Understanding the privacy vs security customer dilemma

People often use the words privacy and confidentiality interchangeably. It’s easy to mix up the two terms as they both refer to the level of responsibility consumers demand from organisations using or accessing their data and information. They do, however, relate to two different parts of any terms and conditions between consumers and the organisations they choose to deliver goods or services.

While privacy is about respecting people as individuals and allowing them to retain control over who can access their information, confidentiality is concerned with specific types of personal information, usually legal or health data.

Confidentiality differs from privacy in that it entails establishing a border around personal data, with the understanding that only a select few persons with specific privileges or good reason will ever have access to it.

The distinctions between privacy and confidentiality may be subtle to the average consumer, yet each imposes significant obligations on firms. As the world becomes more digitised and people’s reliance on these two tenets rises, some firms are confronted with a problematic paradigm: avoiding trade-offs between user security and the power given to consumers.

Shaking up the digital foundations of trust

In the Middle East, countries such as UAE, Saudi Arabia, Qatar, and Bahrain have long been ramping up their efforts and enforcing laws to ensure that organisations comply with data privacy regulations. In fact, according to the International Association of Privacy Professionals (IAPP), in the UAE, at least 19 laws are focused on or contain sections regarding data privacy.

However, when it comes to regions tackling the privacy-confidentiality dilemma head-on, there’s no better place to look than Europe.

Today, consumers in Europe demand the greatest levels of data security and governance and more control over their personal information, which regulators and some tech businesses are willing to meet.

Apple, for example, recently introduced App Tracking Transparency (ATT), a new privacy feature. Its goal is to provide consumers greater control by choosing which apps can track their activity across apps and websites from different companies. However, because many businesses’ use continuous authentication techniques to track users and confirm the digital identities of users, this upgrade may cause severe problems.

Apple postponed the privacy feature’s rollout for more than a year to allow developers more time to prepare since many businesses rely on traditional methods of identification that would be rendered obsolete by this upgrade.

On the surface, this appears to be a massive gain for consumers, as it seems to be all about minimising the amount of advertising customers see while also increasing their privacy. However, Apple’s approach will very certainly have a significant impact on user security because it undermines the core foundation of trust upon which the entire digital ecosystem is constructed.

Google’s plan to delete third-party cookies from its browser, Chrome, is another development that’s likely to cause even more disruption to online businesses’ established security frameworks. And, as other prominent browsers, like Mozilla’s Firefox and Apple’s Safari, prepare to follow suit, this will significantly impact businesses that still rely on old-fashioned methods like cookie monitoring to validate user journeys.

Even if these actions were taken in the user’s name and are applauded by civil rights organisations and the mainstream media, people must recognise we are no longer discussing the trade-off between security versus user experience. Instead, we’re approaching a new era in which the choice is increasingly between security and privacy – and there’s a lot more at stake than just advertising dollars. Customers may believe they are merely opting out of being monitored by a company. However, they are opting out of the procedures designed to protect them and their identities.

Building towards a more informed future

While these changes may be inconvenient for businesses, tools like cookies were never intended to be used to track people’s browsing patterns to serve targeted Facebook adverts. They were designed to make it easier for websites to collect information such as preferences and login information. However, as data misuse has progressed, it is now a vital component of the digital trust ecosystem and is utilised in various inappropriate ways. Many so-called security organisations, for example, authenticate users not by positively identifying their identities but by comparing their online behaviours and tendencies to those of fraudsters.

Therefore, organisations must abandon these obsolete (and usually unscrupulous) authentication methods in favour of positively identifying users based solely on the information they provide. It means that firms don’t misuse their customers’ data, invade their privacy, or incorrectly group them with other people, all while increasing friction.

To achieve this, current authentication procedures must be radically altered, and authentication and privacy must be baked into all products and services. In industries like retail and banking, it’s critical to ensure that the security of digital solutions is created with privacy in mind.

If the goal is to give consumers better privacy and security, education must play a vital role in the process. People should be told exactly what they agree to when they click yes or no to being tracked, in clear language.

At the same time, businesses must examine how they engage with their customers and data. Because if they’re still relying on outdated authentication tactics based on consumer tracking, it’s time to reinvent how companies think about privacy, starting with treating it as equally important as security and the user experience.

Saeed Ahmad is the managing director – Middle East and North Africa at Callsign