This is a subject that is dear to me and that is also consubstantial with my commitment to the #digitalsovereignty. It seems that finally there is a shudder, and that the subject of our personal data and their uses is becoming a concern a little wider than the circle of experts alone.
The best example is the last report of Cash Investigation of France2. I found it well constructed and popularizing without watering down the problems of this theme that I consider critical.
Our data, what’s at stake?
I know that for many people, there is still a difficulty to understand the inherent risk of sowing our data, under the pretext that such an application, or such a practical site is free.
From my point of view, this is the strategic error of the public authorities at the beginning of the Internet. They should have imposed from the beginning the non-free nature of services.
You will tell me that I am pushing the envelope. However, in the classical economy, are there quality or less quality services that are free? Apart from promotional campaigns, how can we justify that the production of a product or a service requiring the work of a person or a team of people is not paid?
As for most of the internet users, myself included, the internet has been and still is mostly a space of freedom where paying was/is unthinkable…
One of the consequences, but it’s not the only reason, is that the big groups, which are companies and therefore have the vocation to be profitable, have used and monetized what you gave them, your personal data like your name, first name, physical or electronic coordinates, your browsing habits, your consumption habits, your political opinions, your religion….
And these data are exchanged, consolidated through databases held by digital companies, some of them little known to the general public, other giants with a huge reputation, the #gafams.
The major issue with our data is that its use without your knowledge can have impacts on your social and professional life or on your ability to insure yourself or to borrow… Remember that your data is kept and not deleted, its aggregation can be used against your interests, in order to extort confidential professional information from you, to blackmail you for money or any other malicious purpose…
It is therefore imperative to regain a minimum of control on the data you share and, on your possibilities, to amend or even destroy them.
To protect ourselves what weapons?
In our misfortune, in Europe, we are a little luckier, because the legislator despite the opposition has strengthened the existing legal provisions with the RGPD (General Data Protection Regulation GDPR in English), and it should be noted that we are talking about data protection and not only personal data, which broadens its scope.
But this legal protection that has changed many things, such as the need for sites to ask for your consent on the use of cookies. This famous window which is tedious, but where I recommend you to systematically refuse all cookies not essential to the functioning of the site. We note that many sites are not yet in compliance.
It is also important to be trained in good security practices, the ANSSI which is the French National Agency for Information Systems Security offers training courses that I recommend (SecNumAcadémie). You also have the CNIL which proposes a MOOC on the RGPD which can be useful for you as a citizen and/or entrepreneur (the RGPD workshop).
We can’t forget that on your phone, it’s important to be careful about the applications you download and especially the permissions you give them. A good practice is to do a regular cleanup on the applications you no longer use by deleting them and deleting all associated data. Only activate your geolocation when you really need it.
The special case of health data …
How many times have I heard the famous “I have nothing to hide”; Really? Let’s take a closer look at your health data…
We will first proceed by separating your health data into two distinct groups:
- Health and wellness data (vital signs, sleep, personalized and personal follow-up outside the health care system)
- Medical data (Consultations, medical imaging, biological analyses, various tests, hospitalization and prescription)
Health and Wellness Data
These are all applications or platforms that, with the help of connected objects: watches, scales, blood pressure monitors, heart rate monitors, GPS, sleep detectors, allow you to monitor your state of health.
All this allows us to collect, analyze and understand your health status, to suggest lifestyle strategies or even encourage you to consult in case of worrying signs…
We have players such as #Apple, #FitBit (Google) or Samsung for the most famous who through their connected watches offer you this type of service. But there are many other players… On these players two questions, are the sensors qualified for a quasi-medical use? And are you the master of your data? This question is legitimate as shown by the decision of the European authorities who validated the acquisition of Fit Bit by Google on the condition that there is a watertight seal between Fit Bit data and Google …. But can we trust the American giant? It is true however that these applications are very useful, and I am not the last one to use them, but I chose an actor who in my eyes today seems to be the most serious about the treatment of my personal data : #Withings, which is moreover a French actor and thus of French law (another important criterion).
Our medical data
This is all our health data collected during our health care pathway, whether it be from the doctor, the pharmacist, the physiotherapist, the hospital, etc…
Normally, these data are confidential and are not intended to be disclosed.
However, we know that there is no real anonymization of data for a simple reason: to anonymize data, a lot of information, including medical information, would have to be deleted to prevent any identification, which would considerably reduce the interest of the data.
We can add that our consent on the use of our data has not been explicitly asked.
Two resounding cases have undermined the principle of confidentiality.
The first is the Health Data Hub, a tool designed to collect all the health data of the French. Initially designed to facilitate specific research and Big Data projects, its objective is now to be of public interest, a vague notion …
Moreover, the service provider chosen without a call for tenders is Microsoft Azure, a US company, whereas we have French players who are quite capable, such as Ovhcloud or 3DSoutscale.
