Who Should Regulate Privacy?
Earlier this month, I attended a conference on Household Financial Decision Making and Behaviour in Nottingham. Held between May 6-8, it was organised by the Network for Integrated Behavioural Science, a research initiative between the University of Warwick, University of Nottingham, University of East Anglia and funded by the Economic and Social Research Council (ESRC).
The conference concentrated on financial as well as consumption decisions observed in markets, with many talks devoted to the extent to which modern theories of decision-making can capture these decisions.One of the keynote addresses was delivered by George Loewenstein of Carnegie Mellon University, who is renowned for his work as a leader in behavioural economics.
Loewenstein spoke about Behavioural Economics and Privacy in the new digital economy. He referred to a series of decision-making experiments conducted by himself and his co-authors, which demonstrated how individuals recklessly endanger their own privacy by revealing sensitive information together with identifying data without considering the consequences. For example, an individual may post compromising photos on Facebook, not thinking that her employer may be regularly monitoring employeesâ€™ accounts on social media portals. Loewenstein concluded that individuals generally could not be trusted with their own privacy and that the government should step in and regulate privacy issues relating to online behaviour. In particular, he suggested that a set of rules should be developed for social media service providers such as Facebook, Twitter, YouTube, Google+, etc. to ensure their customersâ€™ security.
While the issue of privacy and cyber security of social media is very topical, I am not convinced that governmental regulation can provide a cure. We already see interesting trends which suggest that consumers are becoming more and more aware of such privacy issues, and they choose services with transparent protocols. For example, the user base of Facebook is aging, with younger people switching to services like Twitter and Instagram.
In my opinion, this not only reflects the fact that kids do not want to be present on networks used by their parents but also shows that consumers of the future prefer social media portals where they can show the world what they see (Instagram) rather than letting the world see them (Facebook). My sister, who is 7 years my junior, for example, explains that she would rather use Instagram where everyone can see everyone else rather than use Facebook where even after setting the highest access restrictions, your information can go viral should your closest Facebook friends decide to tag your private information.
There is no doubt that, considering the modern business models which exist in the markets for information, private companies may fail miserably in protecting customer privacy. The brightest example in the last few weeks is the case of Snapchat deceiving their users into believing that the information they exchanged via the Snapchat services was almost instantly deleted.
Yet, there is no guarantee that the government can do a better job! For example, the UK government has traded school data, NHS data and even taxpayer data with private companies, sparking debates about the effectiveness of any type of governmental regulation of information storage and transfers.
I believe that our understanding of privacy and cyber security will undergo serious transformation in the next few years, with new business models being developed around markets for information. This is a particular issue that we are also looking at in the HAT project.
However – and I might be alone on this — if given a choice between deciding for myself what information to share in a free market or engaging in information exchange in a market where government acts as some sort of Big Brother, I would choose self-regulated markets every time!
Note: This blogpost originally appeared on the BIG BlogÂ Â
HAT as your Digital Data Vault
The HAT is unique as it givesÂ an opportunity for individuals to create a repository of our own data, generated by us and owned by us i.e. primary data and not secondary data collected by firms such as supermarkets, banks or search engines.
Many digital services currently on websites, hubs and smartphones collect our data but often do not give us access to it. Sometimes, firms abuse the trust and by selling it on. Often, they develop sophisticated algorithms (think â€˜big dataâ€™) using our aggregated data to sell on to others for marketing purposes and think its ok just because it is anonymised. The HAT is a unique proposition as it creates a repository of data about us, generated by us and owned by us so that we can apply our own data onto new services and offerings. Any business that wishes to provide us with a service through the HAT must conform to the HAT-certified infrastructure requirements and they do not have the right to access our data for any other purpose except providing it back to us as a service (often with other related data), and they cannot have access to it for other purposes unless we expressly give them permission to do so (which we may, if we get benefit in return).
There is a logic to this. By letting individuals own our own data which we generate about ourselves, we generate real data about ourselves (and not someone doing smart algorithms about the data trying to guess about us). We are free to integrate the data with our own context (if we are given the tools to do so) which could spur the demand for services and connected objects that help us in our lives (think of the iPhone app store). Current privacy laws do not allow industries to share data, which means all data become vertically silo-ed and because they canâ€™t be shared, new services across industry verticals cannot flourish. By creating a HAT owned by us and putting the data generated by us into the HAT, integration across our vertical industries (in terms of the way we consume and experience products and services) become possible, making data become more valuable for us to be traded back with industry. The value of such a data that embeds context as well as across industries, can be our digital commodity to be exchanged with industry for services to serve us as individuals.
The technology behind the HAT is no small beer either – developed over the past few years, check out the personal container research at Horizon hubÂ for our privacy-preserving technology (we can’t claim to be privacy-preserving if we haven’t got the technology for it, can we?)