In 2021, “personal data” is anything but “personal”. We don’t own our personal data and we have limited control over what happens to it. Currently, the onus of responsibility on how to use, protect, sell and leverage our personal data lies with big companies and government institutions.
It’s well known that when we sign up for any of the giant digital platforms – Facebook, Google, etc. – we gain free use of a product in exchange for your data. We are presented with a (long) Terms and Conditions form and we happily click the “I Accept” button without a second thought.
It used to be that whoever held the purse strings, had the power. But in today’s world, power resides in the hands of those who control data. There is a growing crisis of trust in technology and personal data security is at the heart of this.
The corporate-ownership model of personal data represents a huge and ever-increasing loss of freedom. The question of data ownership is an urgent problem that society needs to tackle before it sleepwalks into a situation that becomes irreversible.
Now is the time for tech leaders to stand up and ask how we can work together to mitigate risk for the public. And how can we drive positive social change?
As with any emerging large-scale trend, it pays to get ahead of the curve. In the same way that ethical issues – fair trade, inclusivity, sustainability – have become “badges of honor” for business, increased transparency over ethical use of personal data looks set to become the “next big thing”.
Whose data is it anyway?
Personal data is exactly that – personal. It’s “yours” and nobody other than you should decide where it is stored and how it is used. The only person qualified to decide exactly what data you should be sharing – and with who – is you.
I believe that data privacy should follow the “least privilege” model. It should be down to the individual what and how much they share. If one application just needs a name and address to work, why should you share your date of birth or medical history? Why should social platforms have the right to a user’s friends list or “likes” when the user hasn’t chosen to share it?
Time to re-think personal data
These days, people are much more aware of the importance of shredding paper copies of bills and financial statements, but they are perfectly comfortable handing over staggering amounts of personal data online. Most people freely give their email address and personal details, without a second thought for any potential misuse.
And it’s not just the tech giants – the explosion of digital technologies means that companies and spin-off apps are hoovering up vast amounts of personal data. It’s common practice for businesses to seek to “control” your data and to gather personal data that they don’t need at the time on the premise that it might be valuable someday.
The other side of the personal data conundrum is the data strategy and governance model that guides an individual business. At Nephos, we use our data expertise to help our clients solve complex data problems and create sustainable data governance practices. As ethical and transparent data management becomes increasingly important, younger consumers are making choices based on how well they trust you will handle and manage their data.
We help businesses smoothly transition to more ethical and consumer-friendly data management and governance that earns them trust, credibility, and, ultimately, ensures a more sustainable customer base.
Why we need legislation around personal data
Back to the Terms and Conditions. Once that box has been ticked there is currently no legislation to limit how a company is allowed to use our personal data. Governments grant corporations and businesses the right to mine personal data and use that data to generate income. There is very little transparency over how your personal data will be used. No wonder The World Economic Forum stated in 2018 that the pace of technological change is accelerating convenience but undermining trust.
This missing legislation is a gaping hole that some businesses are happy to exploit, and there’s obviously an urgent need for it to protect personal data. But rather than a knee-jerk reaction, legislation needs to be carefully designed so that it can’t, for example, be circumvented by simply “relocating” a website in a different country, or just modifying the Terms and Conditions.
Digital transformation of personal data… But how?
Where to start with this transformation? One possibility: Blockchain. An identity-centric blockchain can create an immutable ledger, able to guarantee that the stored data is “owned” by the person. Ideally, it should be owned by an independent third party. I would personally prefer a not-for-profit organization, and certainly not a central government body (due to lack of trust) or a corporation (due to temptation of profit making). It could be a government funded system if there was clear separation in place.
Blockchain enables collaboration, builds trust and is also a global, cross-border solution. Everyone could have a national email address associated with their blockchain identity. Nobody would know anything about you, be able to contact you (removes spam immediately), or where you spend your money, unless you want them to. This is the holy grail of data privacy and data governance: your data – your choice!
UK should lead the charge for democratizing personal data
It appears that the US aims to resolve the situation using anti-trust laws – breaking up the monolithic reach of Facebook and Google, for example. But this treats the symptom, not the root cause. It’s time for tech leaders to stand up and be vocal; the UK must seize this opportunity to lead the movement for democratizing personal data for the good of the people. Yes, it’s a David vs Goliath situation. But it’s worth remembering that David won the battle.