Once upon a time, no-one cared much about personal data — at least not in the US. Yes, those crazy Europeans with their strange architecture and curious forms of government seemed to care — indeed they’ve been making laws about digital data rights for decades — but no-one in the First World seemed to give a feather or a fig. That was the state of play in the innocent years before 2016.
Two Record Years of Digital Data Heists
There have been data heists since Mark Zuckerburg was a boy — which is not so long ago — but the ones in the past two years have been record-setting and, to those who care about their personal data, deeply disturbing. It began with the Yahoo Hacks…
There were two landmark Yahoo data breaches announced 2016. The first, which made the news in September, had happened in late 2014, and affected a mere 500 million Yahoo! user accounts. The second hack happened earlier (late 2013), but didn’t hit the headlines until December 2016. The initial score for that hack (rounded to the nearest billion) was 1 billion user accounts. However, someone must have demanded a recount, and in October 2017 when the recount was over, the score was adjusted to 3 billion user accounts (again rounded to the nearest billion). That meant all Yahoo users — roughly 75% of Internet users at the time.
Unimpressed by Yahoo’s sloppy cyber security, Equifax strove to do worse, and did so when it was hacked for the data of 147 million US residents. What it failed to achieve in quantity (3 billion is a tough score to beat) it compensated for in quality. The data stolen was more valuable. It included: name, birthdate, Social Security number, and in some case also address and driving license number. That may not sound like much, but according to the pundits, it’s just what a cyber thief needs to purloin your precious identity. And that data was your data that Equifax gathered without you even knowing.
You might have thought that this ruinous data breach would destroy Equifax, and certainly the stock tanked — losing a third of its value on the announcement — but it recovered half of what it lost in the six months that followed. This was partly because Equifax, Transunion and Experian profited from the hack. Advice to consumers in the wake of the hack was to “freeze your credit file to protect against abuse of your data.” And one in five consumers did. And in doing so, they paid a freezing fee to the credit agencies (average cost $23). Wakefield Research estimated that this generated up to $1.4 billion in revenue for the big three.
Getting hacked is one thing and it’s not a good thing, spraying personal data around is quite another. Facebook has definitely, in my view, outpaced Yahoo and Equifax in their competitive race to the bottom. Reacting to those previous record breaches, the down-trodden consumer probably just shrugged, and muttered philosophically “Even in Hertford, Hereford and Hampshire hacks have a habit of happening.” But the Facebook data breach is a breach too far, because — if the reports are accurate — it wasn’t a breach at all.
Let me summarise…
- Cambridge Analytica wanted personal data in order to help the political campaign of Donald Trump. To be fair, working on behalf of politicians and political parties was its business model.
- It engaged a firm called Global Science Research to build a downloadable Facebook app that paid Facebook users small rewards to take a “personality quiz” supposedly “for academic research.”
- This app harvested the data of 270,000 users directly and using friend links eventually reaped the data of 50 million Facebook users, which Cambridge Analytica then analyzed and exploited.
- There are disagreements as to whether this was in violation of Facebook’s terms (it probably was) but, reportedly, Facebook never policed those kinds of apps, so harvesting data was not difficult.
- When the news broke of this “breach or non breach,” it pushed the outrage button of a far greater number of people than either the Yahoo or Equifax breaches had. Suddenly data ownership was a real issue.
The Data Ownership Thing
The big question for me is: Will America at last take the ownership of personal data seriously?
I think it will, for several reasons…
First: The imp is out of the bottle. Personal data privacy and ownership has become an issue. The media is beginning to take notice.
Secondly: The GDPR regulations from the EU will start making news in May. (If that doesn’t mean anything to you, here’s what you need to know: GDPR: Goddam Privacy Regulations, Got a Data Protection Officer? and What Are Those Data Rights?). Data ownership is going to become even more political.
Thirdly: The Facebook business model is clearly on the wane. It’s not just this bout of bad publicity, although it’s the worst Facebook has ever had to suffer, it’s the general tone of distaste for Facebook in Reddit forums, on Telegram and even on Facebook itself where people are sharing articles encouraging all to #deletefacebook. The recent news has created a Twitter storm. “Elon Musk has deleted his own Facebook account and the facebook pages of SpaceX and Tesla #deletefacebook.” You can also encounter tweets like: “Facebook makes $40billion a year from your data #deletefacebook.” “With Facebook you are not the customer, you are the product #deletefacebook” and so on.
And last but not least: New blockchain companies like Permission.io(formerly Algebraix), Datum and Pillar are bringing technology to market that makes it possible — far more so than it ever was — for individuals to store, manage and even monetize their own data. At some point, the Facebooks of this world are going to have to meet this competition face to face.
If Data is The New Oil…
The meme about “data being the new oil,” may sound a little hackneyed, until you realize the implications. Think of it like this: there are three kinds of digital data:
- Machine data: Think “Internet of Things” and everything that it embraces.
- Organization data: Data owned by or belonging to organizations, whether commercial or governmental
- Personal data: Data that you own.
Taken together, that’s the data that turns the wheels of everything.
The third kind of data belongs to us, individually. It is very valuable. It’s value is measured in billions if not trillions. In America, most of this data’s value is being extracted from our digital oil deposits by someone else. Facebook is the obvious example, but it is by no means the only example.
It is time for us to stake our claim.