The Privacy Paradox in the Information Economy and the age of Digital Sovereignty

Reflections and Learnings After Collecting and Exploiting Personal Data of Millions of Users in Latin America.

Introduction

Wifers, the company I co-founded in Argentina in 2016, was the result of a process of building on previous experiences together with a unique industry context. Having previously led e-commerce and digital identity projects, it seemed clear to me that the next step would be a convergence between the digital and physical worlds. The vision was to transfer the knowledge and tools acquired by digital businesses during the boom of e-commerce a few years before to physical stores, which still represented over 90% of total commerce. By using hardware and software to collect information at the point of sale, we would be able to bridge the gap between online and offline commerce.

Initially, our focus was on generating a simple and affordable solution for small bistros to capture information from customers visiting their stores using Wi-Fi access points. In following iterations, we offered these businesses the opportunity to target and automate their customer communications, aiming to enhance customer engagement and retention. Finally, once we had a significant network of locations, we embarked on a data analysis challenge leveraging behavioral insights, customer preferences, recurrence, and walk-through metrics at the point of sale. We could even detect when a social media influencer walked in. By the beginning of 2020, our solution had been deployed in hundreds of stores across six countries in the region and our client base expanded to include pharmaceutical companies, multinational corporations and governments.

During that period, the industry underwent significant changes, including advancements in privacy and personal data protection regulations, updates in mobile operating systems and multiple devaluations of the Argentine peso. Ultimately, the pandemic forced us to stop our operations, interrupting an acquisition process with a US company that we had been negotiating with for over a year. Some of the operational and strategic decisions that left valuable lessons can be covered in another article. For now, I would like to share some insights on privacy in the information economy. The case of Wifers and other similar companies is relevant because it was enabled by three simultaneous phenomena: the privacy paradox, opacity vs. transparency and regulatory gaps.

Presenting Wifers at Start-Up Chile G21 Demo Day (Santiago de Chile, 2019)

The Privacy Paradox

In his 1944 book “The Great Transformation”, Hungarian-American economist Karl Polanyi described the commoditization of essential elements of society that propelled the rise of industrial capitalism:

• The idea of taking “human activity” outside the market, bringing it into the market, labeling it as labor and assigning it a price;
• The idea of bringing elements of “nature” such as lakes, trees, and land into the market, calling it real estate and assigning it a price;
• And the idea of “exchange”, which, subordinate to the market, has become the concept of money.

The great discovery of the 21st century is the notion that we can bring “human experiences” into the market, calling it data and then buy, sell, or create new markets for targeted advertising, personalization and profit generation. For several years now, data is the new commodity fueling the rise of surveillance capitalism, a new economic paradigm based on the intrusion into individuals’ privacy through digital technologies. The rapid and widespread adoption of these technologies and data collection practices have made it challenging for individuals to fully understand and control their privacy invasion. We can take the example of ‘Threads”, recently launched by Meta. How many users who were pulled from Instagram to this new app are aware of the amount of data it is collecting? How many are wondering why they really need all this information for an ordinary public messaging application?

The data collected by the Threads app could include your sexual orientation, race and ethnicity, biometric data, trade union membership, pregnancy status, politics and religious beliefs.

Even acknowledging this, why individuals feel compelled to trade their personal data for access to certain products and services? The privacy paradox explains this disconnect between people’s concerns about privacy and their actual behaviors, attributed to several factors: asymmetry of power (individuals feel helpless or resigned against large corporations and believe their privacy is already compromised), convenience (people will overlook privacy concerns in exchange of benefits and personalized services), lack of awareness and understanding of data collection practices, social influence and norms (observing others willingly sharing personal information without negative consequences influence them to do the same) and timing (people prioritize immediate gratification over long-term privacy considerations when making decisions).

“The sharing of personal information might be perceived as a loss of psychological ownership that threatens individual’s emotional attachment to their data.”