The Data Hub Santé affair made a lot of noise and led to the mobilization of French digital actors (PlayFrance.digital), I had the opportunity to indicate some solutions to react to this hold-up article précédent)
In front of this mobilization and these reactions, the state was obliged to react, and signaled that we would leave the #Microsoft offer, but do you believe that this will be the case? I have my doubts about this announcement. Indeed, there is no longer any talk of a Sovereign Cloud, but of a “trusted” cloud, where #gafam would have their place Développez.com))! We are walking on our heads, and we can wonder if there would not be new conflicts of interest in this maneuver! I can’t say for sure, but I do ask the question!
We are walking on our heads, and we can ask ourselves if there are not new conflicts of interest in this maneuver! I can’t say for sure, but I do ask the question!
Another alert point raised in the Cash Investigation report is the “coup de Jarnac”, with the authorization given to #IQVIA, an American company to collect our prescription data via software installed in partner pharmacies. Although the CNIL asked for patients/clients to be informed, the report could only note that this had not been done. I encourage all those who feel concerned to write to IQVIA’s data protection officer: PrivacyOfficer@IQVIA.com, to request the recovery of all their data and their deletion from their databases, as well as from the databases to which they have been transmitted Modèle-DPO-IQVIA). In case of non-response from them within one month, do not hesitate to file a complaint with the CNIL, online procedure (online complaint).
What are the risks?
The risks of this takeover of our private data are multiple, and we have been able to guess some of them during our journey in the previous paragraphs. But I’d like to try to point out some of these risks, in order to avoid the easy reaction, “I have nothing to hide”. Indeed, the problem is not there in itself.
When your data is collected, it is stored and aggregated in order to build up the finest possible picture of your habits. And above all they are never deleted…
First of all, it is all your browsing data, all the searches you have made, the sites you have visited. Then there is all your consumption data, through your online purchases, but also through your various loyalty cards. Then, as we have seen, your health data.
The accumulation of this data by the “data brokers” allows them to carry out precise profiling of your behaviors, and then they can resell your data to different customers: Banks, Insurers, States who can use it in various ways.
A banker will not lend you money because of your financial situation, or your habits. Or he will lend you money at a higher-than-average rate. The insurer will increase your amounts, because you present such a profile that he considers at risk…
For a state, this can allow to collect information to orient your vote (Cambridge Analytica)
We can imagine malicious actors using certain information, your browsing on porn sites for example, or the publication of images or content on social networks and use them to “blackmail” you. Don’t forget the headhunters and your future employers who will explore social networks to decide on your recruitment…
Which actions to limit the risks?
Here again, we must use barrier gestures. There are several kinds. The first and easiest one is to systematically refuse all cookies and other traces during your browsing. Use web browsers that allow you to systematically delete these cookies when you close the session (Firefox for example).
Take the time to think about what you publish, as if everything had to be published in a newspaper, if you do not deny the content, it is a good sign.
Choose solutions that in essence do not use your personal data: for instant messaging I recommend #Olvid, for email messaging, think of players like #mailo or #protonmail. Of course, these solutions for advanced features offer paying formulas, but it is also the price to pay for you not to be the product!
On social networks, choose a network that is ethical in its approach. Of course, it is always tedious to switch to a new player, and the effort may seem insurmountable, but isn’t the control of your data worth it? I suggest you to study the offer #smartrezo.
Don’t hesitate to adopt good practices such as the systematic use of a VPN, which allows you to hide your IP address and increase the difficulty of tracking you. It is of course important to have a good antivirus, and to choose a paid solution, unfortunately the free versions can hold bad surprises. Indeed, companies have to generate turnover, and if you don’t pay for the service, your data is sold with your implicit consent and without knowing how your data will be used. For example, the photos you publish or the content you post on Facebook are no longer your property (read the terms of use carefully…
Finally, use the add-on module #disconnect on your browser, which allows you to see for each of the sites you visit the trackers at work…
Finally, the last weapon, to protect ourselves, is education and training, to find our critical mind, to take measure and to avoid reacting on emotion. Unfortunately, this is not an easy task considering all the maneuvers that are put in place to make you react on emotion, and not by using your reason…
Conclusion
The takeover of our data is underway, it is indeed a hostile takeover. If we are not careful, we will no longer be in control of our desires and ideas. But there is a set of provisions that are more or less simple to use. I have only touched on some solutions; they are not the only ones. This is a vast subject; we have only touched on it. Let’s keep in mind that it has repercussions on our personal life, but that it is also about major geostrategic and economic stakes, aspects that I could not approach, so much there was already to approach…
Rereading 1984 by George Orwell, will allow you to open your mind to the questions you must ask yourself…
