How does GDPR enable data democracy?

One year into existence, it’s clear that GDPR fundamentally changes how business can be carried out going forward. It also has a long lasting impact on democracy, which is addressed in this article, written together with iGrant.io CTO Mr. Lal Chandran.

The trust journey

In 1863 Abraham Lincoln declared in his Gettysburg address that ‘Government of the people, by the people, for the people shall not perish from this earth’. 150 years later, we still subscribe to Lincoln’s proposition which acts as the bedrock of the modern definition of democracy.

If you live in the green countries of the world (according to the democracy index [Figure below]), this definition of a democracy has been distilled into two basic principles 1) the majority rule and 2) protecting the rights of individuals.

Source: The Economist, Democracy Index 2018

Democracy as a concept may not have undergone a dramatic change over the years, but society has. The question is, what happens when the principles of democracy are exposed to a digital society and the Internet?

Let’s look at the first principle of democracy — the majority rule. Thirty years ago, pre-Internet, the way we informed ourselves about public affairs was through the morning paper and the evening news. Now there is a constant stream of mobile alerts, sometimes based on facts, sometimes not. Political debates went from in-person monologues broadcasted to everyone, at the same time via radio or TV, to pseudonymous posts in social media, sometimes based on facts, sometimes not. So when it comes to this principle, yes, the majority party may be in power, but with fake news and misinformation increasingly becoming the new Internet reality, can you be certain that the majority in power was really democratically-elected?

We all woke up and smelled the coffee when it was revealed that Russian hackers had interfered with the US 2016 Presidential election. Over 80,000 fake posts were published on Facebook and viewed by up to 126 million people.

Later it was also revealed that Facebook had exposed data on more than 80 million users (without their consent) to the political research firm Cambridge Analytica, who used micro-targeting to have macro effect. The UK Information Commissioner’s imposition of a £500,000 fine on Facebook for breaching data laws indicates how seriously governments are belatedly taking the potential threat to democracy. Although it is highly questionable as to whether half a million pounds, for a tech giant like Facebook, is enough for flagrantly undermining the course of a democratic election. The way that Facebook permitted its platform to be exploited to influence US voters is part of a phenomenon that should concern everyone who supports free and fair elections.

The jury is still out as to whether Cambridge Analytica actually impacted the outcome of the presidential election, but when it comes to the impact that this misuse has had on the principles of democracy, it is clear: it has forever put a dent in citizens’ trust in the democratic process and consumers’ trust in the use of their data by parties known and unknown to them.

The second principle of democracy is about protecting the rights of individuals. In the digital economy, the right to control how, where, when and by whom your personal data is used becomes as fundamental as any other human right. It was therefore quite surprising that 75% of the respondents, in a recent study by the Boston Consulting Group, said that they did not trust organisations to use their personal data in a proper way.

The trust deficit: How did this happen?

The lack of trust between people and organisations becomes particularly troublesome if people start to act on it. Personal data is the fuel on which the digital economy is running: when people opt-out from sharing their data, the digital economy inevitably suffers.

Our society is at a crucial juncture where trust and confidence in the integrity of our democratic processes is at risk. In order to understand how this trust deficit happened, we need to look at the way the Internet has evolved over the last 25 years.

During its early years, organisations used the Web only to showcase their products and service offerings. The Web was then a passive, uni-directional broadcasting system with little interaction with users. Later, with Web 2.0, it evolved into a bi-directional communication channel, where users could interact with organisations dynamically. This is when we saw the emergence of digitised companies using data as their fundamental currency. The result is businesses like eBay, Airbnb, Amazon and others. These companies use user profiling to give advanced services to their customers based on their behaviour, their location, personal choices and preferences; for example, “If you buy this, you might want to buy this as well”. This marks the beginning of analytics in business.

A major disruption to business fundamentals came with the rise of companies that realised the power of personal data. They adopted advanced algorithms to analyse anything and everything about you to further influence your buying decisions. In fact, some algorithms are so powerful that they know more about you than you do yourself! Companies like Google, Facebook etc. traded personal data with others, adopting a new business model based on “data monetisation”. Users consumed the “services” under the impression that it was free. In this case, users still were in charge to a certain extent; they could simply opt out of using these services should they not be content with what they were getting for free. But they rarely did and rarely do.

Then the negative use cases began to emerge whereby user data was sold to third party businesses without the knowledge of the user, often resulting in unsolicited calls, spam and emails. Things then got even murkier with fake news and all kinds of personalisation, purposefully manipulating and misleading an entire society. Personal data continues to be misused and that is how we have ended up with the lack of trust in the digital economy.

Addressing trust challenges in a data economy

One way to restore trust in the digital economy is to create a “trust triad” where users, organisations and regulators play an active role in restoring trust.

Role of the government in the trust triad: In this, the fundamental duty of a government is to empower citizens and enforce legislation. Although privacy is among the oldest constitutional rights for citizens in many countries, until recently it lacked co-ordinated cross-border legislative support. With the introduction of the GDPR in the EU, the situation changed for the better. Similar legislation is now shaping up in California, Brazil, India, Singapore and Canada.

Under the GDPR, organisations have an obligation to demonstrate what personal data they collect and process. Failing to do so may result in severe penalties.

Role of the organisations in the trust triad: While regulations are great from a citizen’s standpoint, it is often seen to limit the development of an effective digital economy. According to the regulations, organisations are now restricted to only collect and process data that is relevant to their business. This means that in order for them to provide enriched services to their users, they now have to be creative in leveraging data outside their organisational borders.

The main role of an organisation is to: 1) be compliant to the regulation and 2) provide adequate transparency on how personal data is used.

Compliance to data regulation is more than just trying to avoid penalties, in fact it’s only a hygiene factor. Organisations that embrace the privacy legislation and use it as a means to improve the entire customer journey, will be the winners in the long term. Being compliant to regulations and transparent with how personal data is being used creates a trusted relationship with the consumer.

For organisations, data regulation should not just be a legislative burden, there is also money to be made. If done right, an organisation can be compliant in a cost effective manner and can turn the personal data asset opportunity into new services that generate new revenue streams.

Role of the people in the trust triad: The day that the GDPR came into force is one that citizens of the European Union will appreciate for a long time. As the deadline approached, it gradually dawned on many organisations that they had to do at least the bare minimum of what was mandated or they were at risk of incurring heavy fines potentially amounting to millions of euros. Most of them resorted to sending out just one email to ensure compliance. For the individual, multiply that one email by the hundreds of companies they received such an email and it’s no surprise that individuals who’d previously never heard of the GDPR were soon overwhelmed and began to suffer from GDPR fatigue; and for that there is no cure.

One year after the GDPR was introduced, people have begun to refer to it as the next generation of human rights. The GDPR outlines all your rights as a so-called data subject: for example, your rights to access information, to rectification, to be forgotten etc. But it is not enough for you to know your rights, you also have to exercise your rights — be accountable.

How to enable organisations and empower people to share data?

At iGrant.io we believe that when organisations become transparent about their use of personal data and when people are empowered to make their preferences known, then and only then can the trust needed for people to say ‘yes’ to sharing their data be restored. One way to achieve this is where every organisation builds their own personal data or preference systems.

With any technology, there is no guarantee it will be used for the right thing, all the time. Effective tooling is needed whereby regulators can ensure compliance, organisations can be transparent and people can be accountable! The right tooling can remove the fundamental causes of misuse. There are several ways that this can be built and all organisations can build their own.

Democracy in a digital age is where organisations are transparent about their use of data and people are empowered in making their preferences known. iGrant.io is a humble effort to create the right tooling that will help to build a stronger democracy, a democracy fit for the digital age.

During Lincoln’s address on the battlefield near Gettysburg towards the end of the terrible civil war, he mused that, ‘The world will little note, nor long remember what we say here, but it can never forget what they did here.’ In this respect, he was clearly mistaken and it behooves our generation to make sure that it remains that way.