Staying in Control: The Ethics of Consumer Data


Posted on: October 9, 2015 by

We are, undeniably, experiencing an explosion of data. More worrying is that the phenomena driving this increase – the Internet of Things – is still in its nascence. I was at a Health Expo the other week and witnessed, first hand, the rise of health-related wearables; each capable of generating masses of highly personal and very sensitive information about our health and wellbeing.

Organisations now have the potential to collect and use more data about us than ever before. But are we really happy about this?

Do we really want supermarkets to start guiding our food purchasing information based on lifestyle or health information? Do we want fast food restaurants to know when we’re in the vicinity of one of their outlets and promote our favourite snack to us via our smart phone? At what point do we draw the line and decide that our privacy has been invaded, that we’re no longer comfortable with what’s going on?

Relevance of the value

To me, most of that depends on the relevance of the value that is being given to me. If an organisation can use various pieces of data about me and as a result deliver me a service that is so value-adding to my life (or time saving!) then I’m probably not going to worry about data protection issues so much. I’ll accept them in return for the great new service they’re about to deliver to me.

Organisations need to tread a fine line. Privacy conscious people and lobby groups will raise privacy and data protection flags should an organisation go too far. Spotify was forced to make a public apology after it updated its privacy policy to include the clause that "with your permission, we may collect information stored on your mobile device, such as a contacts, photos or media files". It will be interesting to see in the longer term whether this has any impact on Spotify’s customer base and value, or if it will be quickly forgotten as people see the value in the service Spotify is delivering - and are willing to give up some element of privacy in order to access it.

Interestingly, I think we will see a generational issue at play here. Generation Y and the Millennials have grown up in a very different era, their views of privacy and data protection are almost certainly very different to those of previous generations, with greater acceptance on their part of what they are prepared to share.

Consumer owned data

The future is likely to look more towards consumer owned data. Going back to the example of health data, my patient record, for example, is mine and mine alone.  I should own it and determine who it is shared with and for what purpose. Responsibility for its confidentiality, integrity and availability is then vested in the person who cares about those things the most – me. From there we can then develop a standardised way of me giving consent to others to access my personal data, making clear their intentions for use and the purposes for which they want it. I can see at a glance, on my smartphone perhaps, who I am providing access to and why.

And when I’m walking down my high street on a Saturday afternoon I can turn off access to the local burger restaurant at the swipe of a finger. Or at least keep my consumption of it hidden from my health informatics!

Check out my previous blogs on the forthcoming EU General Data Protection Regulation in which I discuss what we are likely to see in the new regulation, what changes this will represent from existing legislation and also what this means for organisations which manage and use personal data.

Share this blog article