The Limits of Privacy in a Big Data World

Stephen DeAngelis

December 14, 2017

Most people understand their connected lives are generating data that is being stored, analyzed, and used by all sorts of organizations. They also understand they are giving up some privacy when using connected devices or surfing the web. As digital natives, millennials are particularly aware of the relationship between connectivity and privacy. Because members of Generation Y are digital natives (i.e., they have grown up using digital devices), they believe they understand what data is being collected from their devices. Analysts from Telefónica note, “The Millennial generation is happy to embrace the concept of Big Data — with three quarters saying they fully understand the types of information and data that companies collect and share about them.”[1] Having said that, new research from Princeton University may shatter the perception that people fully understand what data is being collected and shared. Louise Matsakis (@lmatsakis) reports, “Research from Princeton University … indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled ‘No Boundaries,’ three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server.”[2] With these new revelations, everyone should finally realize the presumption of privacy is no longer the rule of the day. Matsakis explains:

“Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers’ findings. If you accidentally paste something into a form that was copied to your clipboard, it’s also recorded. Facebook users were outraged in 2013 when it was discovered that the social network was doing something similar with status updates — it recorded what users they typed, even if they never ended up posting it. These scripts, or bits of code that websites run, are called ‘session replay’ scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don’t just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don’t run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions.”

Revelations like these are eroding what little trust people have in large organizations. A survey conducted in the United Kingdom found, “Almost half (49 per cent) of UK consumers say that they don’t believe that businesses care about their digital privacy — and half claim not to trust anyone with protecting their personal information.”[3] It appears those feelings are well justified.

Rising Privacy Concerns are not Good for Business

One of the most obvious backlash reactions to a lackadaisical attitude toward privacy was enactment of Europe’s General Data Protection Regulation (GDPR). Tom Allen reports, “Companies are still not fully ready for the GDPR (38 per cent of UK companies didn’t think that they would be compliant by March 2018), and with the potential for consumer legal action, as well as heavy fines, they are justifiably concerned.”[4] A global survey on the GDPR found, “Only 6% of respondents feel their organizations are compliant with GDPR requirements, and most are concerned about their organization’s poor data disposal practices and inability to demonstrate compliance.”[5] Onerous privacy protections are likely to spread as more data breaches are reported (Equifax and Uber being two of the most notorious in recent months).

Benjamin Wittes and Emma Kohse observe, “The contemporary debate about the effects of new technology on individual privacy centers on the idea that privacy is an eroding value. The erosion is ongoing and takes place because of the government and big corporations that collect data on us all: In the consumer space, technology and the companies that create it erode privacy, as consumers trade away their solitude either unknowingly or in exchange for convenience and efficiency.”[6] The backlash comes when consumers discover their private data has be hacked by nefarious individuals. Suddenly convenience and efficiency don’t look like such a bargain. The hit to a company’s reputation can be severe.

Protecting Privacy as Competitive Advantage

Rana Foroohar (@RanaForoohar) notes, “In the 21st century digital economy, personal data has become the most valuable resource for nearly every business.”[7] It’s strange, therefore, companies have been lax or abusive (or both) when it comes to collecting, analyzing, and protecting that resource. Foroohar believes companies proving themselves to be good stewards of personal data will gain a competitive edge in the years ahead. She explains, “Technology companies that mine [personal data] may soon have to define whether they are data peddlers or data stewards. Are they tracking us and selling our personal information to the highest bidder, as both Google and Facebook do? Or do they have a different business model, one in which data can be monetized in a way that leaves them less open to public criticism and the possibility of increased regulation? … The clear and very interesting message is that in a world in which companies have more personal information about us than ever before, and hold data that can be used in myriad nefarious ways (à la the Russia-Facebook scandal), privacy has become a competitive advantage.”

Summary

Whether companies like it or not, protecting personal data is going to be a continuous struggle in the years ahead. Pundits have noted that banks have had to contend with bank robbers since first opening their doors. They say the same holds true for companies who hold personal data as an asset — hackers are going to continue to try and steal that data. Organizations that prove themselves to be the best stewards of personal data are likely to be rewarded for their efforts in the years ahead.

Footnotes
[1] Telefónica Staff, “Millennials Get Big Data: Survey,” Light Reading, 15 October 2014.
[2] Louise Matsakis, “Over 400 of the World’s Most Popular Websites Record Your Every Keystroke, Princeton Researchers Find,” Motherboard, 20 November 2017.
[3] Tom Allen, “Half of consumers think that organisations don’t care about their privacy,” Computing, 16 November 2017.
[4] Ibid.
[5] Elliot M. Kass, “Most companies ill-prepared for EU data protection requirements,” Information Management, 10 November 2017.
[6] Benjamin Wittes and Emma Kohse, “Empirical data on the privacy paradox,” Brookings Institution, 17 January 2017.
[7] Rana Foroohar, “Privacy is a competitive advantage,” Financial Times, 15 October 2017.