What we talk about when we talk about data
The personal data of 50 million Facebook users has been harvested in order to micro-target advertising, including for political campaigns. This isn’t the first report of its kind (and it’s unlikely to be the last!): more articles are appearing every day about people finding out how much data companies hold on them, whether it’s Facebook, Tinder, or Google.
The sheer amount of data collected from users is staggering, and it’s often not clear just how much you are consenting to when you submit information or use websites and platforms. The problem is that when we think about data in an abstract sense, it makes it easy to consent to ostensibly legitimate yet overly detailed data harvesting.
It’s easy when sharing content or submitting forms to think that the information you’re giving to apps, surveys, platforms and organisations is harmless – it’s just words and numbers, after all.
Except it’s not. It’s likes and dislikes, friendship networks, geographical location, financial and medical records, and with enough data points, it’s a complete personal profile. Citizens, consumers and the organisations they interact with all need to realise the extent to which this data can define a person, and hence affect them in a real sense if it’s misused or lost. It’s time to change the way we all talk about data.
Sharing is caring?
Vast quantities of personal information is willingly handed over when you’re having fun sharing content and connecting online with friends and groups, when it’s unclear what exactly you’re consenting to.
Social media users fill out profiles, ‘like’ content, share stories and connect with people. Online shoppers buy things, add items to wish-lists and search for specific objects, and this history can be utilised by advertisers to target ads in astonishingly specific ways. Consider the case of a supermarket predicting a customer’s pregnancy and sending appropriate coupons before the family knew. For social media platforms and online stores, data is a valuable commodity they can leverage to increase engagement and sales.
But brick and mortar organisations – your bank, local government institutions, retailers – all handle and process your personal information as well. Are they handling it properly? Are they disposing of it when they no longer need it? Or is it sitting somewhere – unaudited and unencrypted – waiting for a malicious attack or an accidental breach? It happens so suddenly; not only are you not in control of your own data, but the organisation you trusted to hold it isn’t either.
A lax approach to both managing this data once it’s submitted and sharing it is encouraged by the way we have abstracted data away from what it is: it’s about people’s lives.
It’s not just words and numbers
That Facebook survey you completed and shared, the form you sent to your bank, that online application you submitted to a prospective employer, the medical history stored by your insurance provider. These data points and personal facts may not seem like much, but taken together and extrapolated to build profiles, the power and risks associated with it becomes apparent.
There needs to be a shift in the conversation of how we talk about data – as consumers, citizens, users, but also as organisations large and small. We need to better educate people about the practical consequences of freely giving up personally identifiable information, and we need to make sure organisations are treating people’s personal information – and their actual lives – with appropriate care and respect.
For citizens, it’s about understanding where data is going and how it’s being used, as well as employing regulatory mechanisms to hold companies and institutions to account.
For organisations taking a haphazard approach to data handling and processing, it’s about constantly reminding oneself about the importance of the citizen information they store, process and share, and effective adherence to data protection regulations.
Economists like to talk about moral hazard: the way we take more risks when we don’t bear the costs if things don’t go to plan. Organisations must avoid this way of thinking; they need to move away from thinking in abstractions about what data is, and what its misuse can do to people’s lives. So what do we talk about when we talk about data?
We talk about the people whose medical history gets leaked, about credit scores and address information getting stolen due to weak security (making it identity fraud possible) , about 4,000 data points being used without consent to more effectively target politically persuasive campaigns, and about payroll data for an entire workforce being put online.