So big data analysis has got everyone rubbing their palms with glee, or has it? It might be a gold mine, but it makes for privacy problems that have the potential to really rock the big data boat. Cashing in on big data has really thrown it into the privacy protection and regulation firing line. With the data processing industry evolving at high speed, privacy laws simply aren’t keeping up and 2013 has seen unscrupulous data usage range from the morally questionable to the downright criminal.
Let’s have a look at Kevin Bacon. If the adverts are to be believed, he loves EE, loves how everything is connected. So for the sake of argument, let’s assume Kevin has chosen the all-connected EE as his supplier. As with all mobile operators, Kevin’s data - along with that of their other 27 million subscribers - will have been collected. Data on the calls Kevin made, where Kevin was, what he downloaded and every website he visited. They also know his gender, age, postcode, friendship networks and the texts he sent to his celebrity friends. Mobile operators then sell on their data sets (not identifiable personal data), in anonymised blocks to third parties. This is just a drop in the ocean. Our data is being collected and sold on all over the cyber-place. “Cyberazzi” – data companies that trawl the internet for consumer information - cash in by selling this on to retailers and in some cases, on the down-low to government security agencies.
But what about Kevin? We’re told he shouldn’t worry -– the data was ‘aggregated and anonymised’. It was what? Precisely. Defining and preventing irresponsible and illegal data use is a huge legislative task, and defining what truly ‘anonymous’ data comprises is up there with the biggest of challenges, especially as anonymised and pseudonymised data can be overlayed with other data sets to ‘de-anonymise’ or ‘re-identify’ individuals.
Ipsos MORI were one of the buyers of the ‘aggregated and anonymous’ data from EE and their plan was to sell it to the police. Yes indeed, it does seem strange - why are the police interested in buying aggregated and anonymised data? Regardless, all parties maintain it was anonymised - otherwise that’d be data that the law prohibits the police from collecting, potentially being sold to the police. In anyone’s books, that wouldn’t sound great.
Last week was an eventful one for our friends across the pond when it comes to morally dubious data use. Firstly, the US justice department admitted it knew every call made by 100 Associated Press reporters for 2 months last year after seizing details – undisclosed - from phone companies without so much as a why or wherefore. And then there were the reporters at Bloomberg who lucked out by getting access to restricted data through market tracking terminals they’d sold to Wall Street banks.
So can anyone use our data for further purposes and hand it over to a third party? Under the current framework, you need to satisfy a legal basis to do so, but this may be about to become stricter - the European data protection authorities published guidance to the effect that data cannot be processed for purposes other than those for which it was originally collected, and these purposes need to be made clear before collecting the data.
When did we say yes to all this? If you like your social networks, you probably realise you’re handing over a lot of personal information when you use them. But did you know it has probably been handed onto a marketing firm – or even been used for analysis and predictive modeling? Didn’t see that consent box when you checked-in at your favourite restaurant this weekend? Neither did we, but that’s because it turns out explicit consent isn’t always needed. Negotiations continue over whether explicit consent should be required and other related changes (e.g. the ‘right to be forgotten’), and the EU's Civil Liberties, Justice and Home Affairs Committee (LIBE) are due to vote on the recommendations later this year.
At Freshminds, we’re interested to hear your thoughts and a hot topic of debate at the moment is whether the big data industry should be regulated, with a code of conduct and clear guidelines. What’s your opinion?
Should the data industry be regulated?
Yes No Maybe
|pollcode.com free polls|