In 2017, The Economist reported that the most valuable resource on the planet is data, yet we give it out for free every single day. This value is not lost on the companies that control data. Facebook’s scandal with Cambridge Analytica has shown just how lucrative this personal data is, and how frequent and dangerous the misuse of it can be.
Sometimes it’s not even the third parties that are finding ways to profit. For example, a recent report in the Wall Street Journal found that Facebook sought to obtain financial data users were passing through to their banks on Messenger (e.g. chats with the banks’ Messenger bots).
But the Cambridge Analytica scandal struck a particular chord in a way no other breach has, with Pew Research showing 42 percent of Facebook’s users are at least “taking a break” from the platform due to the data controversy.
I believe the scandal has had a lasting impact for a number of reasons. First, Cambridge Analytica falsely used the pretense of “research” for this data that would later be politically “weaponized.” In addition, the use of psychographics – psychology-based information and data to influence millions of people to sway elections – was unprecedented and massively disturbing.
Finally, the Cambridge Analytica scandal came as the culmination of many incidents in which major companies failed to keep our data secure. There was first the big Linkedin data breach, which was then dwarfed by the Equifax breach, where an estimated 142 million Americans lost their social security numbers and other personal identifiable information.
Half of the people reading this right now have social security numbers that are traded on the dark web because of the Equifax breach. Overall, the number of data breaches per year more than doubled from 2015 to 2017. Clearly, conventional approaches for protecting user data are not working.
GDPR: Right intention, wrong solution
As a data scientist, I know it’s not a matter of if another breach occurs, but when. And just as Cambridge Analytica dwarfed Equifax before it, at least in terms of cultural and political influence, the next data breach will reveal our vulnerabilities in unprecedented and shocking new ways.
So how can we safeguard, or at least better insulate, ourselves against such breaches in the future? One possible solution could be laws like those passed and implemented by the European Union – the General Data Protection Regulation (GDPR). GDPR, as it applies to all European businesses and all American businesses that have European data on their servers, basically gives consumers the right to both access and delete the data companies have stored on them.
This is definitely a step in the right direction, but don’t get too excited. Legislation isn’t a magic wand that makes everyone’s data suddenly completely safe. It doesn’t even mean everyone is complying with the basic precepts of new regulations. A recent survey found that GDPR compliance was higher outside of Europe, and that 70 percent of companies failed to respond to individual requests for private data within 30 days.
That’s assuming jurisdictions outside the EU, like the United States, even make an attempt at legislative redress. Any such consumer protection in the United States would face a much higher bar to passage, with major tech companies sure to lobby against more laws that could lead to diminished user data rewards and costly compliance.
At the end of the day, legislation is never going to fully fix the true underlying dynamic: as long as there is more value in using or abusing this data, whether by bad actors like hackers or Cambridge Analytica, or by large companies themselves, no real change will take place.
In terms of consumer recourse in the wake of Cambridge Analytica, the most popular has been the #DeleteFacebook movement. I’m sure it’s been a really bad year for the Facebook growth team, but these types of user-driven backlashes are really not going to solve the underlying problems, even with 42 percent of users “taking a break.”
Stopping interaction with these services, and pretending like they never existed, isn’t a realistic wide-scale solution to the problem. The strong networking effects of these applications have allowed them to become too ingrained in our daily lives to let go of them completely. In addition, they do provide value to the world, despite the security and privacy tradeoffs.
A Way Forward: Shifting Control of Data from Companies to Consumers
As long as we store our data on centralized servers, and as long as the companies storing that data are making billions, nothing’s going to stop criminal data breaches or the soft abuse of digital identity by advertisers and others.
The only possible, lasting solution will be shifting the control, security and profit of one’s own data from the corporation to the consumer. When consumers realize how valuable their data is and how much companies make off of it, and as this value grows by the year amid ongoing data breaches, it will become an even bigger priority for consumers.
Technology is starting to forge the tools to achieve what once seemed nearly impossible, and the best conduit is decentralization via blockchain technology. The fundamental value proposition of the blockchain fits perfectly with this vision of personal data control. Blockchain technology is basically a trust mechanism that allows one to interact with other people without mediation by a third party, or by those large companies that keep mishandling our data.
While blockchain technology has initially made the bigger splash in peer-to-peer finance, via bitcoin, ether and hundreds of different types of tokens, decentralized technologies will arguably have a similar impact in how we store data.
Platforms like Napster and BitTorrent have already somewhat introduced the internet user to the concept of decentralized file storage and “sharding,” though these platforms were largely used for media. Coupled with the blockchain, it will not be too long before we can enjoy the same capabilities with our own personal data. Cloud-storage startups like Sia, Filecoin, Storj, Stokit, and Maidsafe are already introducing such capabilities.
As these major data breaches have shown, the best stewards of personal data are the owners of that data. The future technology boom will be led by the types of companies that empower users to be those stewards, rather than to try and do that job for them.
In the future, blockchain technology coupled with decentralized cloud storage will empower consumers to own their data, control who has access to it, and earn a profit by sharing it with companies they trust. Decentralized technologies will create perfect transparency and will prevent centralized data breaches from occurring.
Data silos will be torn down by consumers pulling their data together on decentralized cloud platforms. Consumers will use their decentralized data profiles to login to and provision access to a new generation of applications that will share data amongst each other, through the consumer.
Many businesses will also profit from this new future. Businesses will buy data directly from consumers because the data will be much more accurate, and contain many more data points than what can be bought from data brokers.
Businesses will also have access to a lot more real-time data that is much more valuable than the static data sets they buy from data brokers today. Conventional data brokers will lose market share in the same way Taxis lost market share to Uber. With access to more data that is more accurate than ever before, software and AI innovation will explode.
The shift in control of data from companies to consumers is inevitable. The only question is the timing. When the shift happens, we will all live in a much better world than we do today.
Crypto Briefing does not accept any payment or financial benefit from expert guest authors.
If you are a blockchain expert with an interest in sharing your knowledge and experience, please contact our Managing Editor, Jon Rice, via email at editor AT cryptobriefing.com