conveniences of technology requires a trade-off of our security, but the all-encompassing reach of the internet should give everyone pause. It turns out that downloading a variety of apps on our phones and mindlessly clicking our assent to all the terms and conditions comes with its own set of consequences—including, potentially, that we willingly allow companies to track our conversations as well as our movements for the purposes of highly targeted advertising.
As it turns out, there is a growing backlash to this obvious lack of transparency. At the end of April, Apple released a very significant update—iOS 14.5.
Essentially, “app tracking transparency” allows users to accept or reject tracking activity on an app by app basis, but it also serves, in the words of a Wired article, to “simply expose how many apps participate in cross-service ad tracking, including some you may not have suspected.”2
Giving users the power to deny ad tracking permission to particular applications is a huge step in preserving privacy. Apple has also recently created the privacy nutrition label, “requiring every app—including its own—to give users an easy-to-view summary of the developer’s privacy practices… The privacy nutrition labels give users key information about how an app uses their data—including whether the data is used to track them, linked to them, or not linked to them.”3
Though Apple’s decision has many critics—Facebook is a primary opponent—the update underscores Apple’s continued commitment to user privacy. Furthermore, the update still allows for customizable advertising by leaving the decisions to the individual. Apple’s decision to support user control is certainly a step in the right direction. While no one measure can bring order and fairness to the mass data-sharing that goes on around us, it underscores the fact that users should have power to determine which personal information is shared about them, and with whom. Digital advertising isn’t necessarily a bad thing, but it should be done transparently and with permission. Openly complying with data privacy regulations is essential for establishing trust with consumers, as an increasing number of individuals begin to pay attention to how their data is handled. In fact, recent data shows that since the update has been released, only about 4 percent of U.S. users have allowed apps to track them.4
While the United States does not currently have universal federal legislation related to data privacy or security, Apple’s move may be indicative of a larger push to better establish and uphold user rights. Apple CEO Tim Cook has gone so far as to acknowledge data privacy as a fundamental human right, a position that other individuals and organizations are increasingly taking.
For the legal community, this movement highlights the raising of the stakes around data security. Even the largest organizations are now acknowledging the value of our personal data—and attorneys, as we all know, have a similar if not greater obligation to protect client data. Clients should always understand how their information is collected, stored, and protected. And those data privacy considerations must be taken into account when assessing the strength of internal cybersecurity measures.
MARK LANTERMAN is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.
Notes
1 https://minnesota.cbslocal.com/2021/04/27/how-much-does-the-internet-know-about-us/
2 https://www.wired.com/story/ios-app-tracking-transparency-advertising/
3 https://www.apple.com/newsroom/2021/01/data-privacy-day-at-apple-improving-transparency-and-empowering-users/
4 https://mashable.com/article/ios-14-5-users-opt-out-of-ad-tracking/