What to Know About Protecting Your Digital Identity

Back in the early days of social media, users marveled at the power these services had to connect or reconnect with old friends and find new ones. Investors marveled at the potential these companies had to connect users with advertisers. It wasn’t until these services started to proliferate that the term “digital footprint” began to creep into everyday life.

Like many technologically focused things, the term "digital footprint" has evolved over time. Website cookies are a good example of this. Initially, cookies were a tool that websites used to enhance the experience of visitors by keeping track of user preferences on the site. They would facilitate things like remembering user credentials so when a user returned to the site, they wouldn’t need to log in again, or remembering items in a shopping cart. Over time, the types of data that cookies captured as well as their overall functionality increased to the point where cookies were being used not just to inform individual websites about users but also to track those users across the internet.

Users on social media platforms, whether they realize it or not, are voluntarily providing information about themselves, free of charge, to the world. By interacting with a site, users of websites are providing certain information to the site owner, such as search histories on Google, shopping preferences on Amazon, food purchases at your local grocer through a points program, viewing preferences on Netflix, location data collected by your cellular provider and the list goes on. As users of these services, we understand that we are providing these inputs to transact with these companies. Therefore, we are willing to give companies what they need to fulfill our requests.

Where it starts to get interesting is when you start to consider just how much of your life either occurs online or is facilitated by some piece of technology.

From our perspective, the use of this data should be limited to the transaction at hand and retained by the company we are interacting with. We fully expect that companies will analyze any sales or customer data that it receives. With regards to other data collected by devices like health monitors, voice-activated assistants, televisions and refrigerators, the expectation is that our requests are retained long enough to execute the demand and then forgotten. What we don’t expect is that in addition to using customer data for their own purposes, companies will turn around and further monetize this data by selling it to anyone willing to pay.

Aside from companies finding what some would describe as an amoral alternative uses for client data, all this customer data provides a tempting target for some clearly bad actors, especially hackers and other sellers of stolen data. This brings about the question of what can be done to protect your digital identity? Turns out there are a few things that you can do and increasingly, steps that companies are being forced to take by regulators.

Protecting Digital Identity

One way to protect your data is to avoid, well, just about everything. Another way is to not avoid everything but be selective about what devices or services you do use and further, take the time to review End User License Agreements (EULA) for those services you do want to use. There’s good news and bad news here. The bad news is that often times you need to be both a computer science major and a lawyer to fully understand the terms of service of these agreements. The good news is that while there have been a number of data breach incidents and even some bad actors, regulators have taken notice, and not just recently.

Data protection has been on regulators’ radar since the creation and implementation of the 1995 Data Protection Directive. That regulation was replaced in 2018 by the General Data Protection Regulation (GDPR). This regulation is more than just a guideline to best practices for handling customer and other data online. Simply put, it is law in Europe and also affects companies that do business in Europe or even transfer data through European servers. While it has provided comfort for netizens globally, it has sparked two major movements. The first is the proliferation of similar legislation around the world. The U.S. doesn’t yet have any data privacy legislation at the Federal level but we have seen states like California, Colorado, Virginia, Utah and Connecticut pass broad protections that come into effect on January 1, 2023. Other states like Maine, Tennessee and Nevada have enacted protections for consumers as well.

The second effect is that companies are starting to change the way they do business with regard to how they are handling customer data or in the case of Apple (AAPL), imposing limitations on how their corporate customers interact with end users. We have seen this play out in real time when Apple initiated restrictions on what app developers could do if they wanted to remain on Apple’s App Store. The response was immediate from both the affected companies and shareholders of those companies as we saw services like Meta Platform’s (META) Facebook forecast that data privacy restrictions imposed by Apple would put a $10 billion dent in 2022 earnings. While these and future restrictions may have a damping effect on the expected returns of social media companies, the inability of advertisers to optimize hyper-focused ad delivery doesn’t spell the end of business as we know it in our opinion.

For many, these regulations are worth celebrating. Data Privacy Day sounds like something that might be a recent phenomenon but is an international holiday of sorts that has been around since 2007. The observed date is January 28 and is celebrated globally, with awareness-raising events U.S., Canada, Luxembourg and India to name a few places.

Wrapping It Up

A computer needs to know everything about what users are doing in order to function properly. As we continue to digitize our lives, all of these devices and services, in the same way, need to “know” more and more about us in order to be as useful as we want them to be.

To some, Digital Identity seems to be just an extension of traditional identity. While identity documents identify someone as a person, or more clinically, a legal entity, Digital Identity goes way beyond basic recognition. The sum total of the data in a complete digital identity provides insights into the physical, mental, emotional and economic state of an individual. Because of this, companies, and other actors, good and bad recognize the value of this data. Governments also recognize this and in response, are creating rules and regulations like GDPR in Europe and similar legislation across the world. Our hope is that we can continue to benefit from technological advances while keeping our data, our most sensitive data, safe.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

In This Story

AAPL

Other Topics

Technology Personal Technology Policy & Regulation Cybersecurity