Opinion | When you shop or browse online, know that your personal information isn’t really safe

Globally, the use of different social media and online shopping platforms is experiencing a meteoric rise. According to Forbes, the number of social media users worldwide has hit a record high of 4.9 billion this year, and it is expected that almost 21 per cent of retail purchases this year will take place online.

The prevalence of online services, however, comes with data security risks that cannot be overlooked. According to a report released by the Hong Kong Computer Emergency Response Team Coordination Centre in May, during the first quarter of the year, there were more than 5,000 data security incidents in Hong Kong, 2,804 of which were phishing attacks.
With the proliferation of cybersecurity threats, as evidenced by data scraping (which involves the extraction of data, including personal information, from the internet using automated processes) and the ransomware attacks to which numerous multinational companies have fallen victim, the ever-growing complexity of the digital landscape calls for a more cautious approach to data security and the use of online services.

In today’s digital era, it only takes the touch of a finger to purchase groceries online, like a post, or share your live location, in a matter of seconds. However, almost every tap or swipe performed during those actions involves giving away your personal data, such as your browsing history, purchase transactions and, sometimes, credit card details.

This data is valuable, allowing online companies to provide you with personalised content and advertisements. As you go about your daily routine, you may be sharing more personal data than you realise.

In a recent report, the Office of the Privacy Commissioner for Personal Data compared the privacy settings of 10 online shopping platforms and found that all of them tracked users’ activities, including their location information, browsing history, transaction history and device information.
From the left, Chan Chi-wing, Bonnie Ngan Hoi-ian, Chan Shun-ching, and Ng Pak-wai, all from the Hong Kong Police Force’s Cyber Security and Technology Crime Bureau, attend a media briefing about online shopping scams, at the police headquarters in Wan Chai on August 18. Photo: Sam Tsang

It may come as a surprise that all of them also transferred users’ personal data to third parties, including not only advertising and promotion partners but also external service providers.

Similarly, our 2022 report reviewing the privacy settings of 10 of the commonly used social media platforms found that all of them collected users’ location data (including both their precise and coarse locations), and most retained users’ credit card details. The risks underlying the convenience of online experiences, including the potential malicious use of personal data, data leaks or data scraping, cannot be overlooked.
The above reports reveal that social media and online shopping platforms collect a considerable amount of personal data from their users. The more information you provide to these platforms, the greater the risk to your personal data privacy.

For example, hackers who have used data scraping to obtain your personal data, including your financial credentials, may expose them on the dark web, sell them to other cybercriminals, or even manipulate them for identity theft. The adverse consequences that may follow can be alarming.

Giving away personal data to social media and online shopping platforms can be perilous, given the increasing reports on data scraping, digital fraud, identity theft and other cybersecurity threats. This calls for closer scrutiny of our approach to data security and strengthening our defences against potential data breaches and cyberattacks.

In August, my office issued a joint statement with 11 other data privacy protection authorities around the globe to urge social media platforms and websites to be aware of their responsibilities and privacy protection obligations in safeguarding personal data from unlawful data scraping.
The number of social media users worldwide hit a record high of 4.9 billion in 2023. Social media platforms and websites must be aware of their responsibilities and privacy protection obligations in safeguarding personal data from unlawful practices. Photo: EPA-EFE

As co-chair of the Global Privacy Assembly’s International Enforcement Cooperation Working Group, Hong Kong’s Office of the Privacy Commissioner for Personal Data has strongly advocated the promulgation of a set of global expectations and principles on privacy protection. The joint statement is just one example of this effort.

Operators of social media and online shopping platforms must prioritise the protection of users’ personal data by establishing clear policies and procedures on data governance and data security.

The popularity and profitability of the services which they offer should not be at the expense of eroding users’ data privacy. The operators of social media and online shopping platforms should be acutely aware of and assume responsibility for protecting their users’ privacy.

Debate on data privacy and Chinese apps could do with a dose of honesty

In addition to accountability, platforms should also enhance their transparency, including on how they collect, use or transfer data, along with the kind of data collected and used.

For users of such platforms, before you click on “Pay” or “I Agree” to the terms and conditions of a website or mobile application, think twice about giving away your personal data.

While registering an account and allowing platforms to collect your personal data, browsing histories and location data may appear harmless at first glance. However, users should be aware of the risk that such data may become digital breadcrumbs for other companies to profile you and track your activities for marketing purposes. The data could also end up in the hands of fraudsters, for sale on the dark web, or used for a targeted cyberattack or even identity theft.

As the age-old maxim goes, prevention is better than cure.

Ada Chung Lai-ling is Hong Kong’s privacy commissioner for personal data

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button