Stay informed with free updates
Simply register at American and Canadian companies myFT Digest – Delivered straight to your inbox.
A quarter of a century ago, Scott McNealy, then CEO of Sun Microsystems, He is famous for dismissing consumer privacy in the Internet age as an anachronistic distraction. “You have no privacy anyway,” he said. “Get over it.” Judging by the way consumers have since posted details of their private lives on social media and blithely complied with the intrusive terms and conditions of many online companies, McNealy may have been right.
But how we act and what we think can be two different things. Internet users don’t seem to be “over it” when it comes to privacy. In fact, consumers now tell pollsters that they are increasingly concerned about misuse of their personal data and want stricter controls. TO Pew Research survey in the US last year found that 81 percent of respondents were concerned about how companies collected their data; 71 percent expressed similar concerns about the government (up from 64 percent in 2019).
These anxieties are even more acute when it comes to highly sensitive personal information, such as genetic data, which not only affects an individual but also all of his or her family members. When you spit into a tube and send it for a DNA test, you are handing over unique data that cannot be anonymized. You are also sharing information about your entire biological family, probably without their consent. That makes it even more important that such data be secure.
In some cases, there are obvious concerns about who can access (or sell) that data. Several users of London-based DNA testing company Atlas Biomed have expressed alarm about the security of your personal information. The company appears to be inactive: it has filed its annual accounts late and has not been active online. He reportedly did not respond to recent BBC queries and there has been speculation about his links to Russian business interests.
The Information Commissioner’s Office, which enforces Britain’s data privacy laws, also confirmed it received a complaint about the company.
In the United States, customers of the 23andMe DNA testing service are also anxiously following the company’s fortunes. which this week admitted that there were “substantial doubts” about its survival without the injection of new funds. Some 15 million people have used the service and about 80 percent of them have agreed to share their data for scientific research.
Anne Wojcicki, co-founder and CEO of 23andMe, has said she intends to take the company private and will not consider an acquisition by a third party. “We are committed to protecting customer data and constantly focus on maintaining our customers’ privacy. That will not change,” the company said in a statement to the Financial Times.
But users are unlikely to feel reassured. 23andMe genetic data is not covered by the US federal Health Insurance Portability and Accountability Act (HIPAA), which applies to most medical data. It also suffered a serious data breach last year in which 6.9 million user accounts were compromised. Wojcicki has fallen out with the rest of the board of directors, who have resigned en masse. And it’s unclear what would happen to 23andMe’s data if the company went bankrupt.
“23andMe highlights very valid anxieties and fears that people feel when they have provided highly sensitive information to a company for a specific purpose,” says Sara Geoghegan, senior counsel at the Electronic Privacy Information Center in Washington, DC. “Users deserve more than a simple promise that their privacy wishes will be respected.” For more than 20 years, Epic has been campaigning for a federal privacy law to protect user rights.
Such legislation seems unlikely given the incoming Trump administration’s anti-regulatory stance, even if many Republicans are concerned about data privacy. The only real alternative is for consumers to assert their power by wresting more control. They should pressure technology companies to minimize the data they collect, be more transparent about its use, and ensure that user consent is voluntary and informed. “Even with the best possible laws, it won’t be possible to prevent criminals or foreign governments from accessing your data,” says Carissa Véliz, author of Privacy is power. “Technological solutions are very important.”
Some digital services already offer privacy by design, but there are currently few market incentives for their expansion. Users should question McNealy’s fatalism and stimulate that consumer demand.