An online debate hosted by European Voice this month and sponsored by Telefónica closed after nine days with 70% of the audience supporting the motion. This audience agreed that consent as a basis for processing data is problematic in the era of big data.
Joe McNamee of European Digital Rights argued that informed consent is possible only where an individual has all the necessary information to make an informed choice, whilst Sandy Pentland of MIT argued that systems of informed consent have worked for the financial and medical research sectors, where they are backed up by robust checks and enforcement, and that this approach could be extended to other areas.
An important feature of the era of big data is that disparate datasets are re-used almost infinitely to produce new valuable information. This may make it less possible for individuals to know exactly how their data may be used in the future. Even where such use is harmless, it still makes some people feel uneasy. Jamie Bartlett of Demos highlighted the recent case where it emerged that Facebook had manipulated users’ feeds to produce an emotional reaction. Whilst there may have been no harm caused, users were angry that that what they saw as their private sphere was being violated.
Part of the problem is that people have come to expect the digital services they enjoy and benefit from to be free. A whole ecosystem has developed in which digital services are funded by advertising, attracted by better targeting using the data they collect and its analysis. In this system users make an initial decision to share their data with an organisation that may not be fully informed or understood. Bill Hoffman of the World Economic Forum noted that “large institutions have the legal resources to maintain the information differentials that keep the level playing field tilted their way”. “If data is the new oil,” he said, then “one-sided user agreements are pumps for extracting it away from individuals”. It is difficult if not impossible for individuals to follow how value flows through the data system, and the need for consumers and citizens to have greater understanding and more control in this environment seems undisputed.
Peter Hustinx, the European Data Protection Supervisor, also highlighted the gulf between data collectors and individuals. “Many online operators seem to love consent, but they want it at the lowest possible price”. This, he says, has led to “dubious practice” where data subjects are completely left in the dark. Hustinx said that the reform of EU data protection rules currently being negotiated by EU governments and MEPs will address this imbalance between data subjects and the companies that seek to use the data to make money. He highlights plans for fines of millions of euros for companies that fail to respect data protection rules.
Telefónica believes that the primary focus should be the protection of people rather than of data. This might be better achieved through rules concerning the use of data rather than rules about its collection. Mechanisms should be established for effective evaluation of the risks to individuals and efforts for protection and enforcement should be directed accordingly. For example, the use of data anonymisation techniques that reduce risks to individuals should be favoured over other practices that might lead to the re-identification of individuals.
Read the full debate here.