Monthly Archives: January 2022

Data Privacy in 2022: Taking stock and moving forward

At the beginning of 2022, we are looking back on a busy and tumultuous year in the data privacy landscape. A glance at the discussions that took place during the 2022 Privacy Day – as well as throughout 2021 – can offer helpful insights for libraries’ own work to champion and speak up for privacy in the coming year.

The global scene: persistent challenges, important wins

One of the focuses of Data Privacy Day conversation was, of course, taking stock of recent developments and looking ahead to upcoming and planned initiatives. The past months have been punctuated with high-profile initiatives, decisions and news around data privacy.

First of all, the Pegasus spyware revelations and the ensuing fallout continue to unveil the full extent of its impacts. Throughout 2021, several countries – including Canada, Australia, and most recently France – moved to protect their citizens’ data from Clearview AI, a facial recognition tech company which scraps images of people from across the web (and recently announced that they have collected 10 billion such images) to train its AI.

Meanwhile in Kenya, a recent decision of the High Court recently ruled that their Data Protection Act applies retrospectively, calling for a data protection impact assessment of a Digital ID system. The European Parliament pushed for a ban on digital ads targeted on the basis of such sensitive user characteristics as health or religion.

The new privacy law in China has been noted, inter alia, to have important extra-territorial implications, while in Australia, consultations for a review of the Privacy Act 1988 is underway.

All of these raise issues and questions that shape the shared digital environment in which all stakeholders – including libraries – operate.

Privacy: illustrating interdependencies between fundamental rights

Whether explicitly or in passing, we are also seeing an ongoing conversation about the ways data privacy – especially as understood within the framework of the fundamental right to privacy – interacts and relates to other key rights and policy priorities.

An obvious example comes, of course, from the healthcare sector – the discussions on how to strike the right balance between data privacy considerations and measures to curb or slow down the spread of the COVID-19 virus. The most interesting voices in such scenarios are those that advocate for ways to not see such crucial goals as a trade-off with privacy, but rather to find ways to safeguard and deliver on both (including by drawing on privacy-by-design and privacy-by-default principles).

We also see important recognition of the ways privacy enables other fundamental rights. The 2021 UNESCO Media & Information Literacy Curriculum for Educators & Learners, for example, outlines the many links between privacy and development at both personal and societal levels, as well as with access to information and freedom of expression.

These arguments and considerations are very well known to library and information professionals, who customarily regard privacy as part of intellectual freedom in their professional code of ethics. This has many implications for day-to-day library work and service delivery choices – but also, crucially, for their work as digital literacy and privacy educators.

Privacy literacy in 2022

The idea of privacy-related skills as part of media literacy also finds reflection at the policy level – for example, in the new UK DCMS Online Media Literacy Strategy, where it has a very prominent place.

For libraries as digital skills and media and information literacy educators (and intellectual freedom advocates), privacy upskilling initiatives continue to look like a natural part – or extension – of their work. To this end, it is always helpful for libraries to keep a hand on the pulse of what the privacy literacy landscape looks like today!

This is a complex landscape of however. For example:

Efforts to collect data and better understand the links and changes in motivation, knowledge and practice continue. For example, drawing on a 2020 survey among North American consumers, McKinsey concludes that most users have fairly low trust levels when it comes to how companies use their data. At the same time, while tools that help people control their personal data are more widely available, not everyone is equally quick to make use of them. Over 60% of respondents said they have cleared cookies and their browsing history, and more than 40% have disabled cookies altogether, or have deleted or edited a post they have made in the past. But other possible privacy measures – e.g. temporary email addresses, encrypted communication – were used by fewer respondents.

The 2020 Australian Community Attitudes to Privacy Survey, for example, concluded that “Australians have a very strong understanding of why they should protect their personal information (85% agree) but are less sure how they can do this (49% agree). Three in 5 (59%) care about data privacy, but don’t know what to do about it.” Here, 29% of survey respondents have read a privacy policy in full and 23% made a request for their personal information to be deleted – and more than half said that they have deleted an app or denied it access to information to safeguard their privacy.

Another interesting relationship here is that between digital skills levels and overall trust and confidence. For example, the UK strategy referenced earlier quoted that, while “73% of users described themselves as ‘very confident’ or ‘fairly confident’ managing their data online, 44% of respondents who described themselves as confident were unaware that data could be collected through smartphone apps, and 20% were unaware of the existence of cookies altogether”.

Different user group profiles and needs: of course, privacy literacy and knowledge is not equally accessible and familiar across different user groups and cohorts. The Australian Community Attitudes to Privacy Survey also showed that older users were significantly more likely to rate their knowledge or privacy and data protection rights as very good or excellent (e.g. 15% of those in the 65+ bracket, compared to 31% of users aged 18-24).

In the EU, a recent Eurobarometer survey included a question asking whether the respondents knew how their fundamental rights – such as to privacy and freedom of expression – should also be respected online. The responses also showed some variations across socio-demographic groups as well, including e.g. linked to formal education attainment and frequency of internet use.

The granularity of privacy attitudes and beliefs: at the same time, publications like the 2021 report about students’ attitudes and behaviours by the Future of Privacy Forum draw attention to the importance of better understanding the unique privacy needs and expectations of different user groups.

The report highlighted, for example, specific concerns the members of this user group may have around academic and professional prospects in relation to privacy, some available data on the types of information they consider as necessitating particular protection, the confidence they have in different data processors, and so on.

Libraries are helping

This data suggest that there is continued interest (and need) for more knowledge and information around online privacy among users. In the Eurobarometer survey mentioned earlier, a very strong majority – 76% of respondents – said they would find it useful or very useful to know more about their rights online.

Given the diversity of the privacy literacy landscape, the equitable and no-barrier learning opportunities that many libraries work to offer can make an important difference. In a video presented by Polish library experts at the 2021 Internet Governance Forum, participants of public library-based digital skill courses for seniors shared what they learned and took away from these workshops, with one of the attendees pointing out:

“An interesting thing that I did not know so far is that I can check what the internet ‘knows’ about me. And it turned out it knew too much!”

The innovative, interactive and flexible learning opportunities around data privacy which libraries offer highlight their unique strength in identifying and helping meet community needs. We look forward to seeing these efforts continue and grow, and celebrate the dedicated work of educators, activists and inquisitive users!