Big Data, meet Big Privacy

Look up “big data” (with the quotes) today on Google, and you’ll results that look like this:

Basically, a heap of hype. The only visible organic search results are a Wikipedia article and the a May 2011 report that McKinsey wrote for corporate customers. I am sure some of those same customers are among the advertisers hogging acreage in search results.

Whenever you see a money river that gets bigger and bigger while flowing in a circle, you’ve looking at a mania. That’s what we see here, and in Google Trends as well:

Big Data today is entirely an obsession of the B2B (Business to Business) world. It may fuel B2C (Business to Consumer); but the consumer does not participate except as a source of data and as a target for marketing messages guided by Big Data analytics. So, while we get to witness the Big Data mania as individuals, we don’t participate in it.

But we will.

Think about computing before it got personal around the turn of the ’80s. Before then, “personal computer” was an oxymoron. But eventually computers became something everybody had. Today our phones are computers. The same thing happened with networking. Before the Internet got huge in the mid-’90s, networking was something companies and governments did.  Today computing and networking are fully personal as well as fully corporate. And far more value is generated by people computing and networking than by companies doing it only with themselves and each other.

It’s a good bet that Big Data will follow the same path. Individuals will be able to do far more with data of all sizes than would ever be possible in the B2B world alone.

Meanwhile, the B2B appetite for “big data,” and eagerness to use it to market at us, has raised privacy as an issue. Back in the pre-Internet world, privacy wasn’t very controversial. We all knew what it was, and how to protect it most of the time. In the new digital world, we don’t, except through relatively primitive means, such as ad and tracking blocking. In The Rise of Ad Blocking, published in August 2013, PageFair found an average ad blocking rate of 22.7%. On some browsers it’s much higher:

This is the market speaking.

So is Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design, a paper published today by Ann Cavoukian, Ph.D. and Drummond Reed. Ann is the Information & Privacy Commissioner for Ontario, Canada, and Drummond is Co-Founder and CEO of Respect Network. Ann is also behind Privacy By Design, which “advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization’s default mode of operation.”

Both Ann and Drummond are coming from the customer side of the C2B relationship. In other words, they are coming from the need for VRM ways to solve market problems and open up new opportunities. It also goes straight after “big data”:

Recent technological and business developments have given rise to a new understanding of personal information. It is now being compared to currency and energy1—often being referred to as “the new oil.” It is an economic asset generated by the identities and behaviors of individuals and their technological surrogates. These metaphors, which express its increasing economic value to organizations, ring especially true in the case of Big Data. Indeed, Big Data derives economic value from its use of personal information to such an extent that if personal information is considered to be “the new oil,” then Big Data is the machinery that runs on it.

However, like our current dependence on fossil fuels, Big Data’s current use of personal information is unsustainable, increasingly resulting in “pollution” via privacy infringement. At the moment, individuals have little, if any, control over their information’s use and disclosure in Big Data analytics. In addition to a host of privacy concerns, this lack of informational self-determination gives rise to an uneven exchange of the economic value. While the owners of Big Data algorithms profit from their use and disclosure of personal information, the individuals the personal information relates to do not—at least not directly. If not properly addressed, the privacy and economic concerns raised by Big Data threaten to decrease individuals’ willingness to share their personal information—in effect, cutting off the flow of the “oil” on which the analytic “machinery” of Big Data runs.

The report describes the Personal Data Ecosystem (PDE) as “the emerging landscape of companies and organizations that believe individuals should be in control of their personal information and directly benefit from its use, making available a growing number of tools and technologies to enable such control,” adding (in boldface type), “So if privacy infringement is the negative externality that Big Data frequently ignores, the PDE is the emerging positive externality that can turn the combination into a positive-sum outcome where both data subjects and Big Data users benefit.
The paper defines Big Privacy this way:

Big Privacy is Privacy by Design writ large, i.e., it is the application of the 7 principles of Privacy by Design, not only to individual organizations, applications, or contexts, but to entire networks, value chains, and ecosystems, especially those that produce and use Big Data. The goal of Big Privacy is the systemic protection of personal data and radical personal control over how it is collected and used. Radical control is an embodiment of “informational self- determination”—the right enshrined in the German Constitution relating to the individual’s ability to determine the fate of one’s information.12 This means that it must be possible to assure whole populations that their privacy is being respected because the network, value chain, and/or ecosystem producing and processing Big Data has implemented Privacy by Design at a system-wide level, enabling individuals who consent to the use of their personal information to reap a proportion of the benefits. 

The paper goes on to detail seven architectural elements of Big Privacy:

  1. Personal Clouds
  2. Semantic Data Interchange
  3. Trust Frameworks
  4. Identity and Data Portability
  5. Data-By-Reference (or Subscription)
  6. Accountable Pseudonyms
  7. Contractual Data Anonymization

These in turn leverage the  “Seven Foundational Principles of Privacy by Design”:

  1. Proactive not Reactive; Preventative not Remedial
  2. Privacy as the Default Setting
  3. Privacy Embedded into Design
  4. Full Functionality – Positive-Sum, not Zero-Sum
  5. End-to-End Security – Full Lifecycle Protection
  6. Visibility and Transparency – Keep it Open
  7. Respect for User Privacy – Keep it User-Centric

ProjectVRM gets a mention. I’d also like to add a pointer to the Personal Data Ecosystem Consortium, which has done pioneering work in the PDI, and whose work pulls toward the future alongside ours here.

The paper also does the best job I’ve seen yet of explaining the Respect Trust Framework and XDI, both of which normally require a lot of mental chewing to get down. They still do; just less this time.

I’ve always thought that XDI was a brilliant and elegant solution looking for a problem. I still do. The difference now is that it’s found the right one.

5 Comments

  1. “The paper also does the best job I’ve seen yet of explaining the Respect Trust Framework and XDI, both of which normally require a lot of mental chewing to get down.”

    thanks for sharing!

  2. A small rejoinder to this, we did some research in the UK asking online panelists if they had taken steps to block online advertising – we found 38% claimed to have done so. Maybe some over-claim and a slightly biased sample but sobering nevertheless

  3. Thanks, Colin.

    I think the numbers will be sobering to some and encouraging to others. Either way, the market speaks, and when that happens, opportunity follows.

  4. Big Data comes from the mind set made popular by the pseudo science of economics. Economists believe that the economy works like a planetary system and that it can be understood through Big Data (ie. lots of statistics that are used in a vain attempt to validate their models!). Big Data believes in automatons who – if we know everything about them – will act in predictable ways – and hence be able to be manipulated. Privacy by design is based on the principles of self organising systems who work together to achieve their goals through cooperation not coercion.

Comments are closed.

© 2014 ProjectVRM

Theme by Anders NorenUp ↑