Strategy and Governance /

Data Ownership in a Digital World

Cyber Security Information Security

Opaque Terms of