As a data breach involving mobile operator 02’s customers was making headlines in the UK, a group of high ranking government officials from Europe, the U.S. and Asia met with some of Silicon Valley’s biggest companies in a Davos hotel Friday morning to talk about how to both safeguard and unlock the power of personal data.
News broke this week that people using their mobile phone on O2's mobile networks in the UK to browse websites have been inadvertently handing over their phone number to the website owner. The privacy breach meant that site owners had the possibility to collect the phone numbers of visitors and use them for telephone and SMS marketing without the phone owner's consent. O2 has since patched the problem but the incident, along with other highly publicized cases involving Sony and Epsilon, underscores why this issue is on the agenda at the World Economic Forum and will be for years to come.
Mining massive amounts of medical data – once it is stripped of personal identifiers -could help curb or even stamp out diseases that have stumped scientists for years. And there is tremendous economic value in making sense of the data slipstream that individuals generate on the Net. A 2011 report published by consultancy McKinsey says a retailer that uses big data analysis to better understand consumer behavior could expect to improve its operating margins by 60%. The nascent industry for global personal location data alone could became a $100 billion business for service providers and provide as much as $700 billion in value to consumers, according to the report.
But it is one thing to glean information about consumers’ habits to improve the design of a cellular network and quite another to release their data to third parties who want to target them with products without a consumer’s consent.
Current controls leave a lot to be desired: Companies post notices about what they will do with consumer data that require as many as 102 clicks, so most people just check yes without reading. And many companies do not take even the most basic steps to protect their servers or check that suppliers who handle data on their behalf do so.
Hence the World Economic Forum’s efforts to help governments and industry come together to make companies accountable (see Informilo story). The Friday workshop is part of a larger effort on personal data privacy spearheaded by the IT and Telecoms industries branch of the World Economic Forum.
In addition to working on rules and tools that will make industry more accountable for data breaches the Forum, with the help of the Boston Consulting Group, is trying to define shared rights and permissions for the use of personal data. It is a complex issue because when it comes to the use of personal data a lot depends on the context. There may be cases where a consumer’s data contributes to their own welfare or to the greater good and he or she should not be allowed to opt out. And, argue some, online retailers should have the right – without asking permission – to collect and store information about their customers in the same way that a bricks and mortar store makes decisions about changing its display or ordering merchandise based on duly noted customer preferences. It is only if a business intends to sell or share the consumers’ data to someone else that consumers’ should be notified and given the option to opt-in or opt-out, according to one argument.
Some companies maintain it is too simple to say that a consumer owns their own data because once it is out there it is impossible to get it back. “If we can not get the data back does it even make sense to talk about ownership?” asked one participant.
Some in the room maintained that the treatment of the data should depend on the context. Institutional data, identity data and behavioral data, such as how often someone watches TV, have different levels of sensitivity and should not be treated in the same manner.
There are technical means to tag the sensitivity of data by rank. New apps should incorporate them, according to one suggestion discussed at the early morning Davos breakfast. Participants, who included lawyers, academics and start-ups, also talked about the necessity of developing a global code of conduct.
Easier said than done. Many in the room are clearly uncomfortable with the new data protection laws being proposed in Europe (see Informilo story). But to truly unlock the potential of personal data – and not just safeguard it – global consensus will be crucial.