Creating universal protection laws in terms of “data” can be difficult when industries, countries and individuals have trouble agreeing on the definitions of data. Many individuals are happy to sacrifice certain levels of security and anonymity in exchange for using a product or service in return. The issues arise in the lack of understanding exactly what we’re all agreeing to (has anyone here actually read Apple’s Terms & Conditions before clicking?).
Thus far, there are a few accepted types of data collection that need further focus. Many policies and legislation are being created under the assumption that all of these types are generally represented across all platforms, countries and cultures using standard technologies such as smartphones, email and the internet in general:
Individually Provided Data: information that is voluntarily posted, given or distributed by the individual (including the creation and maintenance of a social media profile, as well as inputting credit card information online). When data is shared “by me” and isn’t simply something “about me”, it involves a deeper sense of unique ownership. Current models for data protection regulations are leaning heavily on the concerns of individual ownership and protection of photos, videos, blog posts, tweets and emails but this category of “data” will actually be the least amount of data of concern in the future of business.
Observed Data: a frightening form of data collection defined on the awareness, or lack thereof, of the user on the data being collected and how it is used. The value of this data is not intuitive but recordings of your habits as you go about your day is extremely valuable to companies trying to streamline your life by creating products or services you don’t know you need yet. The Internet of Things is the greatest form of “observed data”, driven by sensors that automatically collect information on you as you go about your day. Many users are okay, and understand, that websites may track their habits through use of “cookies”, but very few understand just how trackable their devices (phones, mostly) are to the company that sold them.
Inferred Data: This type is more based on the broad scale of the actions of multiple individuals, to predict activities, reactions and cultural changes. Your personal data is potentially at greater risk here as it’s lumped into a larger group, giving your individual information less importance in terms of security. Institutions assert much stronger claims over the inferred data they possess about individuals on the basis that they invested the time, energy and resources in creating it. Because of the unique, detailed and powerful insights inferred data can provide at multiple scales (individuals, communities and societies), there are competing tensions on how inferred data can be used, which level of impact takes priority, and who gets to determine whether those uses were fair and done with consent. This class of data has the greatest potential to drive innovation and economic growth.
These different definitions of data only confuse conversations when industries, countries and individuals want further expansion and specification on each before discussing legislation. The best they can do is agree on policies as-is until a further understanding of cybersecurity can be reached. However, what is the driving force for education and awareness in a capitalist world order when profit trumps intangible costs?
In Part 3, we’ll explore the math behind the likelihood of risk and how businesses dismiss the results, to their own detriment.