Consumer privacy made losers of us all this year

It was a rough year to be a customer of Marriott, Facebook, Reddit, Google+, Quora, British Airways, Cathay Pacific, Orbitz, Ticketfly, Under Armour, OnePlus or any of the other numerous companies which were revealed this year to have cumulatively lost hundreds of millions of users' personal details.

Compounding the data breaches of years past -- Twitch, Yahoo, Twitter, LinkedIn, Equifax, Uber, Target -- it's clear that if you're a human who uses the internet regularly, you're affected.

The FBI says it's safe to assume that every American's information has been leaked somewhere. On the dark web, social-security numbers of a specific person reportedly sell for $3, credit-card numbers for as little as $7 and bank accounts for a few thousand dollars depending on the balance.

This situation makes losers of us all. Yet like climate-change debates or toxic politics, we seem to have reached saturation point, where each revelation loses its power to shock, and we feel disempowered to meaningfully change the situation at all. Every year, we give up more intimate data and eventually lose it to businesses that mine data for profit.

There is no magic bullet, but there may be a few rays of hope: the most comprehensive data privacy legislation yet in the EU's General Data Protection Regulation (or GDPR), a groundswell of movements for greater tech policy and ethics.

One repeated but perhaps unfamiliar avenue will hopefully come into focus in 2019: the right to data portability.

Never mentioned in pre-GDPR data-privacy laws, portability allows for you to move the data you've given to online companies to another service, ideally without needing to download and re-upload it yourself.

"Privacy-invasive practices have fueled the massive growth of companies like Facebook and Google: They've gotten big by scooping up as much user data as possible."

It's a simple idea that quickly lowers the barriers to entry for any company that wants to compete with user-rich businesses like Facebook or Twitter. Instead of having to convince users to start from scratch rebuilding their networks, they could simply import every post and contact. The history you've built up with one dominant company won't keep you tethered to them forever. An often-cited comparison is the fact that you can switch your cell-phone number from one carrier to another without penalty.

Related: Federal data hack, U.S. government data breach

12 PHOTOS
Federal data hack, U.S. government, data breach
See Gallery
Federal data hack, U.S. government, data breach
Katherine Archuleta, director of the Office of Personnel Management, listens during a hearing of the Senate Homeland Security and Governmental Affairs Committee on Capitol Hill June 25, 2015 in Washington, DC. Witnesses testified about the hacking of Office of Personnel Management data. (Photo credit: BRENDAN SMIALOWSKI/AFP/Getty Images)
From left Katherine Archuleta, director of the Office of Personnel Management, US Chief Information Officer Tony Scott, Assistant Homeland Security Secretary for National Protection and Programs Andy Ozment, and McFarland, inspector general of the Office of Personnel Management, are sworn in during a hearing of the Senate Homeland Security and Governmental Affairs Committee on Capitol Hill June 25, 2015 in Washington, DC. Witnesses testified about the hacking of Office of Personnel Management data. AFP PHOTO/BRENDAN SMIALOWSKI (Photo credit should read BRENDAN SMIALOWSKI/AFP/Getty Images)
UNITED STATES - JUNE 23 - Katherine Archuleta, director, Office of Personnel Management, testifies during a Senate Appropriations Financial Services and General Government Subcommittee hearing to review data security and information technology spending at the Office of Personal Management on Capitol Hill on Tuesday, June 23, 2015. (Photo By Al Drago/CQ Roll Call)
WASHINGTON, DC - JUNE 23: Katherine Archuleta, director of Office of Personnel Management, arrives for a Senate Appropriations Financial Services and General Government Subcommittee hearing to review information technology spending and data security at the U.S. Office of Personnel Management, on Capitol Hill, June 23, 2015 in Washington, DC. FBI Director James Comey recently told Senators in a closed-door meeting that the personal data of an estimated 18 million current and former federal employees were affected by a recent cyber breach at the Office of Personnel Management. (Drew Angerer/Getty Images)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
White House Press Secretary Josh Earnest answers questions on the massive cyber-attack on the personal data of government employees June 5, 2015 during the daily briefing in the Brady Briefing Room of the White House in Washington, DC. The US government on Thursday admitted hackers accessed the personal data of at least four million current and former federal employees, in a vast cyber-attack suspected to have originated in China. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)
WASHINGTON, DC - JUNE 05: The Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
WASHINGTON, DC - JUNE 05: The entrance to the Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
WASHINGTON, DC - JUNE 05: The Theodore Roosevelt Federal Building that houses the Office of Personnel Management headquarters is shown June 5, 2015 in Washington, DC. U.S. investigators have said that at least four million current and former federal employees might have had their personal information stolen by Chinese hackers. (Photo by Mark Wilson/Getty Images)
The American flag is reflected in a window at the Theodore Roosevelt Building, headquarters of the U.S. Office of Personnel Management (OPM), in Washington, D.C., U.S., on Friday, June 5, 2015. The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. The hackers, thought to have links to the Chinese government, got into the OPM computer system late last year, according to one U.S. official. Photographer: Andrew Harrer/Bloomberg via Getty Images
Vehicles drive past the Theodore Roosevelt Building, headquarters of the U.S. Office of Personnel Management (OPM), in Washington, D.C., U.S., on Friday, June 5, 2015. The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies. The hackers, thought to have links to the Chinese government, got into the OPM computer system late last year, according to one U.S. official. Photographer: Andrew Harrer/Bloomberg via Getty Images
HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

"The problem [so far] isn't just bad privacy practices or just bad competition practices, it's how each fuels the other," said Gennie Gebhart, associate director of research at the Electronic Frontier Foundation. The powerful network effects and subsequent lack of competition for many data-mining companies have incentivized them to skirt user privacy already. "Privacy-invasive practices have fueled the massive growth of companies like Facebook and Google: They've gotten big by scooping up as much user data as possible."

Data portability enshrines the idea that your data belongs to you, to give to companies and take away from them if you please. It means businesses can fear being stripped of the resource they've been extracting (and subsequently losing to hackers) for years.

Today, you can download your data in hefty zip files from services like Google. Yet we're a long way from true interoperability, which would transfer user data straight to a competitor seamlessly. An eventual possibility is the universal digital profile that would unite every account we have online under a standardized format. The Data Transfer Project is an early step towards a common interface that will let customers move their information between Google, Microsoft, Facebook and Twitter. While it's still in development and limited to only a few large services, it's a hint at where portability could be headed.

Yet there are open questions with how this system will be adapted. The right to transmit data from one service directly to another is only granted "where technically feasible" in the GDPR, and it remains to be seen how companies and enforcement agencies might interpret that. A truly interoperable system of data transfer is a hope among advocates, not a right -- as is the hope that companies will apply GDPR standards globally, not just in the EU where they're obligated.

Moreover, as companies increasingly allow data to escape their walled gardens, it may increase the risk of breaches or misuse. Developing a fluid, interoperable system is as much about finding secure ways to move data from one service to another as it is about getting APIs to match up.

A world of true data portability would not stop foreign spies or committed hackers per se. Neither would it necessarily prevent data barons from handing our information to the next Cambridge Analytica. But it would give consumers a little more leverage and a little more freedom of movement. It would mean that the next time companies misuse their customers' data, users aren't just helplessly frustrated but can walk away and not look back.

Read Full Story