The Challenges Of Owning Our Data In Brazil

These are only very simple instances of how our data is (mis)used in Brazil and how we often fail to ask some important questions to organisations: Who holds the data that I have to give you? Why are you storing it? What happens to my data after I give it to you?
|

Brazilians in general have a laid back attitude towards privacy when compared to people in other parts of the world. I first had contact with that reality when I moved to London from São Paulo in the early noughties. I was sitting on a packed Northern Line train in the London underground while a woman struggling to hold a large parcel stood in front of me - so I asked whether I could hold that package on my lap for her. Horrified, she replied: "Why would you want to carry my stuff?" I was equally horrified: something that was considered absolutely normal in Brazil was seen as a major invasion of privacy in the UK.

In Brazil, we see privacy and people's personal space in a different way. As well as carrying packages for strangers in packed buses and trains, we will touch you, we will make eye contact, we will ask you questions that would be considered unthinkable if we have just met you in a social setting... the list goes on. One might argue that this makes Brazilians a bit quirky in a positive way, but that relaxed attitude about privacy also means we are very much accustomed to give our data away without ever asking questions.

For example, to access an office building in Brazil I am required to produce some form of photo ID and have my picture taken, for "security reasons". I don't recall many occasions where I was required to show my ID to get into an office in the UK, let alone carry it with me at all times. Every time I shop at large retailers in Brazil I see people asking for and giving data everywhere, be it for loyalty cards, birthday discounts, prize draws...salespeople ask for my details and phone number when I buy a pair of shoes "just in case something I might like is launched."

Then I get an unsolicited phone call the next day offering discounted beauty treatments. Whenever I buy an intercity bus ticket, I am required to fill out a stub with my personal details, supposedly so that the bus company knows who to contact in case of an accident and also to identify that I have purchased travel insurance. This is supposed to be entered into a system, but I have seen ticket desk attendants simply tossing those details aside hundreds of times.

These are only very simple instances of how our data is (mis)used in Brazil and how we often fail to ask some important questions to organisations: Who holds the data that I have to give you? Why are you storing it? What happens to my data after I give it to you? We don't ask these questions to avoid being confrontational, to avoid wasting time, or because often times we don't think it matters all that much or even know what kind of value our data has.

These issues came to my mind while I was covering a cybersecurity summit on Latin America, held by Russian software firm Kaspersky Lab in Mexico last week. One of the speakers, global vice president of consumer marketing at the firm, Evgeny "Che" Chereshnev, brought up the data privacy dilemma - which is at the core of his own experiments as a "professional cyborg," which entails the maintenance of an NFC chip inserted in his own body.

When Che began to talk about the way we help organisations to improve their own business on a daily basis but at the same time cannot control our own digital identities, it dawned on me (again) how we Brazilians are used to giving so much - possibly more than the average citizen in developed nations - and getting so little in return when it comes to our right to privacy and data ownership.

We have seen some situations in recent months that have forced us to start that conversation about our data, though. The first that comes to mind is the constant struggles of messaging tool WhatsApp, which has been banned several times in Brazil for failure to comply with requirements for information needed for criminal investigations. When I asked Che about his views on that, he replied that "anyone that tried to forbid encryption does not understand the concept of the Internet," adding that if criminals want to find an encrypted way to go about their business, they will whether WhatsApp or Telegram or any other tool is banned.

Sure, this is the most obvious and sensible answer to a seemingly pointless debate, but what is the answer that would satisfy the need for privacy of users while helping law enforcement? Che says that the answer is to use technology in a, erm, more intelligent way. "We have to segment data. We have to be able to access a system and tell the authorities whether this or that person was at place X at any particular time, without having to get access to all of their other details," he says, adding that his team is now researching on such data segmentation techniques to possibly enable the creation of mechanisms that would make authorities happy without compromising users' security.

Such technical conclusions are all well and good for people who have an understanding of the possibilities offered by technology, but how can we get anyone in Brazilian society - or any other country where privacy awareness is low - to know more about the importance of safeguarding their own information? According to the Russian security expert, we are all damned as it stands, but the key for future improvement is education. "We need to start introducing these concepts at school, from an early age." The problem is, Che says, that the few schools that have started to introduce computing and other associated activities like robotics, do not educate kids about data.

"There is not much that can be done for our generation, but we mustn't lose hope as kids can still learn about privacy and how to share and protect information. There are ways in which you can be anonymous - it is complicated and it can be expensive, but you can do it. And kids should know about these things," he adds.

"What will make a difference is explaining that to future generations, telling them that they can and should question what happens to their data - and give them choices."