Mar 19, 2021 - Technology

The pandemic's unexpected privacy pitfalls

Illustration of a woman looking out a window with open curtains build into a computer screen
Illustration: Sarah Grillo/Axios

Americans' rush to move all aspects of their lives online during the pandemic — classes, meetings, legal proceedings, shopping and more — left many vulnerable to exposure, exploitation and fraud.

Why it matters: The digital environment wasn't always ready to deal with newcomers' privacy and security needs. And the people responsible for managing these activities couldn't foresee all the pitfalls of moving online.

"We have a perfect storm: a public that is more attuned to seeing misinformation, a pandemic where more and more people are doing things online from their homes, and stress and anxiety," said Ari Lightman, a professor of marketing and media at Carnegie Mellon University.

  • "We're going to have to do a reality check. We spent a year buying things and setting stuff up online. I think we need to do some digital hygiene. What are we signed up for?"

Acting FTC chairwoman Rebecca Slaughter told Axios: "As our lives have moved online, that has real implications for the exposure of personal data" that companies collect for "surveillance capitalism ad tech models, the generation of algorithms and the provision of health services."

  • But it shouldn't be up to individuals to clean up their own post-pandemic digital trails, Slaughter said, pointing to the need for national privacy legislation. "A lot of the changes we've made to online are going to stick, so we need to make sure we set appropriate deterrence levels for corporate behavior and we effectively enforce the laws we have before bad actions and patterns get baked in."

The big picture: "Virtual interactions during the pandemic are presenting privacy issues at scale in a way that can be really challenging," said John Verdi, vice president of policy at the Future of Privacy Forum, a privacy think tank in Washington.

What's happening: In some institutions and companies, new pandemic-era responsibilities led to better privacy and cybersecurity practices. In others, they exposed big shortcomings.

For example, a Virginia woman who has accused a massage therapist of sexual assault told Axios she decided not to testify because her only option was to do so over a live-streamed WebEx meeting. Her state's Department of Health Professions enforcement division is not allowing in-person hearings during the pandemic.

  • The woman, who asked to remain anonymous, said she was worried the live-streamed hearing will put her in danger, with the potential for someone to take screen shots of her face or record the proceedings.
  • "It's hard enough coming forward, you already feel powerless and victimized," she said. "To feel like I'm powerless again, having to choose between testifying or not... it's really distressing."
  • All disciplinary hearings in Virginia are open to the public, in person or virtually, Diane Powers, the director of communications for the Virginia Department of Health Professions, told Axios.
  • "DHP seeks to uphold its mission to keep the people of Virginia safe while under the care of a licensee of a health regulatory board," she said. "This includes use of digital technology critical to stopping the spread of COVID-19 among constituents and our employees."

What they're saying: "That example shows there are certain aspects of society where online should not be the new normal," said Caitriona Fitzgerald, policy director at the Electronic Privacy Information Center. "There's something particularly unique about our justice system that necessitates in-person proceedings."

Another jarring example: A defendant in a Michigan assault case was in the same house as the alleged assault victim during a Zoom hearing, violating his no-contact agreement and resulting in his arrest during the meeting, WSBT 22 News reports.

  • "This is an issue we didn't have when we had live court," St. Joseph County District Judge Jeffrey Middleton said during the proceedings, according to the Washington Post. The video chronicling all of this was removed from the court's website, but the privacy damage was already done.

Moving schools online has led to some violations of student privacy.

  • Some students are wary of having their cameras on during online learning to prevent others from seeing their homes or family situations.
  • "I have seen firsthand how much more data about kids is being gathered, and that's materially different from a pre-pandemic universe," the FTC's Slaughter said of her own experience with her children's' online schooling.
  • In Europe, where a consumer privacy law is in place, a student council in Amsterdam challenged the use of student proctoring software designed to prevent cheating, questioning whether they could properly give consent for their data to be processed by the software.

Meanwhile: Americans are far more vulnerable to online fraud, which was at an all-time high in 2020.

  • The FTC received 350,000 reports of online shopping scams, with total financial losses of $245 million, the agency said. People also received a barrage of text-message scams related to the pandemic.

The bottom line: Once pandemic limits ease, it's possible that Americans' lives will revert to their pre-COVID balance between online and in-person activities. But many experts expect the move online to last — which means privacy issues will, too.

Editor's note: This post has been corrected to reflect that John Verdi is the vice president of policy at the Future of Privacy Forum (not the president).

Go deeper