If ever there was a pivotal moment in the future of digitalisation that time is now. The Cambridge Analytica Facebook scandal, which has sparked controversy over foreign state interference and election rigging, has far wider implications. It brings under scrutiny how we harvest data, what it is used for, and how we control its dissemination – with user consent at the heart of the matter. How many of the 87 million users, of which over a million were in the UK, really understood that their Facebook data was not under their control when they signed the terms and conditions (T’s&C’s)? How many even read them?
It is estimated that you’d need 76 days to read all the privacy policies an average internet user encounters each year, with the average policy containing over 2,500 words of legalese. Small wonder that we simply tend to accept the blanket permissions we’re asked for. Agreeing to Facebook’s T’s&C’s grants access to your personal contacts, phone and text messages, geolocation data and web browsing history. The same permissions are also then applied to Instagram and Messenger. Register your card for peer-to-peer payments over Messenger and you’re allowing Facebook to buy data about your offline purchases.
So why would we grant these permissions at all? Well, data sharing is necessary if we want the cross-platform functionality and personalisation that is associated with modern services, so as long as we want a personal online experience then data mining and analytics are here to stay. The trouble is that there’s a fine line between manipulating users and targeting them in their interest.
Recognising the need to make user consent and data usage more transparent, regulators are tightening legislation and next month will see the introduction of the General Data Protection Regulation (GDPR) which sets a higher standard for consent. Although, if a company can justify a lawful need for processing, they won’t always need to request consent.
GDPR aims to give users more control over their data, and users will have greater rights such as the ability to be kept informed about collection and use; access to data stored about them, the ability to rectify or erase it, to object or restrict processing and to be able to port their data to other service providers with greater ease.
Are users likely to exercise these new rights? Those of us that opt-in will continue to trade our data for services but those that opt-out could find themselves precluded from a personalised online experience. As companies prepare for GDPR I’ve noticed in my inbox many more requests for me to opt-in, and it is tempting to do so without understanding the implications.
At Equiniti we recognise that we have significant responsibilities in the gathering, handling and protecting of consumer data. If users withdraw consent, technological advances that allow us to personalise services and marketing messages need to be reviewed. It’s therefore in our interests as data processors and data controllers to ensure we protect the good relationship we have with our end users.
In light of the CA scandal, perhaps one of the biggest benefits of GDPR is that it places far more onus on the IT community to communicate with the user. This could pave the way for initiatives such as user friendly abridged versions of T’s & C’s.
One thing is for certain, as consumers we’re all increasingly aware of the value of our personal data. This will help to ensure that companies do stand over their obligation to prevent its abuse and to rebuild our trust and safeguard digital innovation.
Charlie Tuxworth, Director of Software & Innovation, Equiniti