If after ten minutes at the poker table, you do not know who the patsy is—you are the patsy. – Poker Proverb
Imagine if someone was able learn everything about you. Not just the color of your eyes or where you went to school, but rather the size of your pants (and how that’s changed over the past few years), your internet search history, your favorite brand of ice cream, your first pet’s name. Essentially, your innermost fears, your favorite likes, your background and your thoughts and feelings about almost any event. You’d probably be ok if that person was a parent or significant other. But, what if it was a person, or perhaps even a machine. Concerned? You should be.
Technology and social media companies dominate the world we live in today. They long ago figured out that the data they collect can be used for advertising, allowing them to create a recurring revenue stream without charging you for access to reconnect with high school classmates or follow the cast of Saturday Night Live. Data, to these companies, is the fuel that powers their economic engine. However, a data inefficiency exists – your data is in fact no longer your data. Rather, it belongs to a bunch of companies are attempting to all monetize the patsy at the table – you. This happens because the relationship is completely one sided, with little hope for arbitrage. Companies that are collecting the data are the ones that value the data, the ones that leverage the data and the ones that manipulate the data. And, as more and more devices become connected, more and more data is collected, refined, extrapolated and monetized. Consumers are not only blissfully unaware, but are willfully providing the data, sometimes with little to no faith in the companies they are providing it to, nor an understanding of where there data goes once gathered. Consumers, in fact, have become the serfs in the corporate kingdom.
As the collection and monetization of personal data accelerates, it is imperative that we look at not only what data is being collected, but by whom, how it is stored, with whom it is shared, and what happens to the data once it begins its journey outside the controls of the consumer. Consumers must begin to truly understand the bargain they are entering into to keep things free, corporations must return the ownership of the data back to the consumers, and regulators need to reflect the changing times and pass legislation that reflects the current state of data collection, and allows for innovation and acceleration while still safeguarding consumers.
To be fair, the concept of buying and selling of personal data isn’t a new phenomenon. Every transaction an individual enters into generates some form of data, and by the late 1960s and 1970s, the US government stepped in, passing the US Fair Credit Reporting Act 1970 and the US Privacy Act of 1974. These laws laid the groundwork for the information practices that continue to shape US data protection today. Unfortunately, these laws have become antiquated, as data companies have realized that the greatest asset they own is the data on their consumers and their behavior. And, the risks and implications around the collection and use of consumer data are now greater, and the impacts more meaningful and disruptive, than ever before.
Every day, each consumer generates massive amounts of data. Sometimes, consumer data is even being created and captured by companies that you have no relationship with and have never directly interacted. Companies including advertisers, marketers and insurance companies realize that knowing who the target audience is, along with what motivates and influences them, can make all the difference in hitting financial goals and metrics. And, companies such as social media platforms and gaming companies have realized that by using consumer data sets and past behaviors, they are able to create more tailored and customized experiences, resulting in longer engagement time and more expensive advertising real estate. Forrester Principal Analyst Sucharita Mulpuru-Kodali has even been quoted saying that: “Anybody that’s got data right now is in the business of trying to make money off of it. Why not take advantage of it, especially if you can do it under the radar?” But, it’s exactly those companies operating under the radar that should cause extreme concern among consumers – who is collecting my data, how are they using it, and with whom are they sharing that data should be essential questions in this data driven world.
In order to have a deep discussion on personal data, it is important to understand the different types of data that are lumped together as “personal data”.
- Some data is what is considered “exhaust” – data that is generated by using the platforms. This data may not appear to reveal much on the surface, but can in fact provide significant value to the companies and marketers about personal usage. And, with machine learning unearthing new insights, this data is even more valuable than in the past.
- Some data is for improving or optimizing systems – bug reports and analytics on the performance of certain KPIs (think load time for websites or the number of crashes on your app).
- Certain data is anonymized and aggregated (the average time to drive to the grocery store is calculated on this type of data, and so is the rankings for most popular apps on the app stores).
- Finally, there is individual user data, sometimes used to tailor recommendations based on past usage (Netflix movie recommendations or credit card offers), sometimes for consumer knowledge or to monitor/influence behavior (think Nest thermostats modifying temperatures). This data is often collected for no immediate reason.
Every company, in one form or fashion, is collecting data. Some have massive amounts, some smaller. But, as evidenced by both the ongoing breach notifications that seem to constantly occur, and the news stories about personal data being harvested or misused, companies big and small, for profit and not for profit, all are prone to this collection. Here are a few recent examples, that happen to be large enough they have been reported on:
- Exactis, a marketing and data aggregation firm, exposed data on close to 340 million people;
- 23andMe, a genetic testing company, was selling data to 3rd parties, including big pharma and law enforcement;
- ResMed, a CPAP medical device company, was featured tracking patients sleep;
- Uber had personal information on 57 million
- PumpUp, an exercise app, leaked private and sensitive data on 6 million users
- 150 million MyFitnessPal users are believed to have had their information compromised in the data breach.
- Atrium Health data breach impacted 2.65 million health records
These incidents show how indentured we are to the corporate kingdoms. Consumers are often unaware, unable or unwilling to make changes to protect their data, even though the impact of the monetization of consumer data has the potential to be one of the largest of our GDP (it already is to the point of generating hundreds of billions in ad revenue per year). In part 2 of this series, I’ll address examples of the types of data companies are now gathering and address the implications for consumers related to how their data is collected, mined and monetized, with the hope that consumers will at least recognize they may, in fact, be the patsy. And, in part 3 of this series, I’ll present a framework to address the changing data model be addressed to protect consumers and their data.