By: Amir Nooriala, Chief Commercial Officer at Callsign
Often, when people talk about trust in relation to a business, the terms privacy and confidentiality are used interchangeably. It’s easy to confuse the two words as they both relate to a responsibility of care consumers should expect from the bodies that access or utilize their data and information. However, they refer to very different aspects of this agreement.
Privacy is all about respecting people as individuals and primarily concerns enabling users to retain some control over who can access details pertaining to their lives, such as their personal information. Confidentiality, on the other hand, is centered around certain types of personal data, usually of the legal or health variety.
What distinguishes confidentiality issues from privacy ones is that confidentiality necessitates the creation of a boundary to be set around personal data, with an agreement that only a few people with certain privileges or good cause will ever be able to access it.
The differences between privacy and confidentiality might be nuanced to the consumer, but each place different responsibilities on businesses.
So, as the world continues to become more digitized and the importance individuals place on these two tenets grows, some businesses are being presented with a challenging paradigm: how to prevent tradeoffs between user security and the power afforded to consumers.
Shaking up the digital foundations of trust
When it comes to regions confronting the privacy-confidentiality quandary head on, there’s no better place to look than Europe.
European consumers today expect the very highest levels of security and governance when it comes to data, but also desire more control over their personal information – expectations regulators and some tech companies are eager to appease.
Apple, for instance, recently launched a new privacy feature called App Tracking Transparency (ATT). Its objective is to put more power in the hands of consumers by allowing them to toggle on and off which apps can track their activity across other companies’ apps and websites.
However, because the continuous authentication methods required for many organizations to confirm digital identities and foster trust with users relies on this ability to track users, this update has the potential to create huge issues.
As so many businesses rely on traditional methods of authentication that would be rendered defunct by this update, Apple delayed the privacy feature’s launch for more than a year to give developers more time to prepare.
On the surface, this looks like a huge win for consumers as it seems to be all about limiting the amount of advertising users experience whilst improving their privacy levels. However, this move by Apple will likely still have a significant impact on user security because it undermines the very fabric of trust the entire digital ecosystem is built upon.
Another change that’s likely to usher in even more disruption to the established security frameworks of online businesses is Google’s plan to remove third-party cookies from its browser, Chrome. And as other popular browsers such as Mozilla’s Firefox and Apple’s Safari are set to follow suit, this will have a seismic impact on businesses still relying on outmoded methods such as cookie tracking to authenticate user journeys.
Even though these moves have been made in the name of the user, and have been mostly praised by civil rights groups and mainstream media, it’s crucial people understand that it has shifted the conversation away from the narrative around security versus user experience.
Instead, we’re entering a new era where the tradeoff is becoming centered around security versus privacy – and there’s much more on the line than just advertising dollars. Because while a consumer may think they’re simply choosing to not be tracked by a business, they may not know they’re also opting out of the very mechanisms designed to protect them and their identity.
Building towards a more informed future
While these changes may be disruptive to businesses, the truth is tools such as cookies were never meant to be used to track people’s browsing habits for the use of personalized Facebook ads. They were created to make it easier for websites to gather information such as preferences and login details.
But because this abuse of data has evolved over time, it’s now a core feature of the digital trust ecosystem and is used in a number of improper ways. For instance, many so-called security companies authenticate not by positively identifying a user’s identity, but by comparing their online habits and patterns to that of fraudsters.
That’s why it’s imperative that businesses stop relying on these outdated (and often unethical) methods of authentication and begin to positively identify users digitally using only the information they present. It means businesses don’t abuse their users’ data, intrude on their privacy, or unscientifically lump them in with other people, whilst also adding more friction.
Achieving this means fundamentally altering current authentication strategies and baking it – along with privacy – into all products and services. In sectors such as retail and banking, the time to ensure the security of their technology solutions is built with privacy in mind has already arrived.
Education also needs to be a vital aspect in all of this if the mission is to give users more privacy as well as security. People should be told in clear and plain language what exactly they’re agreeing to when they click yes or no to being tracked, and always assume they’re just agreeing to or rejecting advertising cookies.
In the same breath, it’s equally crucial that organizations self-interrogate how they interact with their customers and data. Because if they’re still relying on archaic authentication strategies built on customer tracking, it’s time they recontextualize how they view privacy – beginning with regarding it as just as important as security and the user experience.