Discussions about Cambridge Analytica and Facebook’s alleged involvement in election manipulation are all around us. But the two companies are not the core of the problem. Ever since the World Economic Forum started to discuss personal data as a new asset class in 2011, personal data markets have thrived on the idea that this might be the “new oil”of the digital economy as well as – it seems – politics. Indeed upwards of a thousand companies are now involved in a digital information value chain that harvests data from any activity we do online. It is not just Facebook and Google, Apple or Amazon that harvest our data for any purpose one might think of. Gigantic so called “data management platforms” such as those operated by Acxiom or Oracle Blue Kai are living global data sharing agreements and possess thousands of personal attributes and socio-psychological profiles about hundreds of millions of users. For example, the Oracle Data Cloud (including its subsidiary Blue Kai) claims to possess profiles of 700 million individuals with some 30.000 attributes for each.
We thought at first that the uses of this data would play out harmlessly in commercial environments; such as targeting personal advertisements. But the uses have not remained at this innocuous level as many realize these days. Many online platforms have started to offer individually differentiated pricing; a practice that allows not only for creaming off consumer rents, but also to distort competition.
Retail is not the only playground for personal data giants. Facebook information on its users serves insurance companies to enrich their insurance- and credit scoring. This can lead to great disadvantages for those who are less well off. Equally, big companies can screen in-depth socio-psychological profiles of job applicants without even looking at their CVs. In his report on “Corporate Surveillance” Vienna activist Wolfie Christl describes in detail what is being done with the data today and what companies are involved at various scales.
Unfortunately, personal data uses are not restricted to the business world. As we have seen, it is now also used to manipulate elections. If you were an active Catholic on Facebook in 2016 you’d regularly get fake news on your Facebook Wall telling you that the Pope would vote for Trump. How this was set up is eloquently described in a Guardian interview with Christopher Wylie, a former employee of Cambridge Analytica. Trump’s election is not the only example. Brexit is said to have been heavily pushed by online manipulation that would have been impossible without the in-depth insights personal data markets provide about individual lives.
How do we get out of this situation? Potentially, personal data markets and the use of the data within them should be forbidden in the current form. In an Oxford lecture a few years ago a Google representative presented the idea of an “ethics of ignorance”, which would imply to simply not collect certain kinds of data. Not going this far, Europe has passed its new European General Data Protection Regulation (GDPR). This is a good motivator to question personal data sharing practices. The IT world will need to re-work its data collection habits and technical architectures. Important sanctions are foreseen if they don’t act; up to 4% of world income. Still, consumers can continue to be lured into participation by giving their (un)informed consent to the usage of their data. Legal debates have therefore started to what extent it might be helpful to recognize personal data as the legal property of data subjects. The debate is still going on.
Against this background, we see some hope in the rise of new digital businesses that are harvesting less data and compete on more ethical designs of computer systems. A rich ecosystem of privacy-friendly online services is starting to be available. The engineering association IEEE is promoting Value-based IT System Design through its standardization effort P7000. At Vienna University of Economics and Business a class of masters students benchmarked the data collection practices of our top online services and compared them to their new privacy-friendly competitors. The free benchmark study is available for download and gives everyone a chance to switch services on the spot. Perhaps it could finally be the invisible hand of the market that will self-regulate the turmoil created? Seeing that leading academics from around the world diagnose how much personal data has sunken into illegal grey markets, we very much hope that it will still be the switching of users to new services that does the magic. Otherwise globally coordinated regulation and sanctioning might be the only way to break the harmful power of the biggest data harvesters.
About the author:
Sarah Spiekermann chairs the Institute for Management Information Systems at WU Vienna. She is author of the bestselling textbook “Ethical IT Innovation – A Value-based IT System Design Approach”. She also co-chairs IEEE’s P7000 standardization effort and is a well known expert in privacy by design.