Data privacy has been propelled into the public consciousness thanks to a handful of investigative reporters, whistle blowers and a gripping new Netflix documentary, The Great Hack. The famous data breach of 50 million Facebook users profiles by Cambridge Analytica has proved to be a catalyst for change, snowballing a wider global conversation on data privacy and democracy. It’s led to compelling stories and newfound heroes, such as David Carroll, an American professor who plays a starring role in The Great Hack and has gone to remarkable lengths to retrieve his own data off these big tech giants. But what’s happening to our data in our home country? Findlay Buchanan dives into the data issue, chats to a New Zealand company fighting for a solution, and examines our own laws in the face of international cyber warfare.

The phrase “data is the new oil” is popular with media when referring to the value data holds to companies, come 2019.  While flawed – data is not the next oil, but in fact has completely different properties, run with entirely different operations – the comparison does have some clout to it.

Both oil and data hold significant power over our global economies, and both are huge contributors to some of the great challenges of our time: inequality, privacy and environmental apocalypse.

Increasingly, the wealthiest group of companies in the world – Facebook, Google, Amazon, and Apple – whom we rely on to connect, serve, and guide our daily lives, are wielding control of a disproportionate share of online commerce and communications.

And although these platforms have in lots of ways greatly benefited the world, it’s becoming increasingly apparent that these same companies have, in many cases, failed to safely manage the platforms they have designed.

The Cambridge Analytica scandal that broke in early 2018 proved how personal data is being harvested on these platforms and on-sold to companies for commercial or cultural influence, such as strategic political advertising, which threatens our very democratic systems.

New life was breathed into the ongoing data debate this year when Netflix released a documentary called The Great Hack, which attempted to unravel the complex scandal of how Cambridge Analytica exploited data collated from private Facebook profiles.

Despite this, it seems every other week there is a new data breach, with another massive software company has harvested thousands of people’s data without consent.

And yet, most of us remain confused and apathetic about the implications of the data available online that details our daily lives. Taking a stand against the big tech juggernauts is too hard to navigate, while removing yourself from the social media platforms is unappealing in the face of losing access to online connections and a wealth of information.

Perhaps it’s similar to climate change, whereby most people care about our natural environment, yet few care (or know) enough to take real meaningful action. For example, despite documentation of the cruelty of factory farming, various vegetarian movements and research into the negative environmental effects of meat production, global meat eating is still on the rise.

Both data privacy and climate change have eroded, and continue to erode, our planet and

Democracies. But for many, the effects aren’t visible enough to warrant genuine behavioural change. We are too dependent on the platforms and their excitement and convenience and the problems are too abstract, so we avoid getting ensnared in the debate.

Perhaps, the answer is to hear about clear solutions and act collectively. It’s unlikely there will ever be a perfect remedy to data privacy, or climate change for that matter. Instead, it will take collaborative efforts from governments, tech companies and individuals to ensure our personal data is safely managed. Here are some possible solutions.

Solution one

A private company acts as gatekeeper

Own My Data (OMD) is a newly formed New Zealand social enterprise with plans to empower people with their own data. The company is only a few months old and is comprised by a combination of students and young professionals, with big ideas on helping users track, manage and eventually sell their own data to tech companies. 

The founder, Sam Yoon, says he has always been interested in big data. But his time studying abroad in at the University of California, Berkeley in San Francisco drove his motivation to solve the problem.

“At the time there was a huge issue about GDPR (General Data Protection Regulation), which is a European regulation that came off the back of Cambridge Analytica,” he says. “One day I had a thought: there is a whole bunch of regulations that theoretically give me more control over my data, but in reality, it is still really difficult to understand where it is and how it is being controlled.”

That is the gap Own My Data attempts to fill. Instead of users being forced to interrogate the faceless behemoths that are Facebook or Amazon to reveal how their data is being used and sold to advertisers, it empowers users to track and manage their own data.

So, how does it work?

Yoon says, “The first thing is education and helping people to understand their data, so that users can log in to our website, then authorise us to connect with different data holders like Facebook , Google, your bank account or your healthcare providers, and then through that authorisation, we can connect with that data holder directly through different APIs and then pull through relevant data about the users.”

Essentially, the app will be a nexus of the multiple online data points that users permit Own My Data to connect with, such as your activity on Facebook, Uber, Amazon, online banking or other online platforms. It will then showcase that activity on simple and compelling dashboards and visualisations.

But for the many of us who remain confused and disinterested in data privacy issues, its value may seem futile. Why should we care about where our data lies, or who uses it?

Well, imagine if you were able to track the cycles of money you spend online, where and how you spend it, then compare that with your top fifty friends on Facebook. It could open new doors into online transparency, enabling people to track and change their online behaviour.

Yoon says, “They are interesting insights that will hook in the average person with the intention that when people start looking at our dashboards and visualisations, they will understand how much data is out their about them that is readily available. This will then lead to questions about how their data is being used by those who have access to it.”

Further, a recent report by the Privacy Commission shows New Zealanders do actually give a damn about data privacy. It showed most people (65 percent) are significantly concerned with individual privacy and the protection of personal information, but it also found what we care about varies.

For example, it found 87 percent were concerned with ‘information children put on the internet about themselves’, while only 47 percent cared about health organisations sharing personal information to other health organisations without telling them.

