Last week Facebook lost twenty percent of its market value – $100 billion, over concerns of the cost of privacy regulations and financial consequences. This was the largest sell-off of a single publicly owned company in Wall Street history and a warning for all companies who collect, process or otherwise transact privacy data. Facebook is not alone. Organizations large and small are facing challenges in how they protect data with which they are entrusted.
Several months ago, when Mark Zuckerberg testified on Capital Hill there was criticism in the media on the lack of legislators’ understanding of technology or social media business models. Perhaps more appropriate criticism should be on the technologists and business leaders who seem to have some difficulty articulating how personal data is used and adequately protected. With laws such as the General Data Protection Regulation (GDPR), there is even greater pressure on businesses to carefully consider how they are using, or even monetizing, personal data. I believe it is also an incredible opportunity that could bring greater trust and competitive advantage to those entrusted with handling our most personal data. It’s not only an opportunity, but an imperative.
The complexity of the privacy landscape will only continue to evolve, and businesses and technology companies must be prepared to evolve with it. For example, is a person’s face private? Perhaps not in general terms, but what about when it is used to access a mobile device or stored and correlated with other data collections such as medical records? Today’s technology has seemingly endless capacity to store and analyze data. That data can be exploited by those with malicious intent (e.g. Cambridge Analytica), but it can also be used to secure and protect the public interest (such as finding a fugitive in a large, public crowd). Defining the type and context of data is the first step to protecting it. This starts with understanding how data will be used and the dependencies between applications or entities. Those dependencies must be understood, declared and most importantly, controlled by the owner.
Recently, Twitter changed its privacy policy and while trying to understand the changes, I discovered the ability in the app to self-serve and request all the data collected on me. I’m not exactly a heavy Twitter user, I only have nine followers, I follow less than twenty-five people, and can’t remember the last time I even opened the app. Out of curiosity, I clicked the button in the app settings and within seconds I received a 42-page text file on the data that had been collected on me and my activities. I found it fascinating since I couldn’t remember the last time I used the app let alone tweeted anything. Yet there was a significant amount of information that related to activities related to other applications, specifically, my web browser. It’s important to note that there wasn’t any data I would consider personal so is it really a question of privacy? Many would consider this the digital equivalent of taking pictures of my face in a crowd.
As we look over the privacy horizon, technology, innovation and legislation have the potential to work more effectively together in the global information ecosystem. Perhaps a guiding principle, or code of ethics, in the development of applications and business practices to “protect first and always” would serve to protect privacy data by default. This will happen one way or another; whether voluntary through unified agreement of technology and business professionals, or mandated through legislation and regulation by politicians. Either way, while somewhat oversimplified, using guiding principles at the beginning of application development or customer-facing systems implementations could avoid the consequences of legal penalties and financial damage after the fact. With the continued advancement in technologies in advanced analytics and artificial intelligence – combined with the ever-growing collections of personal data stores – we’ve never had a greater opportunity to make a difference in the protection of privacy data.
Photo Credits: Header Image
