Look up “big data” (with the quotes) today on Google, and you’ll results that look like this:
Basically, a heap of hype. The only visible organic search results are a Wikipedia article and the a May 2011 report that McKinsey wrote for corporate customers. I am sure some of those same customers are among the advertisers hogging acreage in search results.
Whenever you see a money river that gets bigger and bigger while flowing in a circle, you’ve looking at a mania. That’s what we see here, and in Google Trends as well:
Big Data today is entirely an obsession of the B2B (Business to Business) world. It may fuel B2C (Business to Consumer); but the consumer does not participate except as a source of data and as a target for marketing messages guided by Big Data analytics. So, while we get to witness the Big Data mania as individuals, we don’t participate in it.
But we will.
Think about computing before it got personal around the turn of the ’80s. Before then, “personal computer” was an oxymoron. But eventually computers became something everybody had. Today our phones are computers. The same thing happened with networking. Before the Internet got huge in the mid-’90s, networking was something companies and governments did. Today computing and networking are fully personal as well as fully corporate. And far more value is generated by people computing and networking than by companies doing it only with themselves and each other.
It’s a good bet that Big Data will follow the same path. Individuals will be able to do far more with data of all sizes than would ever be possible in the B2B world alone.
Meanwhile, the B2B appetite for “big data,” and eagerness to use it to market at us, has raised privacy as an issue. Back in the pre-Internet world, privacy wasn’t very controversial. We all knew what it was, and how to protect it most of the time. In the new digital world, we don’t, except through relatively primitive means, such as ad and tracking blocking. In The Rise of Ad Blocking, published in August 2013, PageFair found an average ad blocking rate of 22.7%. On some browsers it’s much higher:
This is the market speaking.
So is Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design, a paper published today by Ann Cavoukian, Ph.D. and Drummond Reed. Ann is the Information & Privacy Commissioner for Ontario, Canada, and Drummond is Co-Founder and CEO of Respect Network. Ann is also behind Privacy By Design, which “advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization’s default mode of operation.”
Both Ann and Drummond are coming from the customer side of the C2B relationship. In other words, they are coming from the need for VRM ways to solve market problems and open up new opportunities. It also goes straight after “big data”:
Recent technological and business developments have given rise to a new understanding of personal information. It is now being compared to currency and energy1—often being referred to as “the new oil.” It is an economic asset generated by the identities and behaviors of individuals and their technological surrogates. These metaphors, which express its increasing economic value to organizations, ring especially true in the case of Big Data. Indeed, Big Data derives economic value from its use of personal information to such an extent that if personal information is considered to be “the new oil,” then Big Data is the machinery that runs on it.
However, like our current dependence on fossil fuels, Big Data’s current use of personal information is unsustainable, increasingly resulting in “pollution” via privacy infringement. At the moment, individuals have little, if any, control over their information’s use and disclosure in Big Data analytics. In addition to a host of privacy concerns, this lack of informational self-determination gives rise to an uneven exchange of the economic value. While the owners of Big Data algorithms profit from their use and disclosure of personal information, the individuals the personal information relates to do not—at least not directly. If not properly addressed, the privacy and economic concerns raised by Big Data threaten to decrease individuals’ willingness to share their personal information—in effect, cutting off the flow of the “oil” on which the analytic “machinery” of Big Data runs.
The report describes the Personal Data Ecosystem (PDE) as “the emerging landscape of companies and organizations that believe individuals should be in control of their personal information and directly benefit from its use, making available a growing number of tools and technologies to enable such control,” adding (in boldface type), “So if privacy infringement is the negative externality that Big Data frequently ignores, the PDE is the emerging positive externality that can turn the combination into a positive-sum outcome where both data subjects and Big Data users benefit.”
The paper defines Big Privacy this way:
Big Privacy is Privacy by Design writ large, i.e., it is the application of the 7 principles of Privacy by Design, not only to individual organizations, applications, or contexts, but to entire networks, value chains, and ecosystems, especially those that produce and use Big Data. The goal of Big Privacy is the systemic protection of personal data and radical personal control over how it is collected and used. Radical control is an embodiment of “informational self- determination”—the right enshrined in the German Constitution relating to the individual’s ability to determine the fate of one’s information.12 This means that it must be possible to assure whole populations that their privacy is being respected because the network, value chain, and/or ecosystem producing and processing Big Data has implemented Privacy by Design at a system-wide level, enabling individuals who consent to the use of their personal information to reap a proportion of the benefits.
The paper goes on to detail seven architectural elements of Big Privacy:
- Personal Clouds
- Semantic Data Interchange
- Trust Frameworks
- Identity and Data Portability
- Data-By-Reference (or Subscription)
- Accountable Pseudonyms
- Contractual Data Anonymization
These in turn leverage the “Seven Foundational Principles of Privacy by Design”:
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Full Lifecycle Protection
- Visibility and Transparency – Keep it Open
- Respect for User Privacy – Keep it User-Centric
ProjectVRM gets a mention. I’d also like to add a pointer to the Personal Data Ecosystem Consortium, which has done pioneering work in the PDI, and whose work pulls toward the future alongside ours here.
The paper also does the best job I’ve seen yet of explaining the Respect Trust Framework and XDI, both of which normally require a lot of mental chewing to get down. They still do; just less this time.
I’ve always thought that XDI was a brilliant and elegant solution looking for a problem. I still do. The difference now is that it’s found the right one.