The Facebook/Cambridge Analytica data sharing scandal is a necessary wake-up call, but the issue is much bigger than Facebook, and the less visible aspects of data collection arguably present much greater risks.
I was listening to the CEO of a data company who said the firm has data from 3 billion people. They know if you have had a good day or a bad day, and if you are willing to receive a certain sales message. They are scraping data around the internet and trading with other parties. He said they can merge their data with the data of a bank or insurance company that can then utilize it for cross- and up-selling and find suitable products for each customer.
He said all this in front of a large audience a couple of weeks after the Facebook/Cambridge Analytica data scandal broke. I found myself wondering if he has seen the news and understood the mood of people. Maybe he could at least adjust his message? My lawyer friend commented that the CEO should also immediately talk to his lawyer and hit his head against a wall at least twice.
Anyway, his speech is an important reminder that we must not think it is only Facebook and Cambridge Analytica that collect and trade data and try to use them for marketing or persuasion. There are thousands of companies that are in this data business in some capacity or other. I recently tried to book a dinner table for a pub in London, and pub’s web site asked me to give my home address, email address and telephone number. This is the reality of data business, from small businesses to giants.
The Cambridge Analytica case spotlights important problems and is a good wakeup call, but it is only a small part of all things happening with data. It was not even new information, strictly speaking – most of the information on potential issues with Cambridge Analytica has been available for at least a year. The ‘new’ part was the academic project that was used to develop analytical models based on Facebook’s data at Cambridge University.
The case also illustrates that these kinds of issues are complex to evaluate and understand, and it takes time for people understand the importance of them. Collecting and monetizing data has been an important part of many business plans for years. But the mood has already changed – innovative business models and plans to utilize people’s private data are not as acceptable. Now it is becoming important to offer more control and privacy to consumers. Distributed models (including blockchain) are coming to bring new models manage data too.
The EU’s GDPR and PSD2 regulations are also a part of this shift. We could say that innovations, regulation and business models are moving towards models that can give more control to people. But this doesn’t mean things happen overnight, or there wouldn’t be any more companies trying to gather and trade data.
The issue of transparency is a tricky one. Many companies operate like big black boxes that suck up all data and trade it with other black boxes. Consumer visibility and control has been very limited. Interestingly, companies like Facebook and Google actually give more visibility to users’ data and even tools to delete data than many finance companies have done, for example, including banks, insurance companies and credit rating agencies (Equifax being a notorious example).
Traditional companies also have legacy IT systems that make it from hard to impossible to offer better transparency to customer data. For example, banks face challenges to fulfill PSD2’s open API requirements. To really improve data security as well as transparency and control, this often requires new IT solutions that are really designed to work with open APIs and tools to offer more control to users and better access to regulators.
Facebook ‘likes’ can be revealing about your preferences, political opinions and some other personal things. But it is naïve to think Facebook alone is our biggest risk and deleting your Facebook account solves all our issues. Think about all your finance data, health data, and customer data with many other companies, and how they are used, e.g. if you get health insurance, a home loan, or your credit card transaction to evaluate if you have criminal or terrorist contacts. It is also worth remembering the biggest risk is not just someone simply obtaining your data, but also modifying it and manipulate your ‘profile’.
Facebook and Cambridge Analytica have been a necessary reminder to understand the issues of data collection, and an arguably effective one considering many people have a personal relationship to Facebook. But we must realize the issue is much bigger than that, and that the less visible aspects of data collection and sharing arguably present much greater risks.
Data collection will not stop, and big data analytics will still be key to existing and emerging business models – indeed, businesses are already looking for new data models. Now is the time to do more. This means new attitudes, regulations, business models and also new IT architectures. We must no longer accept the excuses from those black-box data companies that it is complex and expensive to offer better transparency and give control to people. The solutions to accomplish that are available now – what we need is the desire and the will to change things.