The Weekly Breach Breakdown: Big Changes for Mobile Device Privacy and its Effect on the Internet

• Changes are about to happen when it comes to mobile device privacy. Privacy advocates have long sought regulations in the U.S. to mandate opt-in requirements rather than opt-out.
• In the spring, Apple will change their mobile operating system to automatically block data collection unless someone explicitly opts-in.
• Some advertising experts estimate that between 50 to 75 percent of iPhone users will pass on agreeing to share data based on experiences with other opt-in opportunities. Some researchers believe as few as five percent of Apple product owners will opt-in.
• The trend in marketing and advertising gives consumers more of a voice in what information is collected about them and how it is used. It’s the core of modern privacy – informed consent. The more transparency that exists about personal data and its use, the more informed the consent.
• For information about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notified.
• For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 19, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. This week we look less at security and more at privacy, specifically about major changes that are about to happen to mobile device privacy and how that relates to our travels around the internet.

Sir Walter Scott wrote in his epic poem – “Oh what a tangled web we weave when first we practice to deceive.” That gives us the title for this week’s episode: “A Tangled Web.”

Cookies on the World Wide Web

From the earliest days of the internet, when it was still called the “World Wide Web,” small pieces of code were added to websites that would attach to a website visitor’s browser. The code snippet was called a “magic cookie” because it would help websites remember someone already visited the website and provided information that personalized the experience.

Privacy Concerns Around Tracking Cookies

Over the next 20 years, the amount of data collected by cookies and how cookies were used to track movement around the web became a source of privacy concerns. In 2018, the European Union (EU) became the first government to regulate cookies to require website owners to get visitors to express permission to attach a tracking cookie – before the web content the user was trying to access could be delivered.

The rule’s practical effect was to end the practice of using tracking cookies to collect consumer information to fuel online advertising – first in the EU and now globally. The major browser makers – Apple, Mozilla, Microsoft and Google – have all blocked third-party tracking cookies or will soon do so.

Identifier for Advertisers (IDFA) on Apps

Moving around the internet with a mobile device is a bit little different. Most people use an app rather than a browser to access the web. Instead of cookies, there is a different piece of code known as an Identifier for Advertisers (IDFA) that collects and reports who and how one uses an app.

However, unlike a cookie, an IDFA can be managed easily in a phone or tablet’s settings if the device maker allows one to opt-out of app data collection. The default settings on all smartphones today are to enable data collection from apps.

Opt-In and Opt-Out Requirements

Here’s where we talk about the big changes on the horizon in mobile device privacy. Privacy advocates have long sought regulations in the U.S. to mandate opt-in requirements rather than opt-out. This is so consumers have the opportunity to make an informed decision about what data is collected, by whom, and how it is used. To date, most laws and regulations – if they mandate any consumer consent at all – require consumers to be offered the chance to opt-out of data collection.

Apple to Block Data Collection Unless Someone Opts-In

However, in the spring, Apple will change their mobile operating system to automatically block data collection unless someone explicitly opts-in. In fact, the first time someone opens an app after the upgrade, they will be asked if they want to allow data collection. That’s a monumental change in mobile app privacy from today’s opt-out world.

People may have read in the media that not everyone is happy about this change. Facebook and other large advertisers are concerned with the loss of consumer data that will result if a large number of iPhone and iPad users decline to opt-in to data sharing.

Some advertising experts estimate that between 50 to 75 percent of iPhone users will pass on agreeing to share data based on experiences with other opt-in opportunities. Some researchers project as few as five percent of Apple product owners will opt-in.

The Trends Include More Informed Consent

The clear trend in marketing and advertising is giving consumers more of a say in what information is collected about them and how it is used. It’s the core of modern privacy – informed consent. The more transparency that exists about how personal data is used, the more informed the consent.

Informed consent includes understanding that there will be fewer targeted, personalized ads with less personal data available to marketers and advertisers. Also, there may be fewer free products and services as website owners add fees or subscriptions to make up for lost revenue from data sales.

Apple has not announced when the update that includes the new mobile device privacy settings will be released, so consumers should stay tuned for more details.

Contact the ITRC

If anyone has questions about protecting their personal information, they can visit www.idtheftcenter.org, where they will find helpful tips on this and many other topics.

If someone thinks they have been the victim of an identity crime or a data breach and need help figuring out what to do next, they can contact us. Victims can speak with an expert advisor on the phone (888.400.5530), live-chat on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.