This piece was originally published on the Disruptive Competition Project blog (DisCo).
By Dr. Ann Cavoukian and Shane Green
Over the last year, we have started to see a remarkable shift in the way the world thinks about data and privacy. The old levies of compliance and binary permission settings are being washed away by a rising tide of data that is growing at a rate exceeding Moore’s Law.
In fact, more data will be created and captured this year than in all of human history. Fueling this explosion are connected devices so numerous that, according to a recent GSMA study, there will be more such devices throwing off data this year than there are people in the world.
In this rapidly changing data ecosystem, tools such as one-time notice-and-consent agreements and simple transparent disclosures are less helpful, perhaps becoming obsolete. Individuals can no longer be treated as passive data subjects who merely provide information for collection and use by an organization. Instead, more sophisticated approaches are required based on context-based approvals and, more importantly, informed individuals who are engaged with their data across their lives.
We too must evolve, and those companies and organizations that empower individuals to be full partners in this emerging personal data ecosystem will create tremendous value in the form of stronger, deeper and trusted relationships with their customers, thereby gaining new competitive advantages, including greater, not less, access to data.
The latest signs that these once revolutionary ideas are today becoming mainstream, and will tomorrow become the standard for doing business, are two recent reports by centrist, pro-business think tanks.
The World Economic Forum’s recent report, “Unlocking the Value of Personal Data: From Collection to Usage,” argues for empowering individuals with contextual information, tools and services that enable individuals to engage directly with their data and benefit from this revolution. Similarly, the Aspen Institute’s “Power Curve Society: The Future of Innovation, Opportunity and Social Equity in the Emerging Networked Economy” focuses extensively on “the new economy of personal information” and the central role that individuals will play in it.
Both reports point to a coming “race to the top” where companies will compete on how much value, convenience and innovation they can deliver by collaborating with their customers in a new, permission-based personal data model.
But think tanks and reports don’t make or move markets. Businesses do. And the most telling sign that the future has arrived is that businesses and governments are embracing this model as a win-win for both consumers and businesses.
Start-ups, such as Mydex, Personal, Qiy, Respect Network, and Singly are at the forefront of creating personal data vaults, private networks and identity management tools that, for the first time, make it possible for consumers to manage and benefit from their personal information, as detailed in a white paper, “Privacy by Design and the Emerging Personal Data Ecosystem,” that we collaborated on together last fall. Not surprisingly, venture capital is starting to back such innovation.
Large companies are starting to take encouraging steps. For example, the World Economic Forum report details how Kaiser Permanente helps patients with chronic conditions by providing them and their physicians with better access to and sharing of their health data. The report also shows how Visa helps to prevent fraud and identity theft through the smart use of individual transaction information.
Governments are also taking steps to give data to individuals and are encouraging private-sector companies to do the same. Over the last several years, the U.S. government has launched an open data initiative designed to spur innovation by releasing individual records held by the federal government. Millions of citizens can now download reusable information about their health, energy consumption, finances, and education.
In the United Kingdom, the government has encouraged organizations to release the personal information companies and others traditionally hold back to their customers in portable, machine-readable, reusable format through the Midata initiative.
With this shift, privacy and control by the individual becomes an even more critical part of this model’s success for companies. To have credibility and trust with consumers as well as regulators, a company with this type of personal data must have privacy embedded in its technology, as well as business practices and architecture, through the adoption of a Privacy by Design (PbD) framework.
Accepted by international regulators as the global standard for privacy, the 7 Foundational Principles of PbD have been widely adopted around the world and have now been translated into 30 languages. PbD takes the view that privacy cannot be assured solely by compliance with regulatory frameworks. Instead, privacy assurance must live in an organization’s DNA and be proactively embedded, right from the outset. Nowhere is that more important than in this model.
When done responsibly and effectively, businesses with this model will enhance and innovate around privacy and security. And it will provide strong justification for government officials to refrain from resorting to regulation. It’s a model that supports innovation and will create competition for businesses that push toward stronger, rather than weaker, protections. This will create a race to the top that will give consumers better choices – a win-win scenario.
Dr. Cavoukian created Privacy by Design, and is the Information Privacy Commissioner of Ontario, Canada. Shane Green is co-founder and CEO of Personal, a start-up that gives consumers data vaults for securely storing, sharing and reusing their important information at home and work.