As people spend more of their lives online and depend more on technology, the protection of the right to privacy, as well as giving data subjects the tools they need to take control of their data online is becoming more important than ever.
In this week’s issue of In Perspective, Natasha King, Data Protection Consultant at Xcina Consulting, examines a new tool being introduced by Google that allows the removal of users’ personal information from its search results, to enhance privacy and safety online. She also discusses the increasing need for all organisations to adopt a privacy-first approach, as well as examining the key principles for embedding privacy into the design phase of any new systems, services, or processes that are being developed within your organisation.
Read our full analysis below for a look at what happened and why it matters.
What happened?
- Google has started rolling out its new ‘Results about you’ tool, which enables users to see what personal information, such as addresses, phone numbers, and email addresses, appears about them in Google’s search results and simplifies the process to request its removal, to help users strengthen their online privacy.
- Currently, the tool has been made available to some Android users via the Google app. Users can access the new tool by tapping on their profile picture in the top right corner of the screen and selecting the new ‘Results about you’ menu item.
- Users who discover search results containing their personal information through the tool can now request to ‘Remove result’, where they must then enter a justification for the removal, such as that it contains personal contact information or is outdated.
- Users can then track the progress of their removal request as it is processed by Google.
- Users have long been able to flag certain highly personal information that could be used for theft or fraud from showing up in Google search results, such as government ID, bank account and credit card information. But now, the removal request service has been made more accessible through its apps and has been extended generally to include personal contact information, as well as login credentials, in order to further enhance user privacy online.
- Although the new tool has only been made accessible to a select number of users thus far, all users can still ask for the removal of certain categories of personal content from Google Search by making a formal removal request. Information on how to do that can be found here
Why it matters
- According to experts, a quick internet search has the potential to reveal an individual’s home address, phone number, and more. This hasn’t gone unnoticed by cybercriminals, who are particularly interested in gaining access to personal information that they can monetise and exploit for fraudulent purposes.
- The National Fraud Intelligence Bureau’s Fraud and Cyber Crime Dashboard shows that over the last 13 months, there have been 345,752 reports of fraud and cybercrime from individuals in the UK, with reported losses of around £1.9Bn.
- As much of the world has now moved online, all organisations must appreciate the need to safeguard the privacy and safety of their customers, employees, and business partners. This includes the need to maximise access to information and provide individuals with the tools they need to take control of their data, both online and offline.
- Last year, Cisco released the results of a global survey of consumers and their opinions on digital privacy. The results revealed that 86% of consumers want transparency and control over how businesses handle their data, and an increasing number said they were willing to act by not making a purchase, as well as spending more money to protect their data.
- The GDPR requires organisations to implement technical and organisational measures to safeguard privacy from the outset when developing new systems, services, processes or ways of working (“data protection by design”), but how do you genuinely embed privacy in the design process?
- These foundational principles, as developed by the Information and Privacy Commissioner of Ontario, can underpin any approach you take:
-
-
-
-
- Proactive not reactive; preventative not remedial
Take a proactive approach to data protection and anticipate identify, and prevent privacy issues and risks before they happen, instead of waiting until after the fact
- Privacy as the default setting
Design any system, service, product, and/or business practice to protect personal data automatically, with no added action required by any individual
- Privacy embedded into design
Ensure data protection measures are not add-ons, but embedded into the design of any systems, services, products and business practices
- Full functionality – positive sum, not zero sum
Both privacy and security are important, and no unnecessary trade-offs should be made to achieve both
- End-to-end security – full lifecycle protection
Protect data throughout its lifecycle – i.e. process the data securely and then destroy it securely when it is no longer needed
- Visibility and transparency – keep it open
Assure stakeholders that business practices and technologies are operating according to objectives and subject to independent verification
- Respect for user privacy – keep it user-centric
Keep the interest of individuals paramount in the design and implementation of any system or service, e.g. by offering strong privacy defaults, providing individuals with controls, and ensuring appropriate notice is given
- Proactive not reactive; preventative not remedial
-
-
-