Big Data & Privacy - Part 1

The use of internet browsing data to profile a possible customer facilitates instant appearance of Ads. It is a double-edged sword. The consumer does not have to go and search for what they need, rather everything they need is brought to their attention. On the other hand, it is also a constant bombardment of ads that may no longer be relevant, or just take up too much of your attention, when you are trying to do something else. This is the new reality in the age of digital transformation.

A bigger underlying concern though, is the ease with which individual privacy is being breached in this situation, and if we are collectively okay with it. Your previous searches on a website are available to the organization to profile you and provide special targeted offer. This seems harmless enough, and it does have its positives — you may get a decent deal out of it. It’s quite easy to ignore or not even consider it a breach, because you provided this information. 

Does it ever stop at just that, though? It is, hence, even more important to realize that the threat to privacy in this new world does not stop at profiling for ads. As the world moves towards a digital future, sensitive information is digitized and stored in the same way, organizations tie-up and share user information and data, and before you realize it, large organizations have so much information on you, they can alter your perceptions and choices. Facebook’s 2013 study on how emotions can be altered through its timeline is just one example .

Organizational Threat

The discussion today revolves around all the information organizations possess about its users. It can contain personal information down to income, likes/dislikes, religious/political standing, interactions with people, and so on, on a Big Data scale. We may trust the organization with our data, but it does not mean the information is safe and only with that one organization. This information may be shared with other organizations, or the security may get breached and data stolen.

The value of data is being realized by people, and this puts the data owned by organizations even more valuable. This also puts the security of data at risk, as the data is targeted more to hack or bypass security and get hands on the data. Are we ready to let it go as it is going?
Let’s look at some of the problems and tentative solutions in some of the countries across the globe.

India

In August 2017, India’s Supreme Court put out the verdict that Right to Privacy is a fundamental right of its citizen. It seemed like a step in the right direction.

Aadhar Fiasco

Around the same time Supreme Court released its verdict, there was a big debate around the security of Aadhar Card data.
Aadhar Card is identification proof for a big chunk of Indian citizen and the government is pushing hard for nationwide usage of it through different methods like linking Aadhar card with mobile numbers and so on. But in the same month as the Right to Privacy became a fundamental right, WikiLeaks published a report that said USA’s security agency — CIA may have access to Aadhar Card’s data.

Government also acknowledged that there was a huge data leak of Aadhar data in May 2017, in which personal information of more than 130 million citizens were leaked. Data collected for Aadhar card is quite sensitive, because it contains biometric data as well as personal data, and there are multiple ways to misuse this information.

Other Data Breaches

Reliance Jio, the telecom company that disrupted the telecom industry for the better allegedly suffered a data breach in July 2017, with personal data of over 100 million people released on a website. Reliance Jio denied data breach, but the data was available, and Reliance later filed for a complaint for unlawful access to its system, and refused to comment on the matter.

Similarly, personal data of users of the food-delivery service were available for sale online in May 2017. Zomato immediately acknowledged the breach and updated users on the breach and what steps need to be taken.
Right To Privacy

With Right to Privacy a fundamental right now, it is believed that there will be new laws and procedures for these organizations that will define the procedure for handling sensitive personal data, steps to take in case of data breach, and the legal implications of handling the data or losing it.

AUSTRALIA

In Australia, when a customer is approached with a direct marketing offer, the customer has the right to ask and demand where the marketer got the information from. The new laws that came into effect in 2014 require companies to have their privacy policy on their websites. Customers have the right to have interactions with a commercial entity on an anonymous basis.

Australian Credit Law

In Australia, a Credit Reporting Body keeps a credit score of its citizen. This agency can be prevented from using the information it has on the customer simply by making a request. This can be done by making a request to the CRB concerned. With regard to ‘Repayment history,’ the laws clearly specify which entities can be provided the information and which cannot.

The former includes Licensed entities such as Banks and Credit Card issuers while the latter includes Telecommunications carriers, energy and water utilities, and retail companies that provide credit-based goods and services. Repayment History information must be deleted two years from the date that the credit was due to be paid.
Personal Circumstances

When a credit card user is not able to make payments due to unemployment, illness etc. the user can request for hardship assistance. This request, whether granted or not, must not be reported to the CRB. With regard to Australian rules pertaining to taxes, an entity that collects the ‘Tax File Number’ is required not to record, collect, use or hand over the TFN for any purpose other than taxation or personal assistance. Financial Institutions are required not to ask for the TFN. When an authorized entity asks for the TFN, the consumer must be informed on the reason for asking.

EUROPE

The General Data Protection Regulation (GDPR) makes EU entities accountable for their processing of data as opposed to holding individuals accountable. Previously, accountability was implicit but the GDPR makes it explicit. The Office of the European Data Protection Supervisor (EPDS) has proposed a system of mutual trust whereby innovation is empowered while there is an increased enforcement of competition, consumer protection and data protection laws. The mechanism that is proposed by the EPDS is that of Personal Information Management systems (PIMS).

Balanced Enabling

In its published September 2016 Opinion, the EPDS says that even when users are provided notices on consent, they are having less and less control over how the data might get monetized. Rather than handing over their information, consumers will be the custodians of their data through PIMS. While differing models are proposed or are being developed, the primary feature of PIMS is that data will not leave it. The PIMS can be set up on the user device itself or on the cloud by third parties.

How PIMS work ?

Algorithms might be imported into the PIMS to carry out the processing. If data leaves the PIMS, it is required to be securely transferred and even encrypted. Interactions will be carried out between machines. Some of the features include possibilities to aggregate data by third party service providers before transferring it. After users have set their privacy preferences, parties that need the data can do so in an automated manner.

Why Privacy matters ?

Without specific laws that evolve with time, the risks to privacy can be quite high and impossible to address. Every interaction that a consumer has with a commercial entity leads to the gathering and accumulation of data. Every product that a person buys online makes a footprint that might be stored and retrieved forever without exact laws.

At the same time, the ways that our lives have become enriched with the availability of free services such as email, social media and now cloud-based storage are completely transformative. To find the middle road in balancing utility and privacy is essential and the EU is showing the way. Within the E.U. the ways that government and administrative entities might cause privacy to be impaired is also a very crucial aspect of the GDPR.

Big Data Help

The need of getting deeper understanding of users brought Big Data to the forefront, which facilitated the collection of private, sensitive information on the users, and brought us to this stage where we fear for our privacy. But Big Data is also our saving grace because Big Data can help tackle the same problem it created.