What's the difference between data privacy and data security?

Data security is about protecting your data from unauthorized access (basically ensuring that hackers can't access your data).

Data privacy, on the other hand, is about giving you more granular control over how (and by whom) your data is accessed, used, or shared.

Both are extremely important.

Why is Data Privacy Important?

There are a couple big reasons you should care about data privacy (in addition to data security).

Cybercriminals and scammers

Cybercriminals and scammers leverage personal information in order to better target scams to you. The less data they have on you, the harder it is to target scams to you and the less likely you are to be targeted.

Also, with sensitive information like your social security number (or other government identification number if you're outside the United States), as well as a couple personal details, scammers can try to steal your identity, open credit cards in your name, or otherwise cause financial and reputation harm.

Corporations

If companies are collecting and storing your data (often with poor cybersecurity practices) and are later hacked, that leaves you vulnerable to hackers obtaining that data and carrying out scams.

Even if companies aren't losing your data, they're collecting it for a number of reasons, including:

  • Personalized services (and ads)
  • Better understanding of their customer base (which improves their ability to effectively sell products)
  • Training data for models

Even if you're okay with this, the down side is that often companies are using data to manipulate you in ways that are hard to realize or break out of.

For example, Facebook performed experiments on their users in order to see if they could manipulate their emotions (without their consent) – and found that they could (Source). Additionally, the spread of data collection has been shown to boost disinformation campaigns around the world. (Source)

Government agencies

Often corporations will provide data to law enforcement or other government agencies without a warrant (or the government agencies will collect the data themselves).

This can lead to broad, sweeping surveillance programs, sometimes targeted based on racial or ethnic groups, or by political affiliation. These programs have typically had disproportionate effect on people of color in the United States, and minority groups throughout the world.

Additionally, in the (recent) past, the US government admitted that:

"the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline." (source)

Just because you don't have anything to hide right now, doesn't mean that you want everyone in your life (or your government) to monitor everything you do every moment of every day. Protecting your information protects you from some of these effects.

Sometimes, I hear folks complain that it's too late – that their data is already out there and there's no point to trying to improve their data privacy. But the best part about data is that you're constantly generating new data as you browse the internet, make purchases, and go about your life. It's never too late to cut back on sharing your data. And the sooner you do so, the less data you're giving up.

It's a little bit like smoking – even if you've been smoking for many years, it's always a good idea to cut back or quit.

How to Improve Your Digital Privacy

So, if you want to mitigate the amount of information that is tracked about you, here's a quick list of 10 ways you can improve your digital privacy.

First, improve your digital security. You can find my quick guide here. Having strong digital security and making sure that no unauthorized users can access your data is the first step to protecting your privacy.

Switch to using a browser like Brave or DuckDuckGo which will protect you against trackers and ads that track you as you search the internet.

If you continue to use a browser like Chrome, use browser extensions like uBlock Origin or Privacy Badger, which stop advertisers and other trackers from secretly tracking where you go and what you're looking at on the internet.

Use end to end encrypted chat apps like Signal or iMessage. While this is also a security measure, using apps which don't track your metadata is a privacy one.

For example, while WhatsApp has encrypted messaging, it is also owned by Meta (Facebook), and Meta uses the metadata (who's calling whom, when the calls are made, how long they last, and so on), which isn't really protecting your privacy, so I don't recommend it. Plus, if you back those messages up to the cloud, the messages may no longer be encrypted.

Opt out of ad personalization. You can do so for more than 50 companies here. Opting out will not prevent companies from collecting your data, but will significantly reduce the data they collect.

Apple rolled out a similar option in a new iPhone update, where you now have the option to ask apps 'not to track'. Additionally, opt to delete your user data from sites like Google, Facebook, and Twitter (and set up a recurring option to clear your cookies and search history regularly from Google).

Clear out data you no longer need. If you're disposing of a device, make sure you completely wipe the data (and reset to factory settings) before you do so (and make sure you're doing so for every internet connected device).

If you're very paranoid (like me!), look up the instructions for how to 'sanitize' or permanently erase a device before getting rid of it.

At the same time, review your backup settings for your device and your chat apps. Are you keeping information past the time when you still need it? All of that information is at risk of being used by any applications you've given access to or stolen by hackers in a data breach.

Use a tool like Privacy to protect your credit card information. They provide a virtual card for the exact amount of the purchase (or a recurring purchase) so you don't have to disclose your actual credit card number (though you will still be giving away your other information like name and address).

Also consider using a credit card that prioritizes your privacy (like the Apple card, which states that they don't know your transaction history, and don't share or sell your transaction information to third parties).

Review your social network privacy settings regularly. Check to make sure you're not sharing more information than you'd like. Also make sure that you're covering all of your accounts (Facebook/Instagram, Twitter, Google/Gmail, Yahoo, Venmo, TikTok, and so on).

Close old accounts rather than leave them dormant. That means that your old accounts (and the information they have on you) are less likely to continue being used by old applications or third parties you've given access to, sold by the application/website, or lost in a data breach.

Review the applications on your phone, and delete the ones which you don't need or are no longer using. In fact, if you can only use the site via a browser instead of downloading the application (or switch to doing so) it will significantly reduce the amount of data you're sharing.

Take this one step further, and don't sign up for accounts you don't need, and avoid downloading additional applications unless you really need them.

Lastly, contact your congresspeople/local government representatives. There's a limit to how much you can do as an individual to maintain your privacy, without taking extremely drastic measures (covered in the additional resources section below). The best option for consumers is better, more consistent regulation of data privacy around the world.

Looking for more information?