Posted on: Monday 5th of May 2014
With pending EU legislation focusing minds, big questions are now being asked about what rules and safeguards should apply to organisations collecting and using personal data. Many competing models are being proposed. Should rules, permissions etc focus on the data that’s being collected? Should they focus on the context in which it is collected? Or the purpose for which it is used?
How should consent work? Is it OK to have implied consent in some circumstances? If so, which circumstances? Or should it always be active, explicit consent? In which case, how to avoid things like ‘click fatigue’ where it feels like we’re being asked to give consent every second of our lives, for almost everything we do?
There are some simple (but, for some, unpalatable) ways through this maze. The need for consent evaporates if the organisation restricts its use of the data to specified legitimate business purpose – like asking for your address to deliver a parcel. If that’s all the organisation is going to do with the data, consumers/citizens can feel comfortable sharing it.
It’s possible to streamline consent and permissions via standard information sharing agreements. Sticky policies which travel around with the data and which apply to multiple different situations and relationships with the same underlying characteristics, can help in monitoring and enforcement. Trust frameworks can create, monitor and enforce the implementation of information sharing agreements.
Missing the point?
All of these solutions are now being actively worked on. Even so, there is a sense in which the entire debate misses the point. A problem exists with personal data because of current mindsets and assumptions around its uses and its value. Over the last decade or so, a monoculture has grown up especially on the internet. Personal data is immensely valuable, so this monoculture goes, but its immensely valuable for one reason only: the way it can inform and drive better targeting for advertising.
This one trick pony mindset is the source of many of today’s problems. It’s why the privacy debate is now so intense. To achieve better targeting you are positively incentivised to gather more data, and that increases your chances of invading individuals’ privacy. And, because most people don’t think most advertising is valuable anyway, they can’t see the benefits of this data use. Both trust and value are put at risk.
An alternative angle
Personal data management and information management services transform the debate by shifting the focus to the utility of data to the individual, to gain new insights, to make better decisions, manage their lives better, and so on.
By making individuals the point of integration for their own data, and giving them more control over the sharing and use of their data, PIMS don’t change the rules surrounding the collection and use of data – they change the commercial incentives.
Incentives vs rules
In a world in which, on the one hand, individuals have the ability to ‘go dark’ on organisations they don’t trust, and on the other hand, have the ability to share data that’s much richer and more accurate than currently available, the incentives for today’s data landgrab are turned on their heads. In a PIMS-driven world organisations have much greater incentives to work with individuals to create new types of value in an environment of transparency and trust than to gather information about them in underhand ways.
To be sure, this doesn’t end the debate about the rules surrounding organisations’ collection and use of data. But it transforms the context and the drivers. By focusing attention on data utility rather than monetisation, and on value to both individuals and organisations rather than organisations alone, it transforms both individuals’ and organisations’ commercial incentives.
To make progress in the personal data debate, we need to focus on these underlying incentives, not just the rules in isolation.