Back in 1944, Polanyi argued that the unrestricted marketization of key commodities can have detrimental social and environmental consequences, contending that society must establish protective measures and institutions to counterbalance the potentially harmful effects of unregulated markets. In the information economy, understanding the privacy paradox is crucial for policymakers, organizations and individuals, and it highlights the urgent need for transparent data practices, user-friendly privacy policies and improved education regarding privacy risks.

Opacity vs. Transparency

Despite having fully capitalized on the privacy paradox, we always upheld ethical practices when it came to storing, managing, and being transparent with user data policies for those connecting to our systems. Throughout my period as the company’s director, no data was compromised, sold or transferred to third parties, either directly or indirectly. I firmly believed that if we were the ones processing the information, we should be the ones capable of monetising it in the most transparent and ethical way possible.

However, increased data volume meant more value for the company, driving the constant need to find new ways of extracting information from individuals through new sources and processing techniques. In order to achieve many of our functionalities, we needed to rapidly and seamlessly collect data on millions of people, and many of these data collection techniques operated opaquely, in the background. For instance, users were often unaware that we could detect their devices in stores, even when not connected to our Wi-Fi networks or when their devices were locked, despite it being stated in our terms and conditions.

The dilemma of opacity and transparency is not new in the history of information systems but becomes particularly sensitive when a company’s existence is directly tied to the quantity and quality of the data it utilizes. Products like Threads and Wifers can take advantage of opacity to find new data collection opportunities because their business relies on it. Maintaining transparency policies requires significant effort. In the information economy, the pursuit of data as a commodity can blur ethical boundaries and lead companies to overlook this in order to maximize profits, potentially resulting in privacy violations, data misuse and other significant problems.

Regulatory Gaps

In a familiar pattern from previous experiences, we entered the market early. Not only did we secure our first sales before companies even realised they needed our technology, but we also operated silently for a significant period of time, employing a small organizational structure and employing seemingly invisible technology. This ability to remain unobserved provided us with a competitive advantage, but it was also facilitated by the context. These transactions existed in a regulatory vacuum, devoid of oversight, audits, or comprehensive protection measures.

Across the numerous locations and countries where we operated in Latin America, there existed (and still exists) no clear-cut regulatory framework that establishes the boundaries within which companies can collect and exploit personal data belonging to their customers. Our business model would have encountered very different challenges in the United States or Europe, where online privacy and personal data have been subject to legislation since 2016. Instead, we thrived for years in a green field facilitated by regulatory gaps.

The progress made in data legislation worldwide in 2021 represents a significant milestone in the ongoing fight for internet freedom and individual protection (InCountry, 2021)

Fortunately, privacy regulations are evolving slowly but surely. Leading the way is the European Union with its robust General Data Protection Regulation (GDPR), setting a high standard for data protection and inspiring other jurisdictions to update or establish their own data privacy laws. In an environment where privacy concerns are growing, the evolving landscape of privacy regulations worldwide may signify a shift towards consumer protection.

The age of digital sovereignty

Companies like Wifers were possible a few years ago, but may not be viable today. It is no coincidence that Threads has not yet been launched in Europe. The resistance against surveillance capitalism, fueled by the dominance of digital advertising giants in the Web 2 era and signed by the Facebook-Cambridge Analytica scandal, has raised awareness and sparked a strong desire among consumers and developers to challenge and weaken the data aggregation practices of corporations and governments.

More educated and privacy-conscious consumers, developers creating more transparent alternatives and regulated environments are paving the way for a transformative shift in the digital landscape. As this new paradigm takes shape, a vision is emerging for the Web 3 as a decentralized future that respects privacy, protects autonomy, and challenges power distribution. Some of this alternatives could truly disrupt the dominance of major players and restore digital sovereignty to individuals. For example, promising technologies like Self-Sovereign Identity (SSI) or decentralized identity are offering new ways to protect personal data and reshape the landscape in technical, commercial, legal, and social dimensions.

The path ahead is long, but the destination is clear. Our personal information and experiences must belong to us once again, and the internet should fulfill its promise as a tool for connection and democratization.