New EU rules - the GDPR - came into force in May 2018 but one wonders whether any regulations can adequately protect the interests of consumers faced with increasing monetisation of personal data. The following extracts from a letter to the FT summarised concerns very well:
... The consumer will never own the data or the algorithms. ... Every moment, your data relating to browsing, calling, online, social media, location tracking and so on is being churned through a multiverse of data warehouses. If you have been browsing about a certain medicine, correlating to a call to an oncologist and a search for a nearby pharmacy, this can consequently be packaged as a data intelligence report and sold to your medical insurance company. This is just one of the myriad ways monetisation is being unleashed on unsuspecting consumers across the world.
The data protection regulations, although a step in the right direction, are usually still heavily tilted in favour of the corporate giants and still focused on cross-border transfers than on the real risks of monetisation. The fines imposed on the Silicon Valley giants are minuscule compared with the money they have made from data monetisation efforts. And this is all achieved in the age that is still a forerunner to the era of artificial intelligence and quantum computing.
The very concept of data privacy is archaic and academic. The tech giants are moving faster than this philosophical debate about data privacy. All the sound-bites from the tech giants are mere smoke and mirrors. Unless we revisit our concepts of what is data privacy for this new age of data monetisation, we will never really grapple with the real challenges and how to enforce meaningful regulation that really sets out to protect the consumer.
Syed Wajahat Ali
Zeynep Tufekci drew attention to one interesting example in 2018. One medical company was buying individuals' temperature data that had been uploaded to another company which had supplied Internet-connected thermometers. It all sounded very benign but Ms Tufekci was concerned that the customers hadn't thought through the implications of having health data sold to anyone at all, including advertisers, and/or integrated into countless databases.
Facebook was fined the pre-GDPR maximum of £500k in 2018 for allowing Cambridge Analytica to access users' personal data without their explicit consent.
Can data be owned? It is interesting, by the way, to consider whether data can be (or is) owned like other property, It is hard to see that anyone can own the fact that something happened (Ms X bought item Y). And an electronic or other record of that fact can easily be copied - many times. And yet data is sold, which suggests that it has indeed become property. But who does it belong to? Does anyone have the right to control its destination?