Increasing value of personal data a 21st century challenge

At the start of the millennium, the value of online services was equated with the number of registered users, but that changed after the dot-com bubble burst, according to Jon Shamah, chairman of EEMA, the European association for e-identity and security.

“Since 2010, that understanding has evolved, and increasingly the true value has been recognised as data about those registered users,” he told the EEMA ISSE 2018 cyber security conference in Brussels.

The reality was that personal data had value for the service providers, said Shamah. “But people were blindly throwing information at these companies in exchange for services.”

This approach has changed in recent times, he said, particularly after the Facebook – Cambridge Analytica data sharing scandal that highlighted the potential for personal data to be misused.

“People are finally waking up to the value of the information they have so willingly given in the past and their eyes have started to open,” said Shamah.

The evolution of data analysis tools, including the incorporation of artificial intelligence, he said, means that data collected in the past is becoming useful in new ways and therefore even more valuable.

“It also means that service providers are able to analyse users’ online activities, largely without users’ knowledge or consent, and use that to tailor advertising on web pages, creating new and direct revenue streams,” he said.

News around Cambridge Analytica’s use of Facebook data and data breaches from trusted organisations like credit rating firm Equifax, said Shamah, is starting to mean the average person is concerned about personal data protection, the fact that their data is being sold on the dark web and to influence their decisions.

“Something had to be done, and if it has achieved nothing else, the EU’s General Data Protection Regulation has focused people’s minds and got company executives and board members to take this issue seriously because now they have to be accountable and declare breaches,” he said.

This means data protection in Europe, said Shamah, is no longer just the concern of technical teams in organisations, but also chief executives and shareholders.

“In the light of the recent revelations about the misuse of data, everyone needs to consider what kind of digital footprint they want to leave; a permanent one like those left by the first astronauts on the surface of the moon or temporary like those left in the sand on a beach.”

The aim, he said, should be for digital footprints that last only for as long as they are needed and then erased without a trace. “In addition to being disposed of properly, personal data also has to be geographically safe because there are a lot of concerns about where data is stored and keeping it in home jurisdictions, and we need the trustees to be accountable and responsible.”

The issue going forward, said Shamah, is how well people and society will be able to adapt to the new reality that there are no free services without giving up personal data.

“Perhaps we will be able to control our own data through the application of things like self-sovereign identity, but ultimately the challenge is attaining a mixed and balanced personal data economy,” he said.