Life in the fishbowl

What would a world of first-party-only data look like? Well, how would you feel about putting your name in a fishbowl and walking away?

That is the story revealed by investigative journalists investigating the impact of data protection rules: WSJ, Big Tech Privacy Moves Spur Companies to Amass Customer Data. If the rules are interpreted to restrict the combination of multiple sources of data, as the UK Information Commissioner appears to be advocating, then the rules will encourage firms to take matters into their own hands. The Wall Street Journal articlerevealed significant inroads into privacy from these practices, e.g. the collection of names, phone numbers, and even dates of birth. And yes: the mega-brewery Molsons did collect names in a giant fishbowl!

This tale is bad for consumers and bad for brands. Brands lose the insight of the better analysis from multiple data sets: they do not need to fish in a fishbowl for data and can get professionally generated insights instead. Consumers lose out as the advertising is less relevant, and the free content paid for by advertising is diminished, since the value of the advertising falls. There are also implied price increases from the move from the more efficient multi-source systems to a world where each brand must duplicate efforts.

From a data protection perspective, this is particularly bad news. Each brand will have its own data policy. The consumer’s data protection is only as strong as the weakest link. There is an incentive for a “bad actor” in one brand to ride roughshod, and little that the consumer can do about it. The consumer must also review all the data protection policies. This reveals a fallacy in the current debate: there is no reason to assume that just because the consumer interacted with a brand direct, that data protection is strong.

On the contrary, what is needed is competition over data collection quality. This would involve all the benefits and none of the costs above. Brands could use specialist data services, drawing on multiple data sources. Consumers benefit from privacy-by-design safeguards which are likely to be stronger than the patchwork of policies by particular brands. For example, privacy-by-design would not collect names, phone numbers, or dates of birth, much less put the names in a fishbowl. A pseudonym like User123 would be used instead.

Most importantly, allowing multiple data source handling also allows one, easy to use reset button. The right to be forgotten and other fundamental rights in GDPR only make sense if they can be used. There is no realistic way for a user to reset hundreds of fragmented data repositories. What is needed is a single, easy to use mechanism. Otherwise – you’d better hope you remember that time you left your name in the brewery fishbowl!

An introductory video and further information on the debates driving these data handling practices can be found at here.