At Yoti, one of our seven ethical principles is to encourage the personal ownership of data, which is why we are thrilled to have spoken with Gus Fraser, CEO of Revoke, about all things data and privacy.
Revoke is the company striving to fix the personal data crisis for individuals. In this Q&A, Gus tells us more about how to manage our ‘digital footprint’, and how tools like Revoke can help individuals avoid data breaches and hacks.
***
Tell me about Revoke and what data and privacy means to you.
Revoke helps people to regain control of their personal data whilst also helping organisations to remain compliant with data protection legislation. We feel there is a veritable personal data crisis with data breaches happening daily and privacy getting out of control. We want to help fix the broken internet by restoring privacy and balance to individuals.
In one sentence, why should we care about data and privacy?
Everybody connected to the internet is exposed to very real and obvious risks such as hacks, fraud and identity theft. However, there are also more sinister threats including being manipulated by Big Tech. Whether you think you’re personally immune to manipulation or not, we know this is happening, and we need to stop it.
What actions can people take to ensure good online data hygiene? And what red flags should people look out for?
We strongly recommend using privacy-respecting tools where available. Use Brave to browse the internet instead of Chrome. Use Signal instead of WhatsApp. Use DuckDuckGo instead of Google. Use a password manager. Ensure you have a multi-factor authentication setup where possible on all services. Multi-factor authentication may feel like an inconvenience, but it has the single biggest impact and is definitely worth it to avoid your account(s) being hacked.
What are the differences in data security for businesses versus individuals?
Sadly, most people don’t have a cybersecurity department or helpline to call (unless they’re a Revoke Premium subscriber) so it’s unrealistic to think that all individuals have the necessary support to keep safe from all threats. We really would love to help everyone to take the right precautions in the same way a corporate security department might advise a business. That being said, we have a lot of work to do to continually help people to be aware of the risks and protect themselves.
On the other hand, businesses have a legal obligation to keep personal data safe, not to mention the obvious commercial risks in not having adequate cybersecurity. However, despite there being big differences, nobody can ever be truly safe, so it’s important to have a plan for when the inevitable happens. From a business perspective, this is usually part of a cyber incident response plan. From an individual perspective, there are steps we would recommend like ensuring you set up multi-factor authentication everywhere it is available and use a different password for all services (ideally using a password manager). We also strongly recommend deleting accounts you no longer use (hint: Revoke can help you with this!)
What positive changes will people see from using Revoke?
Revoke provides education and awareness of risks, helping to mitigate these risks by providing tools for our users to exercise their data protection rights, reducing their digital footprint and giving them visibility and control over their personal data. We are also looking at facilitating claims for individuals who have been victims of a breach that will result in financial benefits in future. Premium subscribers have access to a 24/7 helpdesk as well as identity theft insurance, in case the inevitable happens and they have been unable to recover financial losses incurred from their bank or other service providers.
What do you think companies should be doing in the data and privacy space in terms of best practice?
All companies should ensure that no personal data is stored unencrypted. We also believe that if a company is having to manually intervene to respond to requests from customers, they are quite simply doing it wrong. The only way of truly facilitating customer requests is to automate them, ensuring that customers have control of their data at all times.
How does Revoke identify and address privacy challenges?
A big part of Revoke’s activity is education; helping users to understand the impact of choices they have made knowingly or unknowingly and aiding them in exercising their rights. Our lives are intertwined with technology these days. It’s unfortunate that companies like Yoti and Revoke are the exceptions when it comes to adhering to privacy by design principles from the very start; most organisations treat privacy as an afterthought. As a result, legislation and tech are playing catch up to try and redress the balance.
Everybody will have seen those annoying cookie banners, but does anybody read them? What about the privacy policies? Both exist to try and give consumers a choice, however, the choices aren’t as easy as they seem. For example, sometimes the service doesn’t work without cookies or the details are too technical and bogged down by legal jargon making it confusing and unclear for consumers.
What do you think is the next big thing for privacy in tech?
Ideally, the next big thing for privacy in tech will be complete visibility of our digital footprint and how our data is being used. Should financial services companies be permitted to use social media to determine credit-worthiness? The EU is attempting to curb Big Tech’s influence by banning the use of social media data to check borrowers’ ability to repay loans. However, legislation takes time to catch up and regulate to protect us.
Big Tech is collecting data daily; we’re all individually leaking data every day all day. Data is collected everywhere from apps that we use every day, like our GPS and weather apps tracking us. It’s out of control. The first step is awareness and visibility of what is happening, the next step is to regain control.
If our readers can take one thing away about the online tracking and privacy landscape, what do you think it should be?
If a service is completely free, you are typically the product. Businesses are monetising your behaviour and manipulating you. Your purchases, browser habits, clicks, likes and preferences are used to profile you. Whilst you may feel as though you are immune to marketing influence, decisions by insurers or financial services companies could impact our livelihoods.
We need to manage how our lives are at risk of personal data being used against us, rather than putting out fires after we’ve already been a victim of a hack, fraud or identity theft.
Finally, thanks for talking to us today; are there any other sources of relevant information about privacy that you would recommend?
Absolutely! For anybody who hasn’t seen The Great Hack, it’s a must. The fascinating Oscar and BAFTA nominated documentary features the Cambridge Analytica whistleblower Brittany Kaiser, whose book Targeted provides further insight into the disturbing truth about the multi-billion dollar data economy and how Big Data, Donald Trump and Facebook broke democracy.
Carissa Veliz actually argued in a recent TedX talk that we should end the data economy – and it’s hard to disagree. Carissa’s recent book Privacy is Power is excellent too, as is Shoshana Zuboff’s The Age of Surveillance Capitalism in which there are stark warnings about an inevitable dystopian future if we don’t act on protecting our privacy now. Perhaps we can prevent some of Shoshana’s predictions by regaining control of our data now.
***
If you would like to learn more about Revoke’s services, you can contact the Revoke team here. Alternatively, if you would like to learn more about Yoti’s own approach to data privacy and tracking, you can read about it on our blog.