Book review of ‘Cyber Privacy: Who Has Your Data and Why You Should Care’

“Data, I’ve found, is becoming like the weather; it’s something that almost anyone can talk about.” (p. 300)

Cyber Privacy: Who Has Your Data and Why You Should Care by April Falcon Doss is a timely title on so many key issues around data privacy in the online world– And Doss is well-positioned to write on this topic, with her thirteen years working at the NSA and later working in a private sector practice focusing on cyber-security and privacy issues. I found this title to be a thoughtful and well-written perspective, primarily centered on the U.S. Cyber Privacy is also very accessible to read for those who might not be well versed on the topic- Doss provides a very approachable style in the discussion and I often had a hard time putting the book down.

I appreciated how Doss starts the reader out with the basics in chapter 1- categorizing data and also talking about the function of personal data. I think this was a critical place to begin to remind the reader not only of the breadth of what personal data can mean but to also think about the short-term and long-term purpose of data collection. Doss reminds the reader later in the book of the non-stop growth of the generation of data in recent years, particularly when we think of all the potential data points (social media sites, fitness wearables, any smart device, etc.).

Doss first presents the shift at grocery stores from consumers primarily using coupons to using store loyalty programs, where the significance of this move can be found in collecting massive amounts of information tied to an individual instead of being anonymous. The author wonders if we should rethink the concept of privacy in modern culture completely— 

“Indeed, information that has always been visible has become so readily available and so transparent that it raises an important question: Now that so many types of personal data are available so cheaply and easily, has something fundamental in the nature of privacy changed?” (p. 15) 

Book cover image for Cyber Privacy

Doss outlines different ways biometric information has been used over the years to identify individuals- fingerprints, gait recognition, facial recognition, genetic sequencing and medical information. Over time, laws such as HIPAA have placed some protection over certain types of medical information, though by and large many of these ways to track biometric information is not protected. And as we move more and more towards living in a digital world of data, Doss reflects that many individuals are even less sure of what constitutes as private information. Individuals also differ on how they view telephone metadata (phone numbers, cell phone location, etc), an individual’s internet search and online activity, and beyond. And the author is quick to remind us not only of the short-term use of this kind of data, but the long-term— “When our search history becomes available to third parties, the risk increases that we will be judged not only for having made those searches, but on why we searched at all.” (p. 31) And this gets to the more sensitive category of data about the individual– Information around what we think, believe and know, and is perhaps the most dubious.

And when massive growth of data meets with huge growths in computing power and potential, herein lies the challenges around privacy for the individual. Doss poses a few questions to think about- Not only do we need to worry over the larger questions of “Who has my data? And why should I care?” but also “What, if any, restrictions are there on how personal data can be used against me?” and “With the rapid pace of new technology development, how can law and privacy keep up?” (p. 40)

Chapter 4 focused on how individuals place value in privacy and private information. We may not immediately see harm or violation in sharing personal shopping information via store loyalty programs, though we likely have not considered what might be done with the collected information. I particularly enjoyed the section in that chapter entitled “If You’re Not Paying for the Product, You Are the Product”, in which Doss states “With 10 likes, Facebook knows you better than your coworkers do. With 70 likes, Facebook knows you better than your roommates and real-life friends do. With 150 likes, Facebook knows you better than your own family does. And with 300 likes, Facebook knows you better than your spouse.” I thought this was a poignant statement, in how easily and freely we can disclose information through certain digital channels without considering the ramifications.

And how often do we click through lengthy privacy notices, barely glancing at what we are consenting to? And Doss notes, these consents are almost always blanket- giving the company a free pass to do whatever it wants with the collected data, anywhere and anyhow it likes. And without federal data privacy laws here in the United States, it’s even more difficult to know what protections one may be entitled to. As some may be aware, the California Consumer Privacy Act (CCPA) is really the first encompassing data privacy law in the States that took effect in early 2020, though we are likely still a long way away from anything at the federal level, as seen in the EU in the GDPR. 

Doss discusses “The Big 4”- Apple, Google, Facebook and Amazon in Chapter 5, and how these four particular companies have an “unprecedented and unparalleled access to data about our preferences in news and entertainment, our online searches and purchases, our religious and political affiliations, our health, our education and employment, our hobbies and interests, our social connections and our ‘psychosocial profiles’.” (pg. 65) And Doss later brings up in Chapter 10 the integration of Google Chromebooks in many K-12 schools, mandating the use of Google-hosted content and likely tapping into personal data from each student. (And, being the parent to twins who just started kindergarten this year and are indeed working on Chromebooks already, where is the opt out??)

Data profiling using mountains of collected data used in marketing strategies is outlined in Chapter 7, offering a fascinating insight into ways our information is used to tailor ads. I have often wondered how certain retailers through social media sites have oftentimes hit on something so precisely of interest (and I thought to myself that many times, these are pretty frivolous things, like my cherished Bernie Sanders “This could have been an email” tee that I purchased through a suggested for me via an Instagram link…. But I wonder what my shopping algorithim is?). 

Doss also reminds the reader that data collection is all around us in the modern world, both in ways we may be aware of and ways we may not (such as Spouseware and other stalkerware). And Doss also includes a nice summary of work around data privacy dating back to the early 1970s here in the US with the formation of an advisory committee (“Records, Computers and the Rights of Citizens” in) to a post-9/11 world. The chapters on policing, government, and surveillance were fascinating and so thought-proking, I felt these could be expounded on to be its own book altogether, particularly around the misuse of surveillance technology (parts of which gave me goosebumps to think about the implications within our own context and worlds).

I also appreciated some of Doss’s more humorous examples throughout the book. I had not heard of the smart toilet before, the TrueLoo, that has sensors to potentially detect certain ailments and viruses. I think the important questions Doss presents are perhaps not geared towards the technology itself, but instead the data collection practices and governance, and as well as the use/re-use of data that is of prime concern. Who is tracking this information and how is it being used? And not just for humans, but also our canine friends (PooPrints)!

Doss did provide some hopeful thoughts about the future of data privacy (“Pandora’s Box: Data’s Dangers, and Finding Hope at the Bottom of the Box”). The need to redefine privacy in a modern world with fair legislation, and set limits of data collection, use and re-use. Using outdated laws and thought around privacy in the digital world is clearly not effective.

AuthorVirginia Dressler

Virginia Dressler is the Digital Projects Librarian at Kent State University. Her specialty areas are project management and digitization, working primarily with the university’s unique collections. She holds a Master's of Library and Information Science from Kent State University (2007), a Master's of the Arts in Art Gallery and Museum Studies from the University of Leeds (2003) and a certificate in advanced librarianship (digital libraries) from Kent State University (2014). Her research areas include privacy in digital collections and the Right to be Forgotten. She is author of Framing Privacy in Digital Collections with Ethical Decision Making (Morgan & Claypool, 2018).