We’ve come to take a lot of technological advances for granted, when it comes to the internet. Instant communication, global connectivity, information on a tremendous variety of subjects available at any time, on devices more powerful than those which sent man to the moon. The convenience of online shopping and interactions is such that huge numbers of people reported planning to continue to shop online even once shopping in person was easy and safe once more.
In order to facilitate these advantages, online apps, sites and stores frequently have to validate users’ identities. One of the key challenges of the internet, underlying so many of the possibilities of our online lives, is being able to answer the question, “How can I tell that you are, who you say you are?” And, relatedly, “Who can I trust?”
Data brokers and the privacy downsides
Traditionally, the solution to the trust and identity problem has been to rely on data brokers: third party data providers who have built up large stores of personal user data from a range of sources. Businesses can send queries to these databases, to see if the personal information they’re trying to validate is there, and if there’s any additional info connected to it.
Leaving aside the issues of ensuring the data stays fresh, which is challenging when collecting data from diverse third party sources, and the problem of inclusivity, since the sources used often serve some communities less well than others, what’s notable about the data broker setup is the serious privacy issues it comes with.
At the heart of the system is the fact that in order to verify identities, companies must send users’ personal data to third party data brokers – something few customers understand. Given that 71% of U.S. consumers report being concerned about the security of their personal and financial information, it may be that the third party data broker model no longer matches consumer expectations and concerns.
Beyond that, such data warehouses are an obvious target for hackers, as we’ve seen all too clearly in the Equifax breach which exposed the personal data of more than 147 million consumers in the US alone. Experian, too, has suffered a number of breaches, and WhitePages has also been affected. It’s easy to see why they would be such a tempting target for criminals.
Regulatory push for privacy
The upwelling of consumer concern over data privacy has resulted in privacy-focused legislation in countries all over the world, from the EU to Brazil, and from New Zealand to Switzerland, plus many states in the US, of which California is so far the most notable.
Some companies have viewed the wave of legislation as stifling innovation, and certainly many people do see regulations as limitations. However, in practice the opposite is often true: new regulatory limitations can actually drive innovators to leverage technology in new ways, finding creative, fresh solutions that both adhere to legislation and solve a problem better than would have been possible before.
The Clean Air Act in the US is a good example; its purpose was to combat the dangerous rise of air pollution, and its result was a wave of innovation. Today we benefit from the cleaner engine technologies and cleaner fuels that we’ve inherited from that innovation: our vehicles are roughly 99% cleaner than those before the Act. In turn, some of the tech that has made this improvement possible is now being incorporated into, or taken account by, new legislation – which will doubtless result in further innovation. It’s a virtuous cycle.
Privacy can benefit from exactly the same kind of virtuous cycle. Just as the “greener” innovations after the Clean Air Act came to solve some of the problems caused by the technological advance of the motorized vehicle, in the same way, new innovations around “greener” data can solve the data privacy problems caused by the technological advances around the internet.
A new way of thinking
Privacy professionals, and any other leaders interested in privacy tech and its possibilities, need to help others in their organizations to understand the innovative potential of privacy technologies.
The range of applications for Privacy Enhancing Technology is inspiring. Medical examples are of course much on everyone’s minds right now, but other fields can be just as relevant. In Boston, a number of companies used it to calculate the gender pay gap without exposing any sensitive employee or salary information, resulting in actionable data which had been collected in a reliable yet neutral manner – enabling change rather than finger-pointing.
Returning to the data broker problem, PETs have the answer there as well. Rather than businesses having to expose users’ personal data, and have data brokers collect that data into centralized storehouses, PETs mean that companies can work together directly, helping one another to vouch for and validate trustworthy users.
There’s something particularly appealing about technology coming to fix a problem which only exists in the first place because of technological advances. With PETs, we can all have our data cake – and eat it, too.
