The Best Way to Avoid Data Leaks and Privacy Scandals: Don’t Own Consumer Data
The GDPR launched in May 2018 and has triggered demand for legal clones across the world. California now has the California Consumer Privacy Act (CCPA). The European Union’s Competition Commissioner, Margrethe Vestager, says we should start regulating data access more directly. Wyoming just passed a law, making digital assets legally recognized as personal property. Australia, Brazil, and many other nations are also hopping on the trend. The law is coming for tech companies, and it’s not coming quietly. Even Mark Zuckerberg has begun to step out to speak about regulation, putting regulators in a position where they need to respond.
But it’s not just regulators fighting back. Consumers are becoming more informed as well, leading them to demand more. For example, did you know that a man sued Equifax, as an individual in small claims court, for $8,000 in response to their data breach. More importantly, it sets legal precedence for future court cases. Could you imagine if the nearly 150 million people that were affected by the breach did the same? That would translate into roughly $1.2 trillion in lawsuits. Equifax would cease to exist. If this action moves up from the state level, this would be an immediate risk for every company actively collecting and processing consumer data.
What does this mean? These facts and more should rapidly change the way businesses think about how they’re interacting with their consumers, especially when it comes to protecting their data. But what is the first step? There are many different ways companies are attempting to enter this new era of data minimization—an era in which companies are working to own as little data as possible—but they can be narrowed into a few main categories:
Companies working on physical devices that allow consumers to own their data
These are companies that are actually working to get our data onto personal servers so we own it, not the companies’. For example, Solid.io, an initiative backed by Sir Tim Berners-Lee, is working to build a world in which consumers own their data on their own personal server and operate in a more secure environment where all operations occur on the device and can easily be controlled. Another company trying to do something similar is Cubbit, which is attempting to build the “World’s first distributed cloud.”
While privacy and security experts can quickly see the benefits of a world like this, there’s no doubt it will be difficult to get consumers to understand the immediate need to own their data on their own personal server. It will also be difficult to scale such a solution quickly due to the prohibitive costs for so many people around the globe (it costs €219 for 512 GB Cubbit server compared to $64.99 for this 2 TB external flash drive by Seagate). There’s no doubt it would be much easier to make this shift if consumers didn’t have to change their current behaviors.
Companies working on secure, decentralized data-sharing networks
Instead of trying to create more devices, some companies are working to create new, more secure cloud services and decentralized data networks. One of the leaders in this space is Dr. George Tomko and his SmartData concept. Backed by the likes of Dr. Ann Cavoukian, former Information and Privacy Commissioner of Canada and founder of Privacy by Design, Tomko’s solution has been stamped as an innovative way to reconsider the way we store and transfer data through networked systems.
Another similar concept is that of Smart Contracts, which was first coined by Alex “Sandy” Pentland, former Director of the MIT Media Lab, in his book Social Physics, and has since been brought to life by MIT grad, Guy Zyskind. The company, Enigma, is working to build a decentralized blockchain protocol that allows companies to operate decentralized from day zero.
Other services trying to make data sharing more secure include Europe-based Aura Privacy, which is attempting to make a cloud service that is regularly audited, and Identos, which is working to supply app makers with a foundational way to secure their data from day one. But here again we run into companies that consumers have to consciously choose to move to, and getting them to leave is not easy.
Companies working to develop Federated Learning Models
Although many view the company as the enemy, Google has been working since 2017 to develop a new, more secure way to train machine learning models without having to store consumer data on the cloud. This technique is called Federated Machine Learning, and it was created in order to give consumers more ownership of their data. With this process, a person’s data stays on their device but they still get the benefits of modern tech we’re all so used to. The difference is that instead of their data being owned by the companies and stored on their cloud servers to train the master algorithm, the systems learn by exchanging details of the algorithm that is run and trained locally, on the person’s device. As taken directly from Google’s blog:
And others are following suit. Companies like Snips.ai, Owkin, and s20.ai. The practice has also been backed experts like Dr. Ann Cavoukian, Dr. George Tomko, and other leaders in the field of Privacy by Design. While there are definitely limitations to the scalability of Federated Learning Models, researchers are working to resolve these issues. On the flip side, Federated Learning makes it so that consumers don’t have to buy a new piece of hardware or learn a new piece of software. Instead, the functionality can be immediately be added into their existing workflow with a simple software update.
Change is Coming
The idea of Federated Learning is going to be a foundational aspect of all machine learning models moving forward. In terms of the opportunities listed above, it is the solution that appears to be most prepared to respond to consumer needs immediately, but there is still room for improvement—and there will be for years to come. I hope this overview has, at the very least, helped you envision ways for your company to move forward and given you thoughts to spark a conversation within your company. Change is coming. Are you ready?