We don’t get a say
If it’s our data, how come we don’t get a say in how it's used, or who has access, where it’s stored, or if it's even protected at all? Don’t give me some “well its complicated” bullshit. If I’m sharing my identity, the least you can do is explain how you plan to protect it, who’s going to have access, and why. It should not be unreasonable to request my data is never sold or shared without my consent, or that I want it all deleted after 30 days, or hey, you can use it to help me on a support call but not to send me creepy ads.
I will say out of all of the problems surrounding user data privacy; this is the area in which companies have made the most effort. A “nice” mixture of outrage, lawsuits, and legal precedence has given us users the proverbial “opt-out.” So props to that, it's better than nothing, I guess. Nothing like an array of confusing switches you can turn on and off with little to no explanation that either disable key features or seemingly do nothing at all. All buried under 3 settings screens.
LinkedIn does one of the better jobs I’ve seen, and still, it’s 30+ settings across multiple pages. I just counted; I have 80 apps installed on my phone. The expectation can’t be that I’m going to spend an hour+ in each app trying to figure out their settings nomenclature just to put some basic controls in place.
This might be the craziest part for me as an engineer; take the LinkedIn example of 30 settings. That feels like woah, as a user, I have so much control. Ha! You start digging into it and realize all you’re doing is setting a flag for if they can no longer use some subset of your data for ads. THAT’S NOT CONTROL. That’s 30 ways to do more or less the same thing. That's not impressive; that's just annoying. If you’re going to thump your chest and say you work so hard to build transparency, I expect a whole lot more than a few flags for ads. This is literally off their privacy policy website:
“LinkedIn’s mission is to connect the world’s professionals to allow them to be more productive and successful. Central to this mission is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.”
That’s all great that you show me an audit trail of when I changed my password with a link to the password reset form to do it again 🙄. How about an audit trail of who at Linkedin accessed my data, and for what reason? As someone who’s managed data for major enterprises, there are entire teams of people who have free rein of your data. I know what I did with my account…. I want to know what YOU did.
We should be in control of our data. As a company, you are processing and storing it to deliver a feature. It should be that simple; it can be that simple. For Feature X, the following data is used, do you agree? Wouldn’t it be great to force encryption or limit what business functions can access my data? Sure. But maybe, let's start by fixing those stupid iOS and Android permission popups. Like ya dude, I clicked the camera tab in Snap; I’m cool with the app accessing my camera. Where what it really should have shown was, do you consent to Snap keeping a permanent record of every photo you’ve sent, even tho in the app it deletes after sending?
I really think the problem comes from a simple place. There are no real negative side effects of a lackluster privacy effort. If anything, great privacy just means more work for no dolla. I know. I’ve been on the other side of the problem, talking end to end encryption, adding new ways for users to control privacy, and it's always “cool idea, put it on the roadmap,” which is just tech-speak for never gonna happen till impacts the bottom line. Companies will just keep ignoring privacy until we demand better.