As we look ahead to the coming year, our eyes are inevitably drawn to the digital landscape and the billions of personal data points that map its contours.
Nearly every what-to-watch-in-2016 list refers to data privacy. And nearly every one points to a significant shift in the balance of control over personal data: tipping away from AdTech and toward consumers.
To relinquish or control, that is the question
People are bristling at the unbridled collection and use of data about their behavior online, their every move through physical space, and literally thousands of facets of their “persona” (up to 4,000 data points on a single user—one journalist asks whether he could come up with that many data points on his spouse!).
And we consumers are footing the bill: the frenetic pop-ups and “vexing videos” that plague our mobile screens have voracious appetites for bandwidth, sometimes consuming more than the content itself.
Yet consumer opinion remains divided, largely along generational and cultural lines, about the risks and benefits of permitting data collection.
Some, especially “digital natives,” are accustomed to letting their private lives spill out in full view of the online public. (Though cybersecurity specialists predict that Millennials will take a closer look at privacy.) Many others shrink from the spotlight, wondering what really lies behind the glow.
Of course, there is no immutable law of information technology declaring that we must relinquish our personal data and privacy in order to participate as digital citizens. We can demand control.
Blocking, faking, refusing
Has data-driven personalization reached its limit? It certainly has met its match in ad-blocking technology and consumers’ evasive strategies.
- Symantec’s State of Privacy 2015 finds that 33% of consumers in the UK provide fake data and 53% avoid posting personal data online.
- A Pew Research Center study shows that 24% of American Internet users provide inaccurate information about themselves and 57% have refused to provide information irrelevant to the transaction at hand.
- The dizzying rise of ad-blocking software (198 million active ad blockers globally including 34% of 16-24 year olds using the Internet) illustrates our collective frustration with increasingly intrusive advertising strategies.
Big data is bittersweet
Big data has many worthwhile and legitimate uses but the anonymization of personal data is notoriously difficult and the data collected often far exceeds what is needed for a given service or transaction, for example:
- tracking your location nearly 6000 times in 2 weeks
- checking your location when you are not using an app
- identifying individuals based on retail transactions (as few as 4 data points provided 90% accuracy!)
- seeking excessive permissions (up to 235 permissions, the average Android app seeks 5)
Forks in the road: what can we do?
We can choose more palatable paths through the digital world. Consider these 5 alternatives:
- Matching content to channel: Differentiate content types and select communication channels that are aligned with their attributes: e.g., broadcast public content; choose user-to-user or authenticated access for private content; delete temporary content when it becomes irrelevant; archive permanent content for posterity.
- Managing our own personal-data: Ask users to define the privacy parameters of their online presence based on the context of what is being served (e.g., search results, e-retail, social content, branded content, academic research, professional content, etc.). Researchers in EdTech have already taken steps down this path granting students greater control over what personal data is displayed on a given page. They call it “sovereign source identity.”
- Re-defining regulatory frameworks: Support national and international laws that promote more transparent terms of service, explicit opt-in, the right-to-be-forgotten, and what law professor Lawrence Lessig calls systems that draw on personal data for “single-use purposes.”
- Favoring private-by-design: Appeal to consumers by offering inherently private, secure devices like ReVault’s wearable data storage, Purism’s laptop, or the Blackphone 2.
- Data minimization: Do not collect sensitive information if it isn’t needed for a given service and delete it once it is no longer relevant. Store personal data locally rather than in the cloud. (Data minimization will be critical for the Internet of Things.)
- Permission-based advertising: Encourage permission marketing rather than interruption marketing. The former is not a new idea but it may enjoy a renaissance. Rather than pushing intrusive ads to consumers, marketers and advertisers may offer them something in exchange for their attention or action.
All of these options implicitly treat personal data as a monetizeable asset. Given that we are the source of this in-demand resource, shouldn’t we exercise our right to determine its value and the conditions of its exchange?
Shouldn’t we demand more than the simple convenience that data controllers point to as the current trade-off? (An Annenberg School for Communication survey reveals that most Americans don’t buy this “tradeoff fallacy” anyway.)
More bandits, more breaches
As we explore these options, cybercriminals will continue to test our systems’ vulnerabilities relentlessly and will penetrate inadequate defenses. The incidence of data breaches continues to increase (780 in the U.S. in 2015), as does the sophistication of the attacks. Those seeking unauthorized access to personal data are devising increasingly subtle ploys. Social-engineering fraud preys on our gullibility and turns our socially-shared information against us.
The profusion of connected devices spawned by the Internet of Things (IoT) will expose still more of our data to additional “controllers” and attacks. The Gartner Group estimates that the number of connected things will reach 25 billion by 2020.
And the range of entities seeking to use information about our behavior and demographic data keeps expanding: note the granularity of voter profiling in the current U.S. presidential race. Psycho-graphic, behavioral microtargeting is providing candidates’ campaigns with detailed information gleaned from voters’ “Like” patterns on social media.
As with any data stored in the cloud, these records can be leaked. A researcher was able to access 191 million voting records from one database a few weeks ago and an additional 56 million records from another.
New rules of the road
We can all expect to be rated on our data-ethics performance and our reliability vis-à-vis privacy and security. Driven by both consumer pressure and the risks of cybercrime, businesses will continue to adapt by creating new roles (chief privacy officer), adopting new regulations, developing new privacy-enhancing technologies (so-called PETs), and implementing new policies and training, all addressing data security and data ethics. The economic and reputational risks of failing to do so could be crippling.
So who says privacy is dead? 93% of Americans feel that it is important to control who can get information about them and 90% feel it’s important to control what information is collected. Those numbers unequivocally refute any claim to privacy’s demise. To ignore them is akin to junk food marketers asserting that healthy eating is dead.
Privacy will be dead when we digital citizens give it up. Nothing indicates that moment is near.
Read additional perspectives on what to expect in the privacy space in 2016:
- Mary Meehan writing about consumer culture in Forbes
- Conner Forrest writing about data trends in TechRepublic
- Christos K. Dimitriadis writing about cyber-risk trends in TechInsider
- Victor Pineiro writing about social-media marketing trends in AdAge
- A range of voices polled by Pew Research Center
- Global design firm Fjord predicts: “big data will get some manners.” Let’s hope they are correct.
Photo credit: Russell Johnson