Our data, tech and the app-ocalypse

January 2024

In 2013, after Edward Snowden leaked thousands of secret files, the Kremlin’s security bureau did something interesting. They swapped computers for manual typewriters. Russian spooks reasoned hard copies were easier to protect than digital files. Furthermore, hackers might be able to infiltrate sensitive systems, but the old-school art of safe-cracking? It seemed to have fallen by the wayside.

As I get older, I’m beginning to think the Kremlin might have been onto something. Why?

Maybe it’s a generational issue. I’m Gen ‘X’. I grew up without mobile phones or the internet, but became familiar with the technology as it developed from the 1990s onwards. I enjoy technology. I respect it. I’m also, however, sceptical in a way many of my Millennial and Gen ‘Z’ colleagues may not be.

For me it boils down to two concerns – trust and over-reliance . Given how there’s now an app for everything, I have to ask – is the App-ocalypse Nigh ? What happens to the increasingly personal and intrusive levels of personal data entered into these ‘everything apps’.

Just because data’s aggregated into zeros and ones, it doesn’t mean it’s ‘tidy’. In fact, I suspect too many digital ‘data warehouses’ resemble the hoarder’s houses you might have seen on daytime TV, with stuff scattered everywhere.

It’s not just apps – the endless requirement to populate online forms is relentless. Now I hear more ‘frictionless facial recognition’ is planned at airports in the UK and elsewhere. And it’s making me uneasy. Technology is wonderful for creating efficiencies and streamlining processes. In my world alone, I see how clever privacy technology solutions ease the burden of data protection compliance.

But is technology always wonderful? Why am I uneasy?

An example – I needed to renew my driving licence. I went on to the Government website and duly entered a great deal of sensitive data. This included my passport number, my mother’s maiden name, my date of birth, my home address and my National Insurance number. This started me thinking… ‘How secure is this platform? What are the Government really doing to prevent my data falling into malicious hands?’

At the other end of the scale, I needed to reschedule a beautician’s appointment (much needed after eating my body weight in chocolate and cheese over Christmas). My call was met by a recorded message. I duly pressed ‘2’ to cancel/change an appointment. I was then informed I must (yes, they did say must) download the app to cancel/change appointments. A look at the app’s privacy information didn’t fill me with confidence, so I rang again, selecting ‘3’ for all other enquiries. After ten minutes of listening to promotions about fantastic rejuvenating treatments, I gave up. What if I prefer not to be forced to register and share my personal details via your app? I’m getting a face treatment, not applying for a pilot’s licence!

At this point, a shout out to the Kennel Club’s customer service. I took out their insurance for my puppy this year. They’re great. I’ve had to call twice, and each time a prompt pick-up from a lovely human. Somewhat of a rarity these days.

I recently read EasyPark Group, the owner of brands like RingGo and Park Mobile, were hacked. Yes, like many others I have RingGo. I was forced to download the app to use a station car park – there was no choice. I also have other parking apps. Oh the joys of standing in the rain in a car park trying to download yet another parking app. Handing over my data to yet another company. Will these companies protect it? What security measures and controls do they have? Did they conduct a DPIA? Was it outsourced to an app developer, possibly outside the UK/EU? Did they do any due diligence?

As well as my fears around data, I also worry for the significant minority disenfranchised by the widescale embrace of what my colleague Simon calls the ‘Mobilical Cord’. It’s so very true – I’m unable to properly function without my smartphone implanted in my paw. I use it to access the internet, my emails, messages, banking and so on. It’s also a crucial part of our company security – to authenticate I am really me.

The 2021 UK Census showed 90% of households had a home computer. 93% had access to a mobile phone. I suspect it’s higher now, but it’s still not everyone. As of 2023, according to research by Statista 98% of 16-24 year olds have a smartphone. However, this drops to 80% for the over 65s. Less tech-savvy and particularly the elderly are being left behind. My mother is 84. I got her a smartphone, but she hates it and doesn’t understand it. Apps? An enigma. She’s also terrified of online scams, knowing how the elderly are disproportionately targeted.

So, now we also face the prospect of passport-free travel. UK Border Force is set to trial an e-gate schemes similar to those rolled out in Dubai and Australia. This negates the need to show a passport, instead using facial recognition technology (FRT).

Phil Douglas, the Director General of Border Force has said “I’d like to see a world of completely frictionless borders where you don’t really need a passport. The technology already exists to support that.” He added: “In the future, you won’t need a passport – you’ll just need biometrics.”

According to the Times the biometric details of British and Irish travellers are already held after being collected in the passport application process. What does Phil Douglas feel about our personal biometrics being potentially harvested by countries with dodgy human rights records?

Too many people will shrug – an end to lengthy queues? Yes please. But who controls my facial map? How will it be used? Will it be shared? How will it be kept secure? Facial recognition tech also raises issues of bias in algorithms, and the potential for mistakes, with serious consequences.

I suspect, one day, there’ll be the kind of disaster one sees in movies, where the Internet collapses for a significant period. What then? I also wonder if, eventually, ambulance-chasers will identify companies using apps to disproportionately harvest data – and playing fast and loose with the safeguards set up to protect us. Will this become the next big Personal Indemnity Insurance (PII) style business opportunity?

What I do know is businesses who put all their eggs in one basket without contingencies, or fail to anticipate risk, are those likeliest to suffer when the app-ocalypse (however it manifests itself) is nigh!

Now, did I mention AI…?

As a data protection consultant since 2015, Philippa advises a broad range of clients and delivers data protection training. She regularly writes GDPR guidance to support privacy teams in their day-to-day work.

Copyright DPN
The information provided and opinions expressed in our content represent the views of the Data Protection Network and our contributors. They do not constitute legal advice.