We sat down with Stef van der Ziel, Founder and CEO of Jet-Stream and Streaminar (and long-time Leaseweb customer), to discuss all things privacy: what it means, why you should care, and what you can do to increase your personal data protection now.
Tell us about your background. How do you know so much about personal data protection?
I began producing live streams on the Internet in the early 1990s and have been working in the streaming industry ever since. My companies deal in streaming (Multi)CDN technologies and live streams – two activities that require both the collection and protection of personal data. I have watched the data regulation landscape shift from virtually non-existent to one of the hottest-debated topics over the course of 20+ years, allowing me to not only learn but also implement the best data protection practices for my own companies and clients.
What is personal data? Why is it important, and why should people care?
Personal data is any information relating to an identifiable person. It is found in quite a few sources that many people are not aware of, including:
- In access logs – such as your IP address and any data that can be used to track or profile you
- User data from creating accounts on any online platform
- Personal data in media and live streams, including video used by organizations for job applications, internal processes, research, security, medical aid, production, webcams, webinars, and podcasts
- Personal data in metadata, which is used to search for media or its contents. Metadata can contain personal data such as names, birthdays, phone numbers, email addresses, payment information, medical information, and ID data
- Advertisements – the business model of advertisement companies revolves around tracking everything they can
- Social media and public video platforms
It’s crucial to know where your data from these sources is stored, as well as who has access to it and what it’s being used for. Data gives power to whoever possesses it, whether it be for better or worse, and people have the fundamental right to keep information private.
What happens if someone’s private data gets into the wrong hands?
Sometimes personal data is unintentionally exposed. Other times, hackers force their way to access to data. No matter how it happens, data breaches affect millions of people every year with consequences that can lead to serious and permanent damage to the people involved.
Where are data protection weaknesses usually found?
Weaknesses are most often found in trackers and cookies, in non-HTTPS connections, in non-encrypted data, and in publicly accessible servers.
How can individuals see if their data is being collected?
Start with using the latest Safari or Brave browsers to test websites and platforms. These browsers will tell you which trackers are found and blocked. You can also use these tools to check if and to whom you leak data to:
- Ghostery inspects your websites and platforms right from your browser and will tell you if there are any trackers
- Charles Proxy lets you scan apps and services for connections to third parties
- Wireshark is a great tool for experts to see what happens with your data, allowing you to deeply inspect protocols while giving you detailed analysis
- Easylist is a great resource to find suspicious trackers and cookies
Let’s shift focus from the customer to the companies that possess sensitive user data. How can they ensure they are adequately protecting their customer’s data?
These companies should log only the most necessary customer data. The servers that store logs and data need to be protected, and data should be encrypted if companies cannot fully protect servers or use third party servers/services. I’d recommend using SSL only for all communications. It’s also important to look at your supplies (and their suppliers too) – make a list of them and review which personal data is shared with them and how they protect this data. Limit the personal data shared with them, and let your suppliers enforce protection. As mentioned earlier, also check your own sites and applications for trackers and cookies and try to minimize them.
What does data protection look like in different jurisdictions?
Privacy protection levels vary greatly by country and entity. GDPR is the main EU law regarding personal data and protects you against unbridled data collection, sharing, and profiling by companies and governments. The EU has a list of other countries with levels of data protection similar to the EU.
The United States, however, is not on this list of adequate countries. This is primarily due to the US Cloud act, which demands access to any data on any server anywhere in the world as long as the server is operated by a US-owned company. The US Cloud Act has such far-stretching consequences that currently the EU advises not to store data outside the EU – not even with US daughter companies with servers on EU soil.
It’s crucial for individuals and companies alike to understand not only where your data is stored, but also the geographical location of your service provider and their parent company. This has one of the biggest impacts on the security of you and your customer’s data.