Today when we access data online, web sites capture “big data”, often supplemented by 3rd party profiling data.
In this post I’m looking at how our data is shared, with whom and the accuracy of the data. With the upcoming EU General Data Protection Regulation this is an interesting subject.
In order to get a “single customer view”, merchants purchase data from companies such as Facebook, Acorn, and a range of other sources. This data identifies what products/brands we tend to buy, how much we spend annually, and a whole range of data which merchants can use to learn about our behavior. This made me consider the accuracy of this data and whether or not we want our data shared by default.
In a world where a range of companies are collecting data only when we access their system, they have an incomplete picture.
Data is valuable and often it’s personal, you could learn quite a lot about me if you had all my data, what controls should be in place? and how can I review it?
How can I ensure that the people using my data have a true picture of my data? Why do I need to tell every site I visit, my preferences. Do I need to tell every airline I prefer a window seat, that if I’m travelling with my kids that I prefer connecting rooms or suites. Or if I’m travelling for just me that I’d like a double bed, and not a single.
Should they know information about me that I don’t know?
How could this data be controlled?
I think its fair to assume that commercial companies collect data and share/sell data for commercial gain. But who should own the data ? Should it be corporates or individuals?
The idea of an individual (OS) holding data came up in a recent film. In the film Her, the main character Theodore starts interacting with his OS and shares his life with his OS. His OS learns about him and opens him up to do new things.
For personalisation to be truly personal we need to know as much data as possible without the consumer being asked every time.
Here’s some approaches on how this may be possible;
Lets assume that in the near future we each have a personal AI, this may be on our phones, or on our personal cloud desktop.
My AI would be aware of all our interactions, it would be similar to that of a best friend or personal assistant. It would know lots about me, what I like, don’t like, how much I spend etc, but this would be kept in trust between us – my best friend wouldn’t sell my information without my consent and if they did they probably wouldn’t be my friend or anyone else’s.
In the film I like the personal relationship that Theodore builds with his AI (Samantha), and I do think this has some real potential for applications of the future.
What if the site I’m using, could ask my personal AI for information? subject to knowing the type or level of question (or sensitivity) I could permit it being answered on my behalf? An intermediate broker?
“Hi James’s AI, what size t-shirt does James wear?”
“Hi, Does James prefer a window seat or aisle?”
“Where does James prefer to sit? front or back of the plane?”
“What type of accommodation does James prefer, when he’s travelling by himself?”
“Is James looking for budget, mid, or luxury brands?”
Being a neutral environment where the data is private and no commercial owner has some potential, but the data would be fragmented across a number of devices, and the responsibility of the user vs the merchant, so regulation and compliance may be difficult.
A Personalised data agency
In the UK merchants offering credit share data with two main credit agencies, Equifax or Experian. Any company wanting to check someone’s credit status are able to access this data from these parties.
I could see that a central neutral company could be created which held private preferences, and hold the complete picture, shared by those who permit it.
The concept of a virtual me (AI) which can take questions is an interesting concept, however one that will require some complex data protection requirements before it can mature into a mainstream product/service.
My Data and GDPR
General Data Protection Regulation (GDPR) is a new EU Regulation which comes into effect on May 25, 2018. The primary objectives of GDPR is to give control back to users over their personal data and to simplify the regulatory requirements. This will force a change in a number of companies data policies especially with requirements such as Privacy by Default.
A lot of companies use personalised data to target customers more effectively. In addition there are a number of companies who’s entire service relies on the income generated by selling data.
I suspect when GDPR comes into force, users of social networks (or any other free service which relies on data) will encourage the sharing of data in exchange for using these platforms without users really reading the change in terms. (the desire to use the platform will be greater than the cost of sharing the data or reading new terms)
GDPR is a good step in granting control to users. The concepts above are interesting and could develop into something, but it will be some time before we can fully control our data in a way which gives boundaries to the data shared and is 100% accurate.