If you’ve ever slammed down the receiver after a nuisance call to wonder how this company acquired your personal details, you’re not alone. ICO data shows just one fifth of UK adults have faith in how companies treat their private data.

PPI calls are just the tip of the iceberg, though, since the era of Big Data means your information is constantly mined, harvested and traded online.

Parliament recently gained media attention for releasing documents showcasing Facebook’s decision to ‘whitelist’ certain companies, giving them easier access to users’ data – including their friend lists. It seems that even in the era of GDPR regulation, users are caught in a constant struggle between privacy and the interests of companies who can make money from their data.

Are you the price of the internet?

This is because of the fundamentals of the internet’s economic design. If you don’t pay for a service, you are the product – that’s according to media theorist Douglas Rushkoff, who first aired his now-famous views at the 2011 Hello Etsy conference in Berlin.

Rushkoff urged users to ask themselves who is paying for Facebook. “Usually the people who are paying are the customers,” he said.

“Advertisers are the ones who are paying. If you don’t know who the customer of the product you are using is, you don’t know what the product is for. We are not the customers of Facebook, we are the product. Facebook is selling us to advertisers.”

Shortly after the advent of the internet, he believes companies realised it was difficult to make money from people communicating through interfaces they created. So, companies created easy-to-use platforms that made data collection a breeze.

So, the old idiom seems as relevant as ever: there is no such thing as a free lunch. Digital advertisers make almost £200 every year from your internet usage, largely by trading your private information.

The pervasive world of data misuse

This explains why data misuse is so pervasive: it is a key part of the internet’s design. When businesses trade information on pregnant mothers’ due dates to mystery third parties, it is because in the era of free content, your privacy is the product.

In practice, many of us are willing to pay a price for access to the internet – we are even willing to share valuable information like our date of birth with faceless digital companies. There is another problem to consider, however: as legitimate organisations scramble for access to valuable personal data, so too do cyber criminals.

Security futurist Simon Moores works with keynote speaker bureau Speakers Corner to educate individuals and organisations about the threats of cybercrime. His views on the topic are clear: GDPR doesn’t go far enough, governments are reacting too slowly and state-sponsored hacking is a tangible threat.

He said: “Where the 20th century was defined by a rush for oil resources, the 21st is for data; extracted, refined, valued, bought, sold and, of course, stolen.”

3 Things That Will Change the World Today

Explaining how cyber criminals trade our personal data, Moores explained: “Every one of us now has a unique data fingerprint, a personal identifier which is traded on both the internet and the criminal darknet.

“Fingerprinting is an entire industry and in 2016 over 80,000 different companies were using over 700 highly sophisticated algorithms to track people across the internet. This, of course, does not include governments or criminal gangs who are equally well-resourced.”

Data aggregation meets cyberattacks

Moores is especially concerned about what happens when data aggregating firms become the victims of cyberattacks. The high-profile sales intelligence startup Apollo suffered one such breach in the summer of 2018, leaking a staggering amount of data to the public – 212 million contact listings and nine billion data points.

Cumulatively, he says, public data is treasure for businesses, governments and criminals. “Viewed in isolation, your personal data may appear worthless. In aggregate, it’s enormously valuable.”

Once you are exposed to one part of the operation – business or criminal – you become a product, Moores concedes. What happens next? You are traded and unwittingly or unwillingly exposed to highly sophisticated algorithms. These algorithms understand your behaviour and organisations can use this knowledge to further their aims.

Are users waking up to the cost of sharing personal information online? 2015 data from DMA suggests otherwise, showing that the number of users who are ideologically opposed to sharing personal data with brands decreased significantly from 2012. Around this time, the focus shifted from privacy to functionality – users started asking for more in exchange for their data.

More of us are worrying less about our data

Is this changing in the post-Snowden world? The 2017 stats from DMA show, perhaps worryingly, that both Data Pragmatists and Data Fundamentalists are dwindling species.

In fact, the only increase was among Data Unconcerned; 25% of people are now completely indifferent about the collection and use of their personal information.

It’s one of the of the biggest conundrums in digital security – most data that falls into criminal hands is freely shared. When a culture of oversharing has become the new normal, it remains to be seen if cybersecurity developments are enough to pick up the slack.

Perhaps the balance will only tip if people truly see the price of the internet, paid in data and privacy rather than pounds and pence.