The data breach by Facebook and Cambridge Analytica has raised numerous concerns surrounding the security of personal data when using social media and browsing the web. London-based TheInternet.Foundation, a Non-Governmental Organisation dedicated to promoting digital rights, is leading changes in how personal data is used in commerce.
TheInternet.Foundation was created in 2013 by Dele Atanda, a digital visionary, entrepreneur and long-standing advocate of digital human rights. He is also a cyber and fintech expert, a crypto-economy theorist and an advocate of using technology to form a more compassionate, empathetic and human-centred world.
Back in 2013 TheInternet.Foundation (The IF) pioneered the call for a Universal Declaration of Digital Rights ratified by the United Nations. It leads the development and implementation of the initiative, with leading digital think tanks and consumer rights groups from around the world. In parallel, The IF also leads an initiative to establish a framework outlining how enterprises and brands can responsibly use consumers’ personal data in a fair and mutually equitable manner.
According to the world economic forum, it is estimated that by 2020 personal data will be worth €1trillion in Europe alone. Personal data is an incredibly valuable asset, and currently individuals neither own nor control their personal data or digital identity. There are a number of challenges surrounding personal data, and with the introduction of GDPR on May 25 2018, companies will have to change the way they collect, share and use customer information.
Dedicated to promoting universal digital rights as a natural extension of human rights, TheInternet.Foundation is set to make the use of personal data in commerce much more sustainable.
Dele Atanda commented on the importance of personal data management, “Today, you don’t own your data and you don’t own your identity, so the question really is – who does?”
Even before this latest scandal, the Equifax data breach in 2017 left over 143 million American citizens in a state of permanent, lifetime threat of identity theft, identity crime and identity exposure. Unfortunately, there is no solution except for them changing their identity. Their names, date of birth and social security numbers are now in unknown databases forever. Those identities are effectively owned by the company that compiled and created this information, and not by the individuals whose details were stolen. The stolen information was gathered through no willing participation of the hack’s victims and little has been done to rectify their exposure.
If you look at the history of financial profiles, you find the foundation of what is becoming pervasive commercial surveillance. The use of our data in this commercial framework – for example in advertising and sales – can make business models based on this ethically questionable.
Dele Atanda continues,
“There is a fundamental conflict of interest for companies such as Facebook and Google when it comes to information provisioning and data sharing, because their business models are based on advertising. This in effect means the information they provide is based on advertiser interests, not truth or merit, which makes such information fundamentally unreliable at best and untrustworthy at worst. This is the heart of the crisis of fake news”.
The issues surrounding data are only going to get worse with the rise of artificial intelligence, virtual reality and the internet of things. Dele Atanda explains,
“As our buildings and cities become more connected, the internet of things becomes more prevalent and the 3D world becomes more digitized, these threats will rise exponentially. As data becomes the new oil, we are faced with increasingly prevalent surveillance commerce corporations in what we refer to as ‘The Dirty Data Economy’.”
“This year we will see the introduction of GDPR. It is perhaps the most significant piece of legislation of our generation and a complete reset of the digital economy.
“As people, we are social creatures that become richer by our ability to share experiences with each other. This is a great thing that should be celebrated, and the internet is a powerful and incredible tool that enables this. What we need is a framework to ensures we are able to use it in ways that enrich us that are not harmful. We should be able to share our thoughts and feelings with friends and family without this sharing being used to manipulate and exploit us.”
Wayne Hughes manages data compliance with one of the UK’s leading UK IT Support specialists, ITCS. Wayne believes that GDPR will improve information security, but won’t negate the ‘big brother fears’ people have – because in reality, much of our browsing will continue to be manipulated for advertising purposes. He says:
“Of course, GDPR protection will not apply to US citizens, but for EU residents geographical boundaries won’t matter. It also applies to organisations outside the EU that offer goods or services to individuals within the EU.
“The processor will no longer be able to rely on small print exclusions within the terms and conditions. New consent forms will need to be completely open and name any third parties which will rely on that consent to process the information.
“However, provided Facebook (and similar platforms) don’t disclose your data to a third party (as they did in this breach), they will still be able to manipulate the content you see in your news feed based on your viewing history – and will continue to have control which posts they show in your feed, and when.”
TheInternet.Foundation has created a “Clean Data Charter” – a self-regulating set of principles for companies to adopt, allowing for the fair and equitable use of data in commerce in contrast to the “Dirty Data” model of data acquired through surveillance commerce. It is partnering with the British Standards Institute to introduce an international Ethical Data Standard based on these principles. This will allow personal data to be used commercially in an ethical and sustainable manner.
Dele Atanda continues,
“The three focuses of the Ethical Data Standard are privacy, ownership and consent. GDPR to a large extent addresses privacy and consent, but does not tackle ownership and it is data ownership that most urgently needs to be resolved. Personal data is personal property, which businesses must acknowledge and respect.
“We are creating a global framework that businesses will be able to use to do this. Self-regulation is one part of it and technology is the other. We are using cryptography and blockchain technologies to create a protocol – the mPod Protocol, that allows sealed data objects to be created by people and consensually accessed through tokens in marketplaces. By using encryption and tokens we can provide a data sharing model that is mutually beneficial for data owners and data seekers alike. Information can be protected and used in a universal and ethical standards based manner. People can choose how much exposure they are comfortable with and who they wish to share what with based on clear transparent value exchanges. We call this the ‘Clean Data’ framework analogous to Clean Energy in the ‘old oil’ economy.”
“As personal data is so valuable and personal we should be able to determine who has access to it, take part in its value exchange and earn equity from transactions should we so wish. By introducing the Clean Data framework, no one can exploit your personal information or use it without full transparency on what they wish to do with it and your clear consent for it to be used in this way. Clean Data enables us to clean up the swamp the web is at risk of becoming today.”
“GDPR is a fantastic step forward and we shouldn’t diminish the impact it will have. However, many professionals believe more clarity of data ownership is needed. The first cases to test the new law will show us the impact of the rules in practice, like most in the industry, we will be watching with interest.”