Staying in Control: The Ethics of Consumer Data

Posted on: October 9, 2015 by Mark Roberts

We are, undeniably, experiencing an explosion of data. More worrying is that the phenomena driving this increase – the Internet of Things – is still in its nascence. I was at a Health Expo the other week and witnessed, first hand, the rise of health-related wearables; each capable of generating masses of highly personal and very sensitive information about our health and wellbeing.

Organisations now have the potential to collect and use more data about us than ever before. But are we really happy about this?

Do we really want supermarkets to start guiding our food purchasing information based on lifestyle or health information? Do we want fast food restaurants to know when we’re in the vicinity of one of their outlets and promote our favourite snack to us via our smart phone? At what point do we draw the line and decide that our privacy has been invaded, that we’re no longer comfortable with what’s going on?

Relevance of the value

To me, most of that depends on the relevance of the value that is being given to me. If an organisation can use various pieces of data about me and as a result deliver me a service that is so value-adding to my life (or time saving!) then I’m probably not going to worry about data protection issues so much. I’ll accept them in return for the great new service they’re about to deliver to me.

Organisations need to tread a fine line. Privacy conscious people and lobby groups will raise privacy and data protection flags should an organisation go too far. Spotify was forced to make a public apology after it updated its privacy policy to include the clause that "with your permission, we may collect information stored on your mobile device, such as a contacts, photos or media files". It will be interesting to see in the longer term whether this has any impact on Spotify’s customer base and value, or if it will be quickly forgotten as people see the value in the service Spotify is delivering - and are willing to give up some element of privacy in order to access it.

Interestingly, I think we will see a generational issue at play here. Generation Y and the Millennials have grown up in a very different era, their views of privacy and data protection are almost certainly very different to those of previous generations, with greater acceptance on their part of what they are prepared to share.

Consumer owned data

The future is likely to look more towards consumer owned data. Going back to the example of health data, my patient record, for example, is mine and mine alone.  I should own it and determine who it is shared with and for what purpose. Responsibility for its confidentiality, integrity and availability is then vested in the person who cares about those things the most – me. From there we can then develop a standardised way of me giving consent to others to access my personal data, making clear their intentions for use and the purposes for which they want it. I can see at a glance, on my smartphone perhaps, who I am providing access to and why.

And when I’m walking down my high street on a Saturday afternoon I can turn off access to the local burger restaurant at the swipe of a finger. Or at least keep my consumption of it hidden from my health informatics!

Check out my previous blogs on the forthcoming EU General Data Protection Regulation in which I discuss what we are likely to see in the new regulation, what changes this will represent from existing legislation and also what this means for organisations which manage and use personal data.

Share this blog article

About Mark Roberts

Associate Partner at Atos Consulting and Head of our Information Governance Risk and Compliance Practice
Mark is an Associate Partner at Atos Consulting and Head of our Information Governance Risk and Compliance Practice in the UK. Mark has over 20 years’ experience in business. He is an experienced consultant having worked for a wide range of clients for both PwC Consulting and IBM Business Consulting Services. He also has a strong technical and security background having worked for the UK Ministry of Defence and more recently for QinetiQ, a Defence and Security Technology Services company. Mark joined Atos Consulting in 2013 where he led and grew the UK’s Information Security consulting practice from 25 to 50 consultants in the space of 18 months. He was then responsible for developing our global security consulting capability and more recently was instrumental in setting up a new consulting capability in the focused on Digital Transformation. Mark has recently rejoined the UK Practice to lead a newly formed Practice of about 60 consultants focused on all aspects of Information Governance, Risk and Compliance including Organisational Risk, Operational Resilience, Business Continuity, Information Security and Information Management. The Practice’s objective is helping its clients stay safe and compliant in the ultra-connected Digital Age and enabling Digital Transformation programmes by understanding and managing potential new information related risks and issues (e.g. new security risks, privacy and data protection legislation, risk and resilience).

Follow or contact Mark