Don’t give away your data. A few strategies to be in control of your privacy and data.

You have something every business and organization wants: your personal data. The most powerful companies are no longer oil companies, they’re data companies. Most of the important decisions that we make as a society are ultimately based on what we understand about individuals and populations. It is that data that helps determine what products to build, how much to charge for them, which health policies to pursue, which election promises to make, and so much more. We at Measure believe that access to person-based data is good for society and should be pursued. However, it should not come at the cost of an individual’s right to privacy.

Until recently, this has been a difficult balance to strike and consumers have largely been powerless. This, however, is changing — privacy regulations of various types are moving through legislatures across the globe, businesses are increasingly touting privacy features as a competitive advantage, and consumers are beginning to comprehend what it means to have data sovereignty. Tim Cook, CEO of Apple, took it as far as to say that “privacy is a fundamental human right”.

So what does this mean for the average consumer? What can or should they be doing?

These are some of the questions we tackle at Measure. While some of these concepts are relatively new and perhaps non-intuitive, they become increasingly important as more parts of our lives — education, career, relationships — become inescapably data-driven. Consumers need to develop tactics to ensure their data, and their livelihood, is protected.

Let’s start by defining personal data. According to the GDPR, personal data is:

“any information relating to an identified or identifiable natural person”

This definition is relatively broad but it is so by design. This can include your health data, purchase history, purchase preferences, opinions, location, browsing history, and even your favourite colour. Both how this data is collected, and the context within which it is collected, is important. Consent must be freely given, it must be specific, informed, and an unambiguous indication of the data subject’s wishes.

During his keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC), Tim Cook argued for the prioritization of four things:

1. Data minimization — “the right to have personal data minimized”

This is to say that by default we should minimize the amount of data we collect, or don’t collect it at all. In an era of big data, many have been led to believe that we should collect anything and everything and let the algorithms work out what’s important. That may not be the case and businesses should rethink what data they really need to function, where it benefits the consumer and collect only what’s needed.

2. Transparency — “the right to knowledge”

For data that is being collected, users should know what it is being collected for. Declaration, intention, and consent are critical components for consumers or as Tim Cook stated, “this is the only way to empower users to decide what collection is legitimate and what isn’t”.

3. Access to data — “the right to access”

In an ecosystem where consumers have ownership of their data, even when in possession by a third party company, it should be made easy for users to access and get a copy of the data, an explanation of what and how it is being used, and an opportunity to update, correct, or delete their personal data.

4. Security — “the right to security”

Tim Cook states that “security is foundational to trust and all other privacy rights”.

With these concepts in mind, what does this mean for the average consumer, and what can the consumer do to protect themselves and their data?

  • The first step is awareness. Consumers (along with companies or collectors of data) can start by taking an audit of platforms and systems that collect their (or their customers’) data.

  • Secondly, where in doubt or of interest, consumers can act upon their right to request from companies what data they have collected, what they are doing with it, and how it is being processed. Yes, you can request Facebook provide this data.

  • Third, be diligent with security — passwords, logins, and other gateways that may provide access to data. I won’t get into the basics of password and security maintenance here but many consumers are simply too quick to log in via their favourite social network.

  • Fourthly, be skeptical about ‘free’. We’ve become accustomed to content accessed online being free. It’s been said many times that if the service is free, you are the product. This is not to say that there isn’t value in free services, the point is to be aware and understand and be realistic what the value proposition is and what is being offered to access the ‘free’ service or product.

  • Fifth, and finally, while there are still very few identity, data protection, and data monetization tools available to consumers today, we expect this to change dramatically in the near future. With the shift of data control to consumers, it is also reasonable to expect a corresponding shift of compensation for data usage to the consumer to follow.

At Measure, we’re working hard to build a data ecosystem founded on these principles — privacy, security, and data ownership should be baked into the core design and not simply be treated as features. As part of the release of our consumer app (coming in early 2019), we’re attempting to address some of the long-standing issues of data quality and trust within one of the largest users of person-based data: market research. Data quality is a function of transparency, accountability, trust, privacy, rightful ownership, and fair compensation. By leveraging blockchain, cryptography, and consumer-centric design principles, we can go a long way to improve some of the challenges faced by this industry and help put consumers in control of their data.

Fundamentally, if consumers can take control of their data, it should provide new opportunities for consumers to monetize, or at least ensure companies have accountability for the utilization of their personal data. It is our belief at Measure that society as a whole can benefit from the sharing and utilization of data, but that consumers should maintain sovereignty over it.

As originally posted on Medium