Can we regain power over our personal data?
After allegations that a company used Facebook personal data for political ends, Rhodri Marsden asks whether we can regain control of our digital lives and privacy
Countless people have chosen to quit Facebook over the years, but last week’s mass exodus felt more significant. “I’m going to pull my photos and delete by the end of the week for good,” wrote one user on her timeline, as allegations of Facebook’s misuse of personal data escalated, and one of the firm’s early investors, Roger McNamee, talked of a “cavalier disregard of their obligations to users”. But other people found themselves in a quandary when confronted with the #DeleteFacebook hashtag. “Without it I will lose contact with a great many people who I genuinely care about,” confessed one.
Anyone who followed advice to turn off connections between Facebook and third-party apps – games, news feeds, taxi services and more – would have received warnings, such as “You will not be able to log into websites or applications,” or “Your friends won’t be able to interact and share with you using apps and websites.”
This prompted a realisation of how intertwined Facebook is with our lives, and the choice was stark: either undergo a highly disruptive digital detox or allow Facebook to continue using their data in ways that are still not fully understood.
That widespread sense of powerlessness has led the EU to introduce a new set of data protection regulations to be enforced from May 25, known as GDPR (General Data Protection Regulation). They come at a critical time, as the story of Cambridge Analytica and its alleged misuse of Facebook data to create 30 million “psychographic” profiles continues to gather momentum. As the world gets used to the idea that frivolous online personality quizzes might be harnessed to influence national elections, the GDPR is designed to rebalance power between EU citizens and global technology firms, but its impact will be felt far beyond the EU.
Its measures include allowing people free access to their own data; the ability to extract, delete and move it; greater information about who holds that data, for what purpose and for how long; the power to deny businesses the ability to use that data for any purpose other than the reason it was collected; and, crucially, fines for non-compliance of up to 4 per cent of a firm’s global annual revenue or €20 million (Dh91m) – whichever is greater. Last week, McNamee referred to GDPR as a “brilliant idea”. “The notion that [our] relationship with these companies should be less one-sided will fix an enormous part of the problem,” he said.
Privacy campaigners have pointed out for many years that if a service is free, then you yourself are the product. It’s never been an easy notion to fully comprehend, but as artificial intelligence techniques become more sophisticated and our data is made to work harder, the enormous value of that data is becoming more apparent. The European Commission estimates that the value of EU citizens’ data alone will reach €1 trillion by 2020.
“We have accepted the bargain offered to us without thinking about it too much,” said Evgeny Morozov, author of The Net Delusion, in a BBC radio interview last week. “The bargain was that we can get services for free and the cost is underwritten by advertisers. We’re beginning to see the consequences of that.”
The severity of the consequences is largely down to our failure to understand the terms and conditions of the bargains we opted into. The so called Privacy Paradox - we hate our privacy being compromised but seem willing to give it up in return for convenience - is still very much in evidence.
The smokescreen concealing how our data is actually used feeds into this paradox, and its existence has been freely admitted by the industry. Last year, Andrew Ng, then chief scientist at Chinese search engine Baidu, said: “We often launch products not for the revenue but for the data, and monetise the data through a different product.”
That transformation of data into cash, assisted by toothless data regulations devised many years ago, has undoubtedly boosted the corporate might of Silicon Valley.
The smokescreen, however, is lifting. “It’s becoming evident to many more people that business models relying on the collection and commercial exploitation of personal data are deeply broken,” says Francesca Bria, co-ordinator for Decode, an EU project that develops tools to give people more control over how their data is used. “Big tech firms are behaving like feudal lords that control the infrastructure of the digital world,” she says.
The GDPR is an attempt to break up that feudal system, and in recent weeks Silicon Valley’s biggest firms have been rushing to comply with GDPR by introducing privacy dashboards that give people access to their data. Some analysts believe that the GDPR’s ban on selling advertising based upon personal information will have even greater consequences for digital firms, and while Facebook disputes that its business model is under threat, it has reportedly assembled its biggest ever cross-departmental team to deal with implementing the EU’s requirements.
Bria believes that people across the world will benefit from GDPR. “It can become the framework for all countries,” she says. “It’s now at the top of the agenda of policymakers in Europe, and these issues are being pushed at the level of the World Information Summit and World Trade Organisation negotiations. This way, we can reach critical mass and push forward an alternative model that preserves rights and enhances privacy.”
Our new-found understanding of how personal data can be used to influence the democratic process has led to speculation over how it might influence our general behaviour, from spending patterns to emotional outbursts.
Francois Chollet, a researcher at Google, gave his own insight last week in a series of posts on Twitter. “The human mind is a static, vulnerable system,” he said, “that will come increasingly under attack from ever-smarter AI algorithms [with] a complete view of everything we do and believe, and complete control of the information we consume.”
Some believe that actions to try to prevent this outcome are too little too late, but while GDPR exercises its regulatory muscle, Bria’s Decode project is attempting to build new data gathering systems which she hopes will underpin the future of AI across sectors such as health care, education and mobility.
“We’re at the very beginning of the Fourth Industrial Revolution,” she says, “There may be an argument that it’s too late when these technology giants dominate the market. But actually, there is still time.”
The EU will enforce new data protection regulations from May 25, allowing people access to their own data and to prevent others from using it, punishable by fines