Personal data theft: what solutions?
A hyperconnected society means that the sharing of personal information is becoming commonplace. Whether on social networks, e-commerce sites or mobile applications, we leave traces every day after our visit.
However, this profusion of data raises a major concern: the theft of personal information.
We no longer count the number of businesses that have been victims of customer data theft. For example, in February 2024, a large-scale attack affected half of the French population. More than 33 million people have had information held by their complementary health insurance stolen.
Data theft is a complex phenomenon that goes beyond the simple unauthorized appropriation of information. It includes the collection, use, and dissemination of personal data without the informed consent of the individuals concerned. This problem is causing growing concern among the population.
Today, more and more people don't fully understand why businesses need to collect so much information and are questioning this model. This misunderstanding fuels widespread distrust, even of organizations that say they don't store the data they collect.
Public distrust of data sharing
Although these data collections originally took place to ensure the smooth functioning of businesses. They are now arousing growing distrust among the population.
This distrust can be explained by several factors:
Multiplication of the dangers of sharing personal data
Identity theft via stolen data
A hacker accesses a database containing personal information (names, addresses, social security numbers, etc.) following a cyberattack.
This information is then used to open bank accounts, apply for loans, or make online purchases on behalf of the victim.
Targeted phishing (spear phishing):
After your personal information (email, phone number, etc.) is stolen, cybercriminals send personalized messages to encourage you to provide additional data (passwords, bank card numbers).
Financial scams
With your bank details or login details, scammers make fraudulent transactions, transfer money, or make online purchases.
Personal or business account theft
cybercriminals target online accounts (emails, social networks, banking services) using stolen passwords or techniques such as phishing and credential stuffing (automatic testing of stolen passwords on multiple platforms) .Professional accounts, in particular emails or business management tools (Slack, Microsoft 365, etc.), are prime targets.
Misunderstanding the reasons for sharing data
A lot of people don't understand why businesses need so much personal information. Privacy policies, which are often long and complex, do not help to clarify the situation. This opacity fuels fears about the real use of the data collected.
Skepticism about claims of non-storage of data
When businesses say they don't store the data they collect, they run up against a wall of skepticism. Recurring data breach scandals have shaken public trust. Users remain wary and question whether these statements are really reliable.
The limits of current technical solutions
Faced with these concerns, various technical solutions have been proposed.
The homomorphic hash example
Homomorphic hashing is a technique that allows encrypted data to be processed without decrypting it. In theory, this should protect the confidentiality of information. However, this approach also raises concerns.
The simple fact that their information is being processed, even in a transformed form, is seen as a potential threat to their privacy. There is also the persistence of concerns about the possibility of recovering the original data.
Despite the technical guarantees, many fear that it will not be possible to find the original data from the encrypted information. This fear, whether founded or not, illustrates the lack of confidence in the solutions offered by technology companies.
A new approach: ownership of personal data
Faced with these challenges, a new approach is emerging: giving individuals ownership and control of their own data.
The concept of individual data ownership
This approach proposes to consider personal data as the property of the individual, in the same way as his material assets. This means that each person would have the right to decide how their data is used, shared, or stored.
In this model, based on the principle of Self Sovereign Identity Users could choose exactly what data they want to share with which companies, and for what purposes. They would also have the option to revoke these permissions at any time.
The benefits and challenges of this approach
This approach has several advantages:
- It reinforces the autonomy of users.
- It could increase trust in the digital ecosystem.
- It would encourage businesses to be more transparent about how they use data.
However, it also raises challenges:
- The technical implementation of such a system would be complex.
- The business models of many businesses should be rethought.
- The regulations should be adapted to frame this new system.
To go further
An article in Le Point questions this idea of individual ownership of personal data.. This article looks at the controversial idea of giving individuals ownership over their personal data, thereby forcing tech giants like google, facebook and amazon to remunerate users for the exploitation of this information.
This proposal aims to remedy a perceived economic imbalance between the profits generated by these companies thanks to user data and the apparent free nature of the services offered in return.
It also comes amid growing concerns about mass surveillance and privacy in the face of the pervasive collection of data by various connected devices.
Although supported by some thinkers, this idea is opposed by organizations such as the CNIL for whom the data is of an inalienable nature. You shouldn't be able to sell or own them.
Conclusion
The challenge of protecting personal data is crucial today. The current public distrust of data collection and processing practices calls for change. The idea of giving individuals ownership of their data offers an interesting way to restore trust and ensure a better balance between technological innovation and respect for privacy.
ShareID provides a strong and compliant authentication solution that allows for secure authentication.
Our particularity is our method of managing and securing the personal and biometric data of our users. In fact, we never store data and thus avoid any risk of theft or possible alteration of your personal data.
Contact us today to find out more about our strong authentication solutions.