 “The very fact that you are writing about this topic is testament to that,” Yoon says. “Data privacy is not at the top of most people’s minds, but it has gained a strong interest in the past few years, especially with the Cambridge Analytica scandal.

“As you can probably imagine, General Data Protection Regulation (GDPR) itself is a new regulation, so this whole conversation about privacy and data empowerment is new. It’s exciting for our team because there is a massive hole to fill. If we get there fast enough, we can make an impact.”

However, there are still a few questions for these new guardians of our data. The business model is hinged on a deep level of trust. People will provide Own My Data with the rights to their online world, so what’s stopping it from being another big data company like Facebook or Google, which wield users’ online behaviour for its own benefits? Who is holding it to account?

“Firstly, we are a social enterprise, with an overall mission to empower users with their data,” Yoon says. “We are also working with the office of the privacy commissioner to receive a privacy trust mark. So, what that entails is investigators from the privacy commission will continually audit what we do with people’s data, so of course if we do anything shady with people’s data they will release it to the public, so we have those checks and balances in place.”

Despite being under social enterprise model, it’s early days on how the organisation intends to make revenue. Yoon says, he is “thinking about different revenue models”, such as whether it offers a premium tier, where premium users can access more controls and visualisations, or enabling users to sell their data, with the company taking a commission off that sold data. He reiterates, though, that it will remain as a social enterprise with a large focus on donations, government grants and sponsorships.

Yoon says that it is currently focused on the education and visualisation aspect, then by the end of the year, it will look at the user control component with plans to examine the monetisation part of the offering at the start of next year.

It’s currently launched a beta version to a selected few people, who are providing detailed feedback.

“Our goal is to get 5000 users on the platform by the end of the year,” he says.

Solution two

More government intervention

As Brad Smith, president of Microsoft acknowledged, “The greatest risk facing technology firms isn’t overregulation – it’s that government won’t do enough, swiftly enough, to address the technology issues affecting the world.”

The age of digital technology has largely soared through unregulated. Tech companies have been able to start and grow, but it’s only now, after many thorny data scandals, that laws are being reformed.

Across the world, governments have scrambled to tighten regulations on how our data is being managed, as new policies attempt to place firmer responsibilities on tech companies.

Europe’s aforementioned GDPR policy, which came into force last year, has been the most significant attempt to implement data protection rules. The law enforces companies of all sizes to obtain consumers’ consent before they process, share, or sell data. It blankets all of Europe but allows individual countries to add their own laws.

It also calls on bigger companies – specifically those with over 250 employees – to have proof of why people’s information is being collected and processed with descriptive analysis of the information kept, how long it will hold it and outline the specific security measures it will use to protect the data.

Similar privacy bills are also being rolled out in the US. Earlier this year, California released a landmark consumer privacy law set to be activated next year, while in New York, a new privacy bill is set to be even more revolutionary and give residents more control over their data than any other state.

Back home in New Zealand, we are protected by the Office of the Privacy Commissioner, John Edwards, which acts as a body of governance to deal with local data privacy issues. Its website says it ‘develop and promote a culture in which personal information is protected and respected’.

The commissioner’s office told Idealog it monitors and examines the impact of technology on privacy in several ways.

“We keep abreast of the latest technology and their impacts on privacy in a number of ways. We monitor media, we engage with stakeholders in the tech community, we attend national and international privacy conferences. When we receive complaints from the public regarding a particular privacy issue relating to new technology – we will investigate further,” it said.

However, the difficulty with this is that technology is moving so quickly – with new tools and software being rolled out, such as AI and advanced analytics – that the public is unaware of the unique risks attached to the new technologies until the consequences become widespread.

However, the commission says itself and other agencies in New Zealand, such as CERT and Netsafe, spend “considerable time and effort in educating the public about the risks posed by new types of technology”. To do so, it produces regular blogs, which examines some of the new technologies and the impact they have on individual privacy.

It also assures “individuals can request the information held about them by government departments, organisations or businesses.” It says the AboutMe section of its website allows people to “easily do this”.

But the problem is it’s not easy. Even for the reasonably tech-savvy person, it’s difficult to know what information is being collected from who and where is being shared. What’s more, people are increasingly time poor, so although they can freely request their data from businesses and government organisations, it takes considerable time and effort to access. Which brings us to the last solution.

Solution three

The individual fight

In The Great Hack, New York-based media professor David Carroll goes on a determined and ultimately unsuccessful journey in the UK legal system to try find out what data Cambridge Analytica held on him. He says in the film, “We were so obsessed with connectivity, we forgot to read the terms and conditions.”

In other words, as he told Dazed, with the way the system is currently structured, it’s up to the individual to be proactive on managing their own data.

 “The burden is on us as individuals to figure out what is safe and unsafe.”

That’s why data-management-for-good companies like Own My Data could be so valuable. It maps out these data points for us and shows us what private companies and government organisations are collecting and how they are using it. It turns the narrative on its head, making the consumer no longer a commodity, but the guardians of their own data.

But while Own My Data gets its operations up and running, Caroll told Dazed the best course of action right now for individuals is to educate yourself. Go into your settings, uncheck the boxes and do regular audits of your own data protection. If you’re downloading an app that’s been made somewhere outside of Europe, which has the GDPR laws in place – such as Russia or China – be more cautious about what data you’re handing over.

Ultimately, if nothing else, the data discussion should make all of us pause, take a moment and maybe think twice about downloading that hilarious, new face-aging app.