Jun
7
VZBV is out to get you!
Filed Under B2B, Big Data, Blog, data protection, Financial services, healthcare, Industry Analysis, internet, news media, privacy, Search, social media, Uncategorized | 3 Comments
However, I bet the US government gets you first! As the newspapers (Guardian 07/06/13) reproduce slides for training US security and FBI officials in the use of the data feeds they get from Google, Verizon, AOL, Apple, Facebook et al who under the FAA enactment can now download usage data and user content, the German Federation of Consumer Organizations (VZBV) brought an action against Apple – and won in the Regional Court of Berlin. One of Apple’s crimes was sharing data with subsidiaries, and another was re-using data not directly gathered in the trading activity (for instance, the recipient’s details on a gift certificate sale). If I worked in Apple’s legal department, dedicated to taking no prisoners in any legal wrangle, I would be getting fairly schizoid by now. As indeed I am, whenever I use terms like Open Access, Open Data, Open Society, Open Sesame… and then reflect on the attempt by everyone in the networked society and the network economy to suborn and subvert every data instance into own-able IP.
And now, a word of explanation. My silence here in the last 10 days reflects my listening elsewhere. And speaking – to two Future of Publishing sessions, in London and New York, sponsored by IXXUS (www.Ixxus.com), and at a seminar organized by the University of Southampton’s Web Sciences Doctoral students group (slides are available here). At each of these sessions we discussed the networked society and its implications. And Big Data reared its ugly head, strengthening my resolution never to mention the apparently undefinable term again, but to talk instead of massive data components and the strengthening business of data analytics. But nowhere did we discuss data protection – or revelation – and I regret that, especially now that the brilliant latest issue of DataIQ, the journal of DQM Group (www.dqmgroup.com) has come to hand. On page after page it nails the issues that every data holder should have in mind, and which our networked content industry grievously neglects at its peril. If the FBI don’t get you, the German courts will!
But I am less surprized, on reflection, by the US revelations than I thought I would be, bearing in mind the huge amounts of high level analytics and search software that agencies of the US government have bought over the years. On the one hand we should be grateful that a degree of paranoia has spawned an industry. This is where Seisint (Lexis Risk) came from, here is where Palantir and other software developers have flourished. These software developments were always intended for more than calculating the Presidential expenses or searching the library. The Military/Intelligence complex has been a rich patron for developing many of the tools that the networked society depends upon. On the other side we should reflect that mass observation on this scale is the Orwellian manifestation of a police state, and that those who battle for the liberty of the individual are betrayed if it becomes necessary to infringe that liberty in the cause of protecting it. In saying this, I should also say that I am sure that the UK government would be equally intrusive if they could afford it, and in times like these the natural tendencies of governments to use National Security as the cloak for the erosion of civil liberties is global. But after the emergency, do you ever remember government giving privacy rights back?
Which brings me to the network protection of user data in non-security contexts. Here there can be no doubt about who owns what: the problem is getting people to admit to the obvious. Thus, it seems to me axiomatic that when I use a networked service, then the transactional data that I input remains mine, unless or until I have accepted conditions of service that say otherwise. And even those conditions cannot rob me of my ownership: all they can do is define agreed conditions or re-use for the people I am dealing with at the time. Eventually, in the network, we will each of us be able to isolate every data entry that we make anywhere and store it in a personal DropBox in the Cloud. We will then sell or gift rights of re-use to designated parts to Apple, to market researchers, to the US government as part of a visa waiver application. But we shall at least be in control, and have pushed back on the arrogance of data players who seem to believe that every sign-on is their property. It is this type on “unthinking”, I am sure, that lies behind Bloomberg’s huge intrusion into user rights when they allowed their news team to examine the access records of their clients. I know we do not like Bankers in our society now (Don’t worry, Doctors and Lawyers and Journalists and Politicians – we shall be back for you again just as soon as we have finished off these financiers), but surely no one at Goldman Sachs deserves a call from a news reporter saying “I see you have not used your terminal this week, so are you still employed?”
Here in Europe we pride ourselves on ordering things differently. Our secret weapon is Germany, where, for fairly obvious historical reasons, privacy is now a fetish and data protection has become a goal pursued on behalf of citizens by a lobby of what can only be described as, well, privacy fundamentalists. The current revision of the European Data Protection Directive (95/46/EC) into European law will effectively turn the current opt-out regime in the EU into an opt-in world. Not necessarily a bad thing, says Mark Roy, CEO of the Data Agency in an article in DataIQ. I agree, and I also agree that the right of erasure (the right to be forgotten) is pretty difficult to manage. But the real horror story is the bureaucracy, the checking, the courts and the fines that all of this entails. Somewhere here there has to be a balance between German fanaticism and US laissez faire regarding the rights of individuals to the ownership of their own information. We have never seemed further apart from creating this essential building block of a networked society.
Comments
3 Comments so far
[…] more: davidworlock.com […]
David you are of course so right on this matter and like you I share a vision of the day when we might have control over all our data, however, that day seems a long way away.
But don’t you love the irony of this debate. One might argue that the biggest data brokers are the government themselves particularly in the US and they have not exactly been paragons of virtue when it comes to ensuring they have the individuals consent before selling the data. Anyone who remembers the DVLA selling car drivers details to parking fine collectors will be aware that they are not immune to the opportunity to monetise the data they hold whether they have the individuals permission or not.
Then there is the much publicised use by the Obama and Romney campaigns use of data from data brokers, (yes the exact same data brokers that the government now has under the microscope)to create targeted electioneering campaigns. Less publicised but no less sophisticated was that use of exactly the same techniques in the last general election in the UK.
Now we have the furore over the US monitoring of huge quantities of data in the pursuit of national security. But if you are surprised by this you must have been asleep as long as Rip Van Winkle. The security forces discovered years ago that one indicator of a potential suicide bomb attack was that individuals who were being monitored suddenly maxing out on their credit cards.
Your contention that as a user the data you input into the system belongs to you may be logical but in reality Bloomberg’s mistake was the old one of getting caught, many other organisations have built services on the data their customers input to use their systems and will continue to do so.
So what do we make of this? How in a world where data is everywhere and nearly everything we do leaves a data trail, that someone, somewhere finds useful ,do we get the genie back in the bottle?
Well of course we can legislate to protect rights and we can sue transgressors. We can make it easier for consumers to have a semblance of control over their data by opting in and being able to enquire of companies about the data they hold (incidentally something we can do in the UK via a data subject access request). But in my mind this doesn’t guarantee better protection, not in a network that is expanding exponentially and no one really knows where their data is at any one time.
What we need is investment in educating our citizens, so that they better understand the value of their data, the purposes for which certain organisations use it and why they have a role in ensuring that they manage their data responsibly. Today it is a fact of life that most people just don’t care about these issues and why should they? As far as they are concerned nothing bad has happened to them and they don’t know anyone who has been affected.
So we need to start to educate our citizens particularly our children, whose lives will be changed beyond our imagination by the revolution in data and analytics. Not only will they better understand their rights but when they become executives they will better understand their responsibilities.
In my opinion governments who pursue a dual approach of education and regulation will have a much greater success in achieving a balance between commercial interests and corporate responsibility. In doing so they may yet ensure that the data and analytics revolution delivers the benefits it promises.
Without such an approach I fear a long war of attrition between the clever data scientists and the regulators, not good for future economic growth and certainly not good for individuals.
[…] discussion can be found on VBZV is about to get you …. The FZBV being the German Federation of Consumer […]