Personal data is owned by each person – or is it? Although individuals may believe that they own their data, the truth is much more obscure. Once shared, data ownership becomes murky, and can change depending on the jurisdiction of the company using the data and where it is stored.
GDPR and data ownership
Although the General Data Protection Regulation (GDPR) has clarified data ownership in Europe and the UK, there is still some confusion about data ownership and how to enforce it. As Mike Dougherty, CEO of adtech company Jelli explains, “Under GDPR law, the individual owns the rights to their data, with a few exceptions. They ultimately have the final say, not the company that possesses it — whether obtained through consent or not.”
This is seconded by Julia Stead, VP of Marketing at analytics company Invoca, who explains that tech companies are quick to avoid the thorny issue of data ownership. “Data giants like Google and Facebook are very careful to avoid mentioning ownership in their data collection policies, they focus on collecting and storing user data,” she explains.
Under each interpretation, it appears that the consumer does have ultimate control over their personal data and can make requests… to a certain degree.
Organisations are responsible for data
So, GDPR gives consumers more rights to their personal data. However, once they share it, their control over it lessens and other entities become responsible for it. Companies that use personal data become stewards of it. A position that requires ethical data use and effective data security.
Thus far, organisations haven’t succeeded with this. Data breaches are frighteningly common. Recently, pregnancy club Bounty was fined £400,000 for sharing the personal data of 14 million members with credit reference and marketing agencies. In particular, the company was reprimanded by the Information Commissioner’s Office for selling the information of potentially vulnerable new mothers or mothers-to-be, as well as the birth date of newborns.
Microsoft has recently admitted that hackers gained access to some Outlook users’ emails. Accounts were compromised for three to six months and the company is still to reveal the number of customers affected.
Even the UK Government is not immune. The Home Office has issued an apology for a data breach of EU citizen information. It unwittingly shared the details of 240 people seeking ‘settled’ status post-Brexit. An email to the individuals failed to use the ‘BCC’ box, thus revealing their details to everyone else CC’d into the email communication.
Each case reveals a different way that organisations have failed to use and protect personal data. It highlights how easy it is for companies to fall short when using consumer data. For the public to trust organisations with their personal data, issues like data breaches and hacks must be resolved swiftly. They cannot be as commonplace as they are today.
The data value exchange
Which brings us back to the question of ownership. Because individuals have ultimate ownership of their data but relinquish the protection of it to organisations. They do so in a value exchange: a business gains insights to improve operations and individuals benefit from tailored marketing, product recommendations and so forth.
The pressure on businesses to secure it effectively is only going to grow. Post-Cambridge Analytica, consumer trust is on shaky ground and their expectations are high. Organisations must realise this and meet these expectations. Strong relationships between data owners (consumers) and stewards (organisations) are key to the future of data. If one party doesn’t trust the other, then neither can unlock value from personal data.
Technology leaders hold tremendous power to shape the world in a positive way. Responsible use of technology will support society’s needs and ensure a sustainable future. However, thus far, the irresponsible and unethical use of technology has marred the industry.
Data breaches are a common scandal. In 2018, T-Mobile suffered a data hack that exposed two million customer details including encrypted passwords. British Airways was also hacked, with 380,000 payment details stolen. The scandal left panicked customers scrambling to contact their banks and credit card providers. Recently, hackers published the personal details of thousands of FBI agents and law enforcement officers. Making them and their families vulnerable to attack and potentially blowing their cover. Breaches are a worrying development, with new reports of attacks and leaks surfacing every few weeks.
Scandals that damage trust
Then there is the unethical use of data. Highlighted in the Cambridge Analytica scandal, which resulted in a deep public distrust of data use. Only a fifth of the UK public trust organisations to store and use their data. This has been further weakened by Facebook continuing to share data with third parties without explicit consumer knowledge or consent. Sharing arrangements with 150 organisations were revealed after the Cambridge Analytica scandal. These included retailers, other tech companies, media organisations, publishers and automotive manufacturers.
Time to rebuild the relationship
To rebuild trust in data and the wider tech sector, tech leaders must do more to address consumer concerns. They also have to go a step further, in ensuring sustainable business practices and actively solving society’s most critical issues. 76% of the public want to see CEOs actively driving change in society, instead of waiting for governments to impose it.
Positive uses are overshadowed
Overshadowed by scandal are many positive uses of technology. AI is being used in medical research to detect breast cancer with 99% accuracy, for example. It has potential applications in the circular economy, with AI designing out food waste in supply chains. The estimated value creation from this is estimated at US$127 billion a year by 2030.
Communicating such benefits and positive advances would do a great deal in regaining public trust in the sector.
Concerns around the impact of technology are translating as increased scrutiny and regulation. The EU’s General Data Protection Regulation (GDPR) was introduced to give individuals greater power and ownership of their personal data. Likewise, governments are debating regulations for the sharing economy, gig workers, the policing of online content and breaking up big tech. All are products of technology, with resulting pros and cons.
Hard to predict tech’s impact
Indeed, few tech leaders could have foreseen the long-term implications of Facebook, Uber, Airbnb and Twitter when first founded. We couldn’t have predicted the influence that Facebook would’ve had on the U.S. elections or Brexit voting. Nor could we of envisioned the widespread disruption to the travel and transport industry caused by Uber and Airbnb.
With more advanced developments on the horizon, such as deep learning and autonomous vehicles, the onus is on tech companies to make changes that have a net-positive impact on society. The time is now for technology leaders to ask reflective questions on the use and role of technology. To learn from the unintended outcomes of unhampered technology development and use.
Place humanity at the centre
It is time for humans to be placed squarely in the centre of all tech developments. Not to create newer and more advanced technology to prove that we can. But to develop technology that builds a better world for generations to come.
Oversight and accountability
To achieve this, we need oversight and accountability. This is something that governments are trying to implement. However, they lack the detailed understanding and insight of those within the industry. Therefore, it falls on tech leaders to regulate and hold each other accountable.
Technology should showcase best practice. It must be a symbol of purpose and positive societal progress. In doing so, profits will soon follow. To do the opposite will be to forever undermine the power of technology. We’re in the industry to change the world. Make sure it’s for the greater good.