Private concerns

Posted on: October 8, 2015 by Karl Alles

As industry debates data protection and data privacy, Ascent asks three experts for their views on whether regulation is hurting consumers

Mark Roberts is an Associate Partner at Atos Consulting and Head of Information Governance Risk and Compliance Practice in the UK

I was at a health expo the other week and witnessed the rise of health-related wearables, each generating masses of sensitive information about our well-being. Yet are we really happy with this? In my view, consumer-owned data offers a way forward. My health record, for example, is mine and mine alone. I should own it and determine who it is shared with. Responsibility for its confidentiality, integrity and availability is then vested in the person who cares about those things the most – me. From this we can develop a standardised way of me giving consent to others to access my personal data. I can see at a glance, on my smartphone perhaps, who I am providing access to and why. The forthcoming General Data Protection Regulation (GDPR) will be another important step in placing power in the hands of consumers. The draft regulation is expected to contain a number of consumer rights, including the right to be forgotten. Every organisation will be forced to ask itself: do you know the full extent of the data you hold on a particular individual? Can you be confident you know exactly where that data is? And can you be certain you can erase it all and prove that it has been erased? The GDPR may encourage consumers to ask more questions about the safeguarding of their data. At the very least, it’s likely to generate interest in the subject and result in potentially awkward questions for some CIOs.

Giovanni Buttarelli heads the European Data Protection Supervisor, an independent authority devoted to protecting personal data and privacy and promoting good practice in EU institutions

Data protection should not be seen as an obstacle to slow down innovation, nor as an open door for increasingly invasive processing of personal information. I believe Big Data challenges can be met without changing the existing safeguards by implementing them in a more innovative way. For example, notices to users should be concise and written in plain language, so it is easy to understand the consequences of the choices we make. Current user agreements are so legalistic that no-one reads them. When you click on ‘I accept’ it is not exactly acceptance, it is simply ‘Come on, I need to get to the office!’ Having solid data protection doesn’t mean reducing access and availability of information, it just needs more innovative thinking. And in managing this, the digital single market and the principles of privacy by default can create job opportunities – a new market for new professions.

Karl Alles is Head of Operational Control for Worldline, an Atos company and European leader in the payments and transactional services industry. Worldline provides data processing services to help financial institutions reduce their exposure to fraud.

The way data protection legislation stands, if a bank wants to use a customer’s data to offer them a new service, such as fraud protection, they have to go back and ask the customer for permission to use their data for that specific purpose. This is clearly limiting for business but it is limiting for customers too. The culture around privacy is changing. Young people don’t have a problem sharing their private information and these are the customers of the future. The collection of data is about selling more of the right things to the right people and, if we get it right, they will find it easier to access the right information at the right time. For example, connected cars will give a more convenient way of travelling – knowing where you are, where things are. This will give a lot more flexibility and comfort in life.

Share this blog article

About Karl Alles

Head of Worldline Security
Karl is head of Operational Control at Worldline - the European leader in the payment and transactional services industry. Karl is in charge of the global coordination and governance of the company’s Quality, Security & Risk Management. Prior to this, he took charge for 7 years of the regional and global Information Security and Operational Risk in a highly regulated business like Credit Card Processing, in Health Care and for various sensitive operations in the public sector. Karl and his teams enabled significant security improvements through well-designed and agreed upon measures, proven by regular audits and almost zero major security incidents and improved SLA fulfillment rates. Karl leverages on deep knowledge of existing Security Standards and practices, supported by various certifications e.g. IT Service Manager, ISO27001 Lead Auditor, CISM, CRISC. Karl joined Worldline in 1989 and worked until 2006 in IT, in which he gained a broad experience in IT architecture and design and also in IT operations, with demanding SLA’s and a high frequency of change, caused by continuous technological evolutions and steadily increasing transaction volumes. Intense Training on IT Service Management (ITIL) helped a lot to support his evolution and is still part of Karl’s day to day work.