My Data. Your Business. Thumbnail
Identity 14 March 2017

My Data. Your Business.

By Sally Shipman WentworthManaging Director

In times like these, it’s easy to be paranoid.

Almost every day there is a new story about an app, a TV or a child’s toy that is collecting too much data, or a massive data breach, or the latest kind of ransomware doing the rounds of the Internet.

We may not know the specifics, but we do know that somewhere out there someone is tracking us online: in fact, most of the data monetization machine is invisible to consumers — the individuals whose data fuels it.

All this has, understandably, left many people wary. Why WOULD you trust someone or something that is gathering information on you with no real insight into how it will be used?

The consequences of this could be devasting to the economy. If do not understand how their data will be handled and used and therefore don’t trust online transactions, online business will wither and die. The economy that the Internet supports could disappear.

Today is a day when world leaders will be listening. Not only is it World Consumer Rights Day, but it is also the G20 Consumer Rights Summit in Berlin. Robin Wilton, who helps lead Technical Outreach for Identity and Privacy for Internet Society, is on a panel to send a clear message that consumers, companies, and governments must take up the cause of data protection to help create an Internet we all can trust.

The global economy depends on it.

Here’s why your data is collected

For companies, your data means money for them.

Take Snapchat, a mobile messaging service where messages “disappear” after a few moments. In 2014, Snapchat turned down a $3 billion offer from Facebook to buy it.

And just a few weeks ago, Snapchat just filed for a $3 billion IPO and debuted at $17 a piece on 1 March and popped up to as high as $26.05 on day two.

Why is a service that prides itself on “disappearing” messages be so valuable? The answer depends on what Snapchat represents to you. If you’re part of a younger market that is less interested in leaving indelible footprints on Facebook, and is more interested in spur-of-the-moment mobile messaging, then the idea of a service where your messages automatically disappear is an attractive one.

If you’re looking to acquire the company, its value lies in the personal data consumers can’t avoid disclosing – their names, their phone numbers and most importantly, their network (the people they are connected to).

Different people see different values in the same company, and that can mean tensions when it comes to consumer protection. How can the company monetize its consumers’ data, while still delivering the privacy they signed up for?

Why is it a big deal for us?

With companies willing to pay millions, even billions, for information on what we do online, there is a strong motive for companies to collect all they can, keep it forever and use it for as many purposes as they can dream up. That sends a strong signal that we need to be in control of our personal information.

And while some companies are open and clear about what they do with our data, we – as consumers – are mostly kept in the dark. And, let’s face it, innovation is happening faster than our individual ability to keep up. Sometimes it seems like there is an “act now, ask for forgiveness later” culture.

And, then there’s the issue of data breaches. Large-scale data breaches continue to plague both the commercial and the public sector and to affect millions of consumers and citizens, as noted in the Internet Society’s 2016 Global Internet Report.

So if data collection and data breaches are showing no sign of stopping, what can be done?

Encryption is a key

We typically think of encryption just as a way of keeping information secret, and therefore as a way of mitigating the risk of a data breach — but in the digital world, it is much more than that.

  • It ensures that Internet traffic goes to the right destination.
  • It helps establish that you are talking to the person (or service) you meant to talk to.
  • It protects you against fraud when you pay online or in person.
  • It secures your mobile phone, your satnav, your home wireless connection.

Encryption underpins trust in almost every aspect of online activity, and as the Internet of Things expands, that list will only grow.

The Internet Society believes that encryption should be the norm. It’s the basis for fueling what the Internet brings to our economy, it’s a tool that helps us to trust our online transactions, and it helps all of us – from consumers to businesses to governments – boost our online security. It is not a threat, but a tool to help us know we’re doing our part to secure ourselves and the Internet.

Organizations Must Act.

Organizations must also play a role.

Together, with businesses and other organizations, the Internet Society believes that we need standards to handle consumer data ethically.

We propose a set of simple, but effective, principles any organization can implement, to create a culture of ethical use of personal data.

  • Publish ethical data commitments and stand by them.
  • Be honest and fair about consent and re-use.
  • Be transparent about your business model.
  • Embody ethics in product/service design.

We believe this will result in more sustainable business models for personal data, and lead to more trust between consumers and service providers.

These principles are a starting point. They should also be reinforced by practical measures, such as the Privacy by Design approach set out by Canadian and Dutch data protection commissioners in the mid-90s. For example, it recommends the practice of data minimisation: collect only what you need, keep it only for as long as you need it, destroy it safely and make sure it is secure. Restrict access – remember you are holding someone’s very personal and private data – and encrypt!

If you would like to take part in the development of these principles, please get in touch.

Consumers need policy on their side

Policy makers must step up to the plate as well.

One of the most important places to start is to create a way to reward organizations and companies for ethical data handling practices and to encourage ways for those entities to credibly signal to consumers what standards they are applying. Ethical data handling is not only a solution for consumers: it is also a foundation for trust and sustainable economic growth.

Policymakers must work to create the conditions in which ethical data handling can have a positive effect on the market.

We all have a role to play

But, above all, we, as consumers, can take steps now. Inform yourself, demand better privacy and protect the data on your devices and in your communications, by using encryption.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Privacy 16 October 2018

Senegal First African Country to Implement Recommendations of ‘Personal Data Protection Guidelines for Africa’

Last week, we have had a busy two days (11-12 October 2018) in Dakar participating in a multistakeholder workshop...

Encryption 16 March 2018

Rough Guide to IETF 101: Privacy, Identity, and Encryption

It’s that time again! In this post of the Rough Guide to IETF 101, I’ll take a quick look...

Blockchain 13 March 2018

Blockchain and Digital Identity – A Good Fit?

Every time you see “Login with Facebook” or “Login with Twitter” etc. on a website or use login credentials...