Digital Footprint? Is that a new App?
Nope – “Digital Footprint” simply put, refers to the data that a person generates when using the internet whether by online shopping, clicking the “Like” or “reaction” button on social media, or using Internet of Things (‘IoT’) devices such as smart TVs, smart watches or, virtual assistants like Amazon’s Alexa during the course of the day. A person’s Digital Footprint conveys to companies that use data analytics (which are most if not all major companies) an idea of what kind of consumer they are, or are likely to be, and even arguably, their truest sense of self.
Why should I care about my Digital Footprint? I’ve got nothing to hide.
These are the sentiments expressed by many, i.e. the old “nothing to hide, nothing to fear” mantra. However, these sentiments misunderstand the value of privacy, perhaps, leading to a gross underestimation of its worth.
Classically quoted as ‘the right to be let alone’, privacy is considered as a positive right by many, since it enables persons to hide things about themselves from the public. Therefore, privacy could be viewed as control or autonomy. Everyone has a past, which may or may not include embarrassing information. Naturally, many people would choose to keep this private. The more information that person A knows about person B, the higher the chance of finding a “pressure point” which could then be used to subvert person B’s will. Professor Neil Richards refers to this as ‘persuasion’. Thus, control or lack thereof, links to possibilities of blackmail and such mal intent. This sense of control is safeguarded by privacy, which shields an individual from exploitation. As the Canadian Supreme Court said, privacy is “a prerequisite to individual security, self-fulfilment and autonomy as well as to the maintenance of a thriving democratic society.”
There are some advantages to allowing websites to retain a certain amount of information about a user too, for instance, to improve user experience. On the other hand, a user’s Digital Footprint could be used for nefarious purposes, such as identity theft, fraud, social engineering and phishing and the subversion of control mentioned above. Even using user data for marketing or other seemingly innocent or legitimate purposes could potentially have a negative, or at the very least unwanted, impact on a user. In fact, a user could potentially be exposed for such a long time that some writers have referred to “Digital Footprint” as a digital “Tattoo”.
Yet, it is not only data and meta data collected en masse which could be detrimental to an individual. Social media posts (for example – tweets on Twitter, stories on Instagram & Whatsapp, content shared and uploaded on Instagram and Facebook, amongst other Apps) shared by the individual himself could cause severe harm to the individual or the individual’s workplace. Even if a social media account utilises maximum privacy settings, one should be reminded that screenshots, screen recordings and such similar methodologies could be used to surreptitiously record what someone shared “privately” on social media and these “private posts” could then find themselves in wider circulation and go “viral”. In this sense, individuals should always be wary that their posts and online activity could be considered a representation of who they are and create a perception in the minds of the public about them, which could have a significant impact on both their personal and professional reputation. Significantly, it could impact that individual’s reputation for virtually forever, as once the genie is out of the bottle, it is near impossible to put it back in. This is so especially in the context of there being no legal “right to be forgotten” under Trinidad and Tobago law, unlike in other jurisdictions. For example, an employer may (subject to the requisite principles of “good industrial relations practice” being followed) decide to terminate an employee who posts racist, sexist or other offensive content online in order to safeguard its own reputation (and profits) – and disassociate itself from the troublesome post (and individual) whilst demonstrate it condemns the content of the post.
Naturally, more reliance has been placed on the use of the internet over time especially during the recent “lockdown” period in which more persons would have shopped online for groceries/supplies from local stores, had food / meals delivered, consumed more Netflix, or even tried new mobile health applications to track and record health data. With a lack of legislation & regulations governing the use of data locally, consumer data could be monetized through not only targeted ads, but also via sales to third parties and further subsequent purchasers such that, the data could end up with dubious organisations. This results in an increase in the aforementioned risks of social engineering, phishing and fraud amongst others.
If a Digital Footprint is inevitable, how do I at least manage it in order to reduce my online risk?
The inclination to safeguard one’s Digital Footprint is arguably proportionate to one’s knowledge and appreciation about the aforementioned risks associated with giving away too much data. In other words, the more familiar a person is with the risks, the more likely he or she would be to take steps aimed at reducing those risks. The following steps could be taken by any individual to reduce or manage their Digital Footprint:
- Learning more about the underlying basic issues – understanding more about the importance of privacy, the risks and benefits associated with using a service or app, or sharing a post on social media. For example, is it really worth allowing an App to download and retain a digital scan of your face (which could easily be used for nefarious purposes ) for the fleeting amusement of seeing what an aged up version of yourself might look like? Is it really worth sharing on social media your personal opinion on something that might be contentious, and which may cause reputational harm?
- Improving online hygiene – this can be done through certain measures including: –
- not using unsecured websites or Apps which appear suspicious, for instance, those which may not allow you to turn off location or cookie tracking;
- reviewing and changing default settings on browsers and Apps to share less data where possible;
- keeping different emails for different purposes, for example, one for shopping, one for personal use and another for work;
- different credit or debit cards for different uses, for example, one for shopping online and one for business / everyday use.
These measures will help to create different personas and could help keep different aspects of a person’s life separate (thus, making it more difficult to predict or classify behaviour).
- Using privacy enhancing tools – for instance, using a Virtual Private Network on a computer and mobile to increase anonymity and privacy, using encryption and, self-destructing messages and emails.
These steps are not exhaustive but will aid individuals to some degree in managing their Digital Footprints, thus resulting with reduced online risk.
 Lynne Williams, & Diane Pennington, ‘An Authentic Self: Big Data and Passive Digital Footprints’ (2018) In: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018), 2018-08-29 – 2018-08-31.
 Samuel Warren & Louis Brandeis, ‘The Right to Privacy’ (1890-1891) 4 Harvard Law Review 193 page 205.
 Neil M Richards, ‘The Dangers of Surveillance’ Harvard Law Review  1934 page 1955.
 R v Spencer  SCC 43 (CanLII) .
Disclaimer: This Document Provides General Guidance Only And Nothing In This Document Constitutes Legal Advice. Should You Require Specific Assistance, Please Contact Your Attorney-At-Law.