By Nick Savvides, Strategic Accounts Director, APAC, Forcepoint
Privacy is dead is an easy conclusion to come to, but I don’t think it is true. Privacy is a deceptively complex topic, it’s something that must be looked through social and technological lenses, which themselves change over time. It is true today that more data is being created, stored, indexed and analysed than ever before, and has been growing at an exponential rate for the last 15 years. I’d say that the pandemic accelerated that even further, as it pushed so many small businesses, and so many formerly face-to-face interactions and dealings into the online and digital worlds, creating even more data.
In-fact I’d say that the pandemic made a lot of people ignore the privacy concerns that they may have had lingering in the back of their minds. This is because we had to turn to technology to fill in for human interaction and communication. Concerns about the privacy of platforms fell by the wayside, as we all clamoured to use new and existing services to maintain social connections. Even our homes, which we would normally consider a private place, were put on show to our colleagues, bosses and external customers. I doubt many people read the terms and conditions, privacy policies of the services they signed up for during the pandemic. This is not a surprise for me, because just like cyber-security, and risk in general, humans will generally ignore risk, when they desire the outcome, I think we can all relate when a box pops up and you think “Urgh go away! I just want to talk to my friends/play this game/do my job”.
Making this problem even worse for both consumers and regulators, is the pace of change and increasing sophistication of data science. I think most people understand, what I call the grand-bargain, you get a service for free, but in exchange the service provider gets to show you ads. This concept applies to TV, loyalty programs and so much more. But, I think people and don’t fully understand the value of the data they are providing, and how it can be used and what information can be derived from it.
For example, when it comes to social networks, users freely hand over information because they feel they have control of the information that they share and they don’t attribute much value to it, while they value the benefit of the social network gives them much more. People scan their loyalty cards at the supermarket, because they value the discounts and points more than the data they are sharing. All of this data is extremely valuable to those organisations, they will know their users and customers better than they know themselves, they will know their citizens better than their governments. Data science can use this data to understand not just an individual user and predict things about them, but also for entire groups of people, cities, suburbs. All of this is just for the services people understand that they collect data on them, but there is a whole class of services that people depend on and they don’t really understand what information is being collected or that it is being collected at all!
From smart home accessories, and their associated platforms, to fitness tools, children’s toys, all connected IoT devices, even your headphones, TV and other things you might not expect can and do collect data and share them with their manufacturers. You can either agree to the terms or thing doesn’t work.
Furthermore, there is a data monetisation pipeline, where the data collected is sold on to others, either in raw, aggregate or insights form.
All of this paints a pretty bleak picture for privacy and it is tempting to say “Privacy Is Dead” but I disagree, privacy is different now than it was 10 years ago, even 2 years ago, and it will continue to evolve, it hasn’t died but it may be on life support.
Our desire for privacy is real and exists and we can still achieve privacy where it matters and where it can be applied. The very real privacy concerns we all face cannot be addressed if we assume privacy is dead. If we accept privacy is dead, then it will die.
Services providers still need to feed their services with user data, companies still need to be able to better understand their customers, and governments still need to be able serve their citizens better all through data science. New services, new capabilities will continue to develop that use more and more data, while the barriers of entry, cost and complexity, continue to fall. So, like every other technological and social change, we must actively participate to maximise the benefits to all.
Our current regulations on privacy, are focussed on the dry aspects, on the mechanics of data collection, storage and consent, rather on the holistic aspects of what privacy means to society. This is the next frontier of policy development.
I believe that privacy is symbiotic with trust, and by focussing on this we can ensure that privacy survives; as trust is required for nearly every interaction work, it is more tangible to people. Cyber-security is fundamental part of ensuring digital trust, and as such it is also critical to privacy, but they are not equivalent, and I think a mistake many organisations make is to think of privacy only through a cyber-security lens. While it is true that cyber-security is big part of ensuring privacy as it can secure the systems, secure the data, detect when data is lost, and protect against unauthorised access, privacy is not just confined to these things, it is much more.
To address this, I think that those who understand the technology, understand privacy and understand data science have an obligation to ensure that privacy stays alive and evolves while regulators have an obligation to respond quickly to the technology changes to ensure that participants are trustworthy. We also as an industry, must work to educate and better inform our users of what is possible with their data and how it can be protected.