Data, Privacy and Power

If we can all agree on who owns which data, maybe we can all be happy — government, corporations, and private citizens.

Photo by Matthew Henry on Unsplash

I’ve worked with data professionally for over 20 years in a number of different forms: pharma, online and mobile gaming, and TV viewing measurement. It’s treated differently everywhere, subject to a few federal and international laws. In the main, however, companies generally follow the rule that they can do whatever they want with the data so long that it doesn’t conflict with any laws. There usually isn’t any moral restriction if governments don’t first say “that can’t be done”.

The almighty dollar rules.

There are really two primary types of restrictions: those preventing collection of certain data from children (usually meaning those under 13 years old), and those that prevent any third party companies from being able to match personally-identifying information (PII) to the data collected from those individuals.

Companies spend a lot of money and time doing whatever they can with our data without stepping on these requirements.

With the recent Facebook and Cambridge Analytica data “scandal”, the question of who really should control where our data goes has become a topic of household discussion.

Facebook and social media in general has become an integral part in the lives of a large percentage of the world’s population since the early 2000’s. In order to reach the heights of billions of users, though, such services need to be free and open to as many people — “users” — as possible. But any service can never be truly free. Someone, somewhere, has to pay for it. In the case of social media, that someone is advertisers. And in order to advertise more effectively, brands and agencies want to know as much as they can about the users of a particular social media service so that their spends can be targeted to the right users.

Welcome to Pandora’s Box for the 21st century.

As far as who owns what goes, most organizations view the data that a customer or user generates directly through the use or purchase of their product as belonging to the organization. For example: In pharmaceuticals and medical device, a company has a record of from whom, how much, and when their products are purchased. They don’t deal directly with consumers/patients, though. In their case, the medical establishment is the middleman. Doctors and hospitals are the link that ties products to patients.

How the video game industry utilizes data, however, is very similar to social media. Data in games is all about marketing and monetization: being able to categorize your users and customers in order to better target them for promotions and new product offerings. Video game developers and publishers collect huge troves of information relating to a user’s behavior, including every conceivable data point on what they do while playing a game and also how they interact with web and marketing pages. Whatever a user does while interacting with a gaming product is used to fill an endless reservoir of knowledge that is drawn on to continue improving a game’s KPIs. This data is all treated as property of the game company, and a user essentially agrees to this when registering to play the product via the company’s terms & conditions boilerplate.

When it comes to television advertising, the data used by advertisers is anonymized after a process in which the viewing events of a certain household are matched with demographic data from various sources (like the U.S. Census). No third party ever knows exactly who anyone is (names, addresses, etc.), but the advertisers can see how many households, and in what general area, watch X program for X times and when.

And then there is the whole data space surrounding the Internet of Things (IoT), in which a household is the nexus for a bevy of many connected devices, each of which reports its usage data back to whatever company created and sold it.

We live in a web of information being relayed at dizzying speeds on a nonstop basis.

Only we aren’t the spider in this web. So that leaves one other option, right? We must be the trapped prey.

It’s a spooky metaphor, but sadly, apt in more ways than one. Every one of us, no matter what class we belong to, generates dozens, hundreds, and even thousands of data points every day which are stored in databases and will be called on at some point for analysis or pulled to generate a list that will ultimately feed back into the system and somehow affect our lives. A specific advertisement will be displayed to use via our smartphone, laptop or TV monitor, or we will get some more junk mail delivered to our home or inbox, or be annoyed by a robocall during dinner.

The effects aren’t all negative. The immense power of collected, monitored and collated data helps us find good deals and interest rates, and drives improvements in medical care and road safety. And data as a commodity is a driver of commerce that pushes companies in endeavors that launch satellites with the goal of helping the whole world become connected to wifi, which will ultimately further education and employment opportunities.

I think it’s fair if an organization uses data collected from its own users or customers strictly for improving on their products/services for those users and customers.

Where our data goes outside of an organization that collects it should be controlled by us. We need to be able to opt out of any and all data sharing.

And what our data is used for, by the organizations that collect it, should be revealed fully and completely to us, and we should be able to opt out of it.

Data that is about us — data that we bring with us before signing up for any new product or service — should always remain ours. That includes all of our demographic and PII data. Even if an organization requires us to sign up with our real name, address, phone number, and anything else, those bits of info should never be utilized by the organization for any reason without first obtaining our express permission.

Unfortunately, not every organization and company around the world believes in the sanctity of personal data, nor are they all held to the same standards or laws. This will never be the case, so our own data safety rests on our shoulders.

It all begins at home, when our children reach the age to independently use electronic devices. We need to inform and teach them what to watch out for and how to protect their privacy and data security.

For the everyday citizen and scrupulous companies, vigilance is the best protection.

Thank you for reading and sharing.