To succeed in the new data economy, companies are collecting massive amounts of consumer data. But these collection efforts rarely involve transparent explanations regarding data usage — and that’s a legitimate reason for consumers and privacy advocates to be concerned.
I first realized the problems posed by big data collection back in 2012. That’s when Target analyzed historical buying data (for example, unscented lotion, nutritional supplements, cocoa-butter) of one teenager in Minneapolis, and deduced that she was pregnant. The company sent her a mailer for nursery items, maternity clothing, etc. Her father intercepted the advertisement, marched into his local Target, and shared some choice words with the store manager for sending this type of ad to his daughter, who was still in high school.
The manager apologized profusely, and a few days later, followed up with a phone call in which he planned to apologize again. During that call, the father revealed that after speaking with his daughter, it turns out that she really was pregnant, but hadn’t shared this information with him. Family drama aside, Target’s ability to analyze the girl’s seemingly benign buying trends and make such a bold prediction was both fascinating and terrifying.
That was in 2012, and since technology moves at the speed of light, imagine how much more sophisticated and advanced big data collection and usage has become. (Read also: 10 Big Myths About Big Data.)
The question isn’t what do companies know, but rather, what don’t they know?
Big Data Collection
In companies spanning every industry, collecting consumer data has become a — if not the — priority. “Many digital business models rely on the capture and trading of personal information and this has been the foundation for the growth of the major technology brands including Google and Facebook,” says Dr. John Bates, CEO of Eggplant, a software testing and monitoring company. “Consumers share data in exchange for free services, and this data is bought and sold.”
According to Tony Anscombe, Chief Security Evangelist at ESET, which provides multilayered internet security solutions, people tend to understand — and accept — that many companies collect consumer data on their websites.
“But when a company has access to your browsing history and knows all the websites you have visited, people may take a different view as the collector now has a richer data picture,” he says. “If this is coupled with personal information that could identify the data subject, then it gives the collector the ability to potentially build a full profile, especially if they then combine this with other data sources.”
Acxiom is one the largest data brokers helping companies to buy, sell and share data. The company works with a variety of industries, including financial services, automotive, insurance, retail & consumer goods, media, technology, and telecommunications. One of the company’s services is identity resolution. According to the company’s website, it provides: “the ability to recognize an entity, be it a person, place or thing, along with associated relationships, consistently and accurately based on both physical and digital attributes, regardless of channel, location or device with contextually appropriate levels of precision.”
That’s a pretty audacious claim, and the ability to deliver on that promise requires massive amounts of data.
Other Collection Means
Also, if you use Apple CarPlay or Google's Android Auto, he says you may be exposing data from your car to third-party app providers. “Mobile apps capture data and then mine and sell your location data,” Bates says.
And, of course, Alexa and other intelligent assistants are listening to your conversations. “Corporations like Amazon and Google have a history of abusing our digital data,” says Raullen Chai, CEO of IoTeX, a Silicon Valley company building privacy-protecting smart devices.
And he says these titans are now penetrating physical homes and neighborhoods. “They are on a spending spree, taking over companies like Ring, Nest, and Fitbit to get an inside look at our homes and bodies,” Chai explains. “With millions of devices watching and listening to us in our homes around the clock, it is now more important than ever to protect our data and privacy.”
That’s why connected devices can be a double-edge sword. While IoT can make your home safer and more secure, it’s also true that IoT can compromise your home’s safety and security.
Dangers of Centralized Profiles
This is particularly problematic for other reasons. "The things that our data straight out says about us — what we buy, what our demographic traits are, who we know, etc. — are not the most concerning part of the problem,” says Dr. Jen Golbeck, an associate professor at the University of Maryland in College Park and director of the Human-Computer Interaction Lab.
What’s more worrying to her is the aggregation and analysis of that data. “Almost all of the information about us can be tied to a centralized profile: our devices, our software, our system configurations, all reveal unique clues that can be mapped to other information that contains real identifiers like email address, name, street address, etc.,” Golbeck says.
“That means, our grocery shopping history, our web browsing, our TV habits, and what we say to smart devices can all be integrated.” And when companies have that much data, she says they can use algorithms to produce new insights. Some of these insights could be products or services that we might like.
“However, this information could also be used to determine whether or not we should get a job or a mortgage or be admitted to a school,” Golbeck warns. “In China, these types of attributes are being used in a social credit score that can determine the speed of your at-home internet connection, what apartments you can rent, which planes or trains you can travel on, and if you have access to loans.”
While it’s not being applied this way in the U.S. — at least not yet — she says this shows how big data can be used to make decisions. “And the fact that these algorithms are sometimes wrong and we don't have any real recourse to correct them, makes their use quite troubling."
One example is a Federal Trade Commission report that found 25% of consumers detected errors on their credit reports that could negatively impact their credit scores. This could result in them paying more for auto loans and insurance — or even stop them from being approved.
“The increasing use of big data analysis regarding U.S. consumers has been shown to result in discrimination in employment, housing, healthcare, financial services and opportunities, education, and even in the criminal justice system,” says Linda Priebe, a U.S. EU Data Privacy/Protection, and Federal Relations lawyer with Culhane Meadows in Washington, DC.
One problem that Bates sees in healthcare is that privacy takes a backseat to innovation. “There is an explosion in the volume of data generated by connected medical devices, EHR, smartwatches, and health apps,” he says, adding that the data is then being mined and sold.
“If stored medical data is leaked, it could be used to identify individuals and insurance companies could adjust healthcare premiums,” Bates explains. And that’s a very real problem considering the cybersecurity war on the healthcare industry.
Another example is the contact tracing apps being developed to track the spread of COVID-19. “These apps have put privacy concerns and people's appetite for allowing their data to be tracked in the spotlight,” he says. “It also reflects the cultural chasms between Asia and the west, where big brother is less accepted.”
Telehealth has been hailed for its ability to control costs and provide convenient medical care. “However, the rise of telehealth is generating privacy concerns about patient’s medical data and the need to make sure that healthcare providers can't profit from it,” Bates says.
Another concern is the level of security involved in these apps and software. “If they have poor security, then data could be exposed if there is a breach.”
Secrecy surrounding the use of data and the lack of any substantive guidelines only exacerbate the problem. “Currently in the U.S. there are very few legal restrictions on use of big data analysis,” Priebe says. “However, a number of policy makers and organizations in the U.S. are working to address the concerns including the Federal Trade Commission and the National Conference of Commissioners on Uniform State Laws.”
Compelling companies to be transparent is a lot easier said than done. “Big data analysis companies in the U.S., including large search engines, social media platforms, mobile phone service and application providers, and digital advertising companies, take the position that the computer algorithms they use to analyze personal information relating to consumers are intellectual property and confidential trade secrets,” Priebe says.
“As a result, big data companies don't want to lose what they believe to be their competitive technological advantage over other companies by being transparent about what their big data algorithms do, how they function, what information they rely on, and even to what extent they're accurate,” she says.
Bias and Discrimination Issues
And unless or until more regulation is introduced, Bates predicts that bias and discrimination issues will continue to grow. “There needs to be more regulation of data to protect individuals, organizations, countries, and ultimately, society as a whole,” he says. “We must be able to trust that data will help us and not deliver biased, inaccurate, or unfair outcomes.”
However, he does admit that too much regulation could stifle the many positive innovations that big data might produce.
“Technology can't be left to the whims of the free markets to determine what works,” Bates says. “As organizations tap into big data and rush to integrate intelligence, we must start to put in place regulation so that technology is a positive influence on society now and for decades to come.”