We have a privacy problem. GDPR is an attempt to deal with this, but it is battling a seemingly inexorable force. To many, both users and data processors, the GDPR solution feels like wading through treacle. It is especially a problem for users, many of whom end up just clicking ‘yes’ or ‘accept’ rather than being forced to read privacy policies and decide which advertisers they are willing to give permission to.
It is wholly unacceptable. Nothing less than our freedom is at stake. For organisations that seek to use data, this means a massive responsibility.
Privacy, as the GDPR point out, is a human right, but we risk seeing the creation of data monarchies, as certain companies, armed with data on hundreds of millions of customers, become more powerful than governments or countries have ever been before. It is doubtful that even the founders of such companies really crave so much power.
will.i.am predicts Data Independence Day
It should not be like that. Do companies make money by charging for the oxygen we breathe? Or for viewing a sunset, or charge us for the pleasure of smelling fresh air?
Our data belongs to us, just as our breath or our sense of smell, or sense of wonder belongs to us.
And if companies pollute the atmosphere, they should pay for that, via taxation.
Why is data any different?
Data protection and privacy – time to take it seriously
Would it not be better if we owned our data, and when organisations want to use it, they come knocking on our door, rather than the other way around?
So, the data sits on our server, on our bit of the cloud. If someone wants to access our data, and offer us something in return, then they must seek permission to tap into our cloud and use the data once; for that single purpose.
A publisher might want to know who we are so that it can collate an anonymised aggregated report on its readers. It might want to know enough about us to be able to configure who the advertisers are that are relevant to us – but it does not have to keep this data.
Just like in the words of Mission Impossible: “this tape containing your data will self-destruct in five seconds.”
We are seeing something along those lines in banking. Under the EU’s Open Banking regulation, PSD2, banks have to make our financial data available to certain third parties that provide us with a service, providing we first give permission. So, a bank knows what direct debits we pay, how much we pay on Life Assurance, we might give permission to a third party to try and cut our bills, by examining what we pay. Under the new regulation, the bank must free up the data, but it can only be used by this third party for the express purpose for which it has permission.
Open banking and the challenge of customer data privacy
What are the privacy concerns surrounding open banking, and what can tech banks and FinTechs adopt to ensure customer data is secure? – Think forward, however. In time, we may own all our financial data, our bank might merely borrow it from us, to provide us with a service.
Maybe Blockchain could hold the answer to privacy
Enter into the debate blockchain and take as an example HealthTech, aka digital health.
Data will transform the healthcare industry, enable finding new cures for disease and in depth data analysis via AI will develop insights that have eluded the world’s finest minds in health care. But if the data is misused, it could be highly dangerous.
Health data could therefore transform society for the better or become a digital weapon of mass destruction.
To explain how blockchain could help, we spoke to Julien de Salaberry, CEO of Galen Growth Asia, a Singapore based organisation that is creating a $70 billion HealthTech eco system across Asia. He draws an analogy with the food industry. “What is the source of that food, where did it come from, what was added in processing it? The idea is that a blockchain would allow the consumer to actually understand which cow, which pasture, etcetera it came from.”
Now imagine that working in healthcare.
Related: GDPR anniversary: has the regulation backfired? What next? – The definitive round-up of GDPR as it celebrates its first anniversary. Has GDPR backfired? what next for GDPR?
“So the NHS doctor,” says de Salaberry, “is adding data with each consultation or lab test, but as third parties start using that data for either research or marketing purposes, up until now, you have no visibility of who is making use of it. So, for example, you’re using a wearable device connected to a health app, and you’re collecting data, but you don’t know where the company behind the app is selling that data to.
“But imagine that in the context of the blockchain, where every single one of these data touch points, i.e. who is adding, amending, or using it, is recorded. You will now have visibility of that usage of data all the way through from the source. And therefore, you are now able to start auditing who is using the data and deriving value from it.
“Theoretically, we should reach the point where a better value exchange exists between you, the individual, and the organisation using the data and therefore, the individual receiving the value of what their data is truly worth to that organisation, rather than a lot of interactions going on with your data that you’re not aware, because the only thing you’re conscious of your relation with wearable device.”
In other words, our inherent human data is being bought and sold without our consent, authorisation, consideration, or compensation.
The human data marketplace represents an estimated $150 billion to $200 billion annually, according to hu-manity.co, a HealthTech startup which has built a blockchain solution which enables you to claim your personal data as your property and have a seat at the table when your personal data is used by corporations, and other 3rd parties.
This relates to organisations in a profound way.
Data may or may not be the new oil, but trust greases the wheels of customer marketing. Without that trust, the relationship between vendor and customer could break down.
Opportunity then emerges for organisations that seize the moral high ground and promote a data exchange, that respects everyone’s human right to privacy.
See also: Artificial Intelligence – what CTOs and co need to know – As part of Information Age’s Artificial Intelligence Month, we summarise everything you need to know about the technology on everyone’s minds.