Mary (not her real name) booked a car through a ride-hailing app to go from her workplace to her daughter’s pre-school, then home. After she picked her daughter up, the overly friendly driver started chatting with her toddler, even asking if she would like “uncle” to go to her school. “I suddenly realised that this guy knew where I worked, where my daughter went to school, where we live – and he has my phone number!” All the information Mary had willingly shared was handed back to her in a chilling snap as she realised how exposed her personal data had rendered her.

Every day, whether we’re aware of it or not, we navigate a conflict between safeguarding our privacy and capitalising on the advantages that come with being plugged in to the digital landscape. We readily trade our privacy for various perks, and rarely pause to reflect on the broader implications of doing so.

As we entrust our devices and apps with data such as our health patterns, precise locations, and even our financial details, our digital footprints grow deeper and the potential for harm, higher.

Why We Choose to Share

Documenting our personal lives on social media platforms like Facebook, Instagram and TikTok – from our latest travels to milestones like moving into a new home – helps us stay close to family and friends.

On professional platforms like LinkedIn, we willingly share our email addresses, educational backgrounds and work history so that we become visible to opportunities, connections and recognition that might otherwise pass us by.

For a more personalised shopping experience, we allow our preferences to be tracked. Once considered an intrusive marketing strategy, personalisation has now become an expectation: a survey conducted by McKinsey in 2021 found that over 70 per cent of consumers now expect a personalised approach, with frustration arising when personalisation falls short.

Similarly, on social media, a curated approach is key to the user experience. The success of TikTok, which became the most-downloaded app in the world in 2022, has been attributed to its personalisation algorithm. TikTok takes user profiles and engagement, processing this to serve up an endless stream of tailored content. The price of this convenience? Staggering amounts of our data.

We also freely share our personal information in the interest of safety. Live location sharing, once unthinkable, is now routine for many families and romantic partners. “Forget privacy, young internet users want to be tracked” was the headline of a Financial Times article in June 2024. Features like Apple’s “Find My”, initially used to locate lost devices, now allow us to keep track of the exact locations of our family and friends. Knowing exactly where loved ones are – whether it’s children traveling home from school or family members abroad – provides a measure of reassurance, outweighing concerns about privacy violations.

Necessity and convenience require our personal information too. Ride-hailing apps hold vast amounts of our data, from our home addresses, dining habits and travel patterns to our payment information. We have little choice but to accept their data practices, if we wish to use them.

The Personal Cost of Digital Openness

For all its perks, our willingness to trade privacy comes with alarming risks.

Identity theft, for instance, thrives precisely because our digital habits provide ample opportunity for exploitation. Take deepfakes for example. It only takes one photo and a 60-second audio clip to generate a deepfake video. Technology can create a voice deepfake using a sample as short as five seconds.

These vulnerabilities have been exploited by malicious actors. In December 2023, deepfake videos of Singapore’s Senior Minister Lee Hsien Loong and Prime Minister Lawrence Wong promoting a fraudulent investment scam surfaced online. But these scams aren’t just a problem for public figures – anyone can be a target.

In Hong Kong, a multi-national company was scammed out of S$34 million after an employee attended a video conference call featuring deepfake versions of the company’s CFO and other employees, created using publicly available footage. Meanwhile, social media impersonation scams, most involving spoofed Facebook and Instagram accounts, cost Singaporeans at least S$2.2 million in 2020. The trend has continued, with at least S$330,000 lost to similar scams between January and July 2024.

Short of going off-grid or disengaging from the digital world, what can we do to minimise our risks? Security expert Chubb suggests checking privacy settings on the apps you most frequently use and being mindful of posting details such as your birthday. Be selective about the platforms you trust with your data. Unsubscribe from unnecessary services. Regularly update your software and apps, as these updates often include vital security patches. Disable cookies, which track your online movements, and regularly clear the cookie caches on your browsers.

The Business Risks of Data Mismanagement

That said, privacy is not just a regulatory issue or the individual’s risk. Businesses also face exposure.

In December 2022, Singapore’s Personal Data Protection Commission (PDPC) fined grocery delivery service RedMart S$72,000 for failing to protect customers’ data. The PDPC’s investigations found that during a software migration, RedMart failed to encrypt and password-protect its customer database, leading to the names, email addresses, contact numbers and addresses of nearly 900,000 customers being compromised and offered for sale on an online forum.

Globally, Google in France was fined a whopping €50 million for failing to obtain specific and unambiguous consent from its users to the processing of their data for ad personalisation. Meta in the US was fined US$1.3 billion for unlawfully transferring personal data from the European Union to the US.

The financial and reputational cost to businesses should be motivation enough for them to prioritise privacy protection – whether through stronger encryption, conducting regular security audits, being upfront about their data usage or making this information easier for consumers to navigate. Businesses who do so stand to gain more than just regulatory compliance: they earn trust. On the flipside, if a business is known to leak privacy data, consumers will take their business elsewhere.

Privacy protection should not be an afterthought – it should be embedded into products and services at the outset and built into digital infrastructure to guard against malicious exploitation.

But these are small steps in a growing global issue. Ultimately, no one country – certainly not one the size of Singapore – can fix this. As the costs to society of such data leakage start to mount, we may need a global regulatory shift in how we protect our privacy.