By Siddharth Pai
An unavoidable part of joining the digital highway is that users have to share their private information. Today, there are billions of active internet users, a number which is rising, as we have seen with the sudden rise in the number of Indians going online. Social media platforms and search engines see billions of users a day voluntarily parting with their private information. This is with the expectation (at least according to these platforms and search engines) that doing so allows for a “better” online experience.
This ultra-connectivity always ends up blurring lines between what is public and private information. Some of the privacies we usually take for granted—from our web searches to our health—are being steadily exploited by all sorts of players on the information highway in the name of “frictionless” and convenient digital experiences. Meanwhile, our personal data is being compromised, stolen, and leaked with disturbing regularity.
A disturbing statistic says that over 85% of the world’s large organisations see at least one major breach of their cybersecurity each year, and that over 50% of them report two or more breaches in a year. The Cyber Edge Group (bit.ly/3QudNOq) has a useful infographic that shows the current level of cyberthreat across the globe.
Nation-state actors, criminal organisations, and even lone hackers are constantly adapting their tactics to exploit emerging vulnerabilities. With the proliferation of the smartphone and now the Internet of Things (IoT), interconnected devices have become prime targets, amplifying the potential for large-scale disruptions and privacy breaches.
As these threats become more sophisticated, the cybersecurity industry has responded with innovations aimed at thwarting attacks and minimising damage.
But all their attempts seem futile. We are always in the mode of reacting to new threats. In 2021, Sophos, a cybersecurity firm undertook a survey of 5,400 IT decision makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa. More than half (54%) said that the attacks were too sophisticated for their IT teams to handle alone.
The corporate world has IT teams, cybersecurity specialists and others working together to combat this menace—which is not going to go away any time soon. But what of us as individual users of the internet?
The World Economic Forum reported in 2021 that most people do not put a price on their online privacy. It referenced a 2020 study (bit.ly/40xxKZC) while coming to conclusion that “Argentinians, Brazilians, Colombians, Mexicans, Germans, and US citizens did precisely this.
The Technology Policy Institute, a think tank, asked respondents how much a company would have to pay them each month to disclose various types of personal data. While the exact amounts varied across countries and categories—with Germans charging the most and US residents the least—the average came out to a surprisingly affordable $10, or $120 a year.”
It seems that at least Facebook (Meta) was listening—not so much as to ponder whether privacy is a fundamental right (its business would collapse if it accepted this premise) but enough to consider that privacy can be given to users at a price.
On November 1, 2023, it came out with an announcement that Meta would roll out a programme for users to ensure that they private data is kept, well, private (bit.ly/40nd9Hj). It appears that in Europe at least (where the European Union has mandated stiff data privacy laws), this will come at approximately €10 per month (and €13 if they sign up from their phones).
To be sure, this would mean that the platform would stop targeting ads to you based on your private data, not that they would stop collecting it. Some other firms are also offering an ad-free experience at a cost—platforms like Spotify, YouTube and others already offer a “premium” experience which is ad-free.
People may be pushing back against “surveillance capitalism”—or at least opting for an ad free experience, but the basic ethical question remains. Why should people be paying for this? Why should it be a luxury and not a fundamental right?
Also, if one were to scratch beneath the surface, this seems a lot more like “legal” extortion, whereas the extortion attempts by hackers are not.
I use the word “legal” here loosely, since I believe that people should not have to pay for something that is theirs in the first place, and which was taken from them surreptitiously in the name of “frictionless” web experiences.
As far as the legal stance of this is concerned, I am not alone. European courts have argued for many years that Meta cannot use personal data for advertising unless the company gets free and explicit—yes or no—consent from the people who use its services. The operative words here are “free and explicit”, not “at a price”.
In fact, Wired magazine reports that in July, Norway’s courts started fining Meta $100,000 for each day that it did not comply with a Norwegian courts directive that branded the way Meta carries out behavioural advertising as illegal and imposed a ban. It appears that on October 31, this ban was replicated across the European Union.
Unsurprisingly, Meta argues that they are building this priced opt-out in line with a legal directive—this one in July by the European Court of Justice which said that Meta needed to offer users an alternative to ads, if necessary for an appropriate fee.
This space is going to develop further quite soon. And it seems as if Europe will lead the way for the rest of the world.
Siddharth Pai, technology consultant and venture capitalist. By invitation. Views are personal.