Who really controls our data?


This week I attended my first media roundtable at the Shard, hosted by the big data analytics company, Teradata. The topic of discussion, broadly speaking, was data privacy and the Internet of Things, moderated by Mark Whitehorn, Professor of Analytics at the University of Dundee. The panel was made up of four high-profile and worthy individuals, all experts in their respective fields: Stephen Brobst, CTO of Teradata, Michele Nati, Technical Leader of Privacy and Trust at Digital Catapult, Dr Gus Hosein, Chief Executive of Privacy International and Joanne Bone, Partner at Irwin Mitchell and an expert in data privacy law.

Mark opened the discussion with the statement, “Data is neutral. On its own it is not dangerous. It’s what we do with data that can be dangerous”. I think the most enlightening point Mark made in those first few minutes is that nobody knows who is in control of data. As he remarked, it’s like asking “Who’s in charge of the internet?”

The topic of the Internet of Things was the first to be analysed by these four professionals, looking at how dangerous the Internet of Things and Smart Cities could be. Gus Hosein was particularly passionate about the fact that we as consumers don’t understand the value of our data – many of us have been guilty of just clicking “I have read and agree to these terms and conditions”. He told the audience of top tech journalists, if sensors were to be placed unobtrusively, everywhere in London, the people collecting this data would doubtless breach confidentiality. Would the data collected be open to anyone and everyone or just to the select few people who have clearance or worse, the intelligent hackers who would find a vulnerability and have access to this information?

Stephen Brobst then opened the subject of data security asking “how can we protect our data?” In Stephen’s experience, companies have encryption tools but are not using them enough. His opinion is that if an organisation is going to collect data, it is their responsibility to protect it. The discussion went on to look at where data is physically stored and why companies are worried about keeping their data in the European Cloud or a US Cloud etc. Both Stephen and Michele Nati agreed this was nonsense, as long as the data is encrypted, it doesn’t matter where the physical storage location is.

‘Ethical data’ was the next area of focus, evaluating the question, “Who owns our data?” Is the analysis of our data being utilised for our own benefit, such as a cheaper rate on our car insurance or more accurate medical advice, or is it for the benefit of the user? From a commercial stand point, most consumers don’t know what security is being used to protect their data, if any. A lot of the time the data they’re freely giving to a company in order to get a freebie or cheaper deal is sold on to other companies, such as advertisers who could then send targeted adverts to that consumer. What’s so wrong with that I hear you ask? If my data is being sold on to advertisers without my knowledge – who else is it being sold on to? Fraudsters? Con-men? Ex-boyfriends?

In the UK, organisations don’t even need to alert consumers when there has been a data breach – Joanne Bone reassured us all that new legislation is being put in place to force companies to be more transparent in this way. Usually the law is something we can count on to really crack down on these issues, but Joanne pointed out that laws are debated for so long it takes years to put regulations in place which means that, particularly in the technology sector, technology will have moved on and the law will be out of date before its even been passed. Realistically, in my experience, public reaction and brand reputation has always been more of an influence on organisations than the law.

How can companies be seen to be ethical? Stephen answers this one simply with two words – ‘be transparent’. If a company is transparent about how it will use your data and you’re well informed of what the repercussions might be, it can be called ‘ethical’. The consumer should be able to see specifically what data a company is collecting about you, be it your age, weight, gender, credit rating etc.

To conclude, we don’t currently have the answer to how best to protect our data, but at least we’re looking at it before it’s too late. The general opinion of the panel, I think, is that the consumer needs to be educated about the potential threats they impose upon themselves when they don’t consider the consequences of giving out their data to Joe Bloggs simply to be in with a chance of winning a years’ supply of chocolate, for example. On the outside may be a colourful sweet wrapper but underneath that wrapper could be a sinister layer of greed, manipulation and self-serving criminals.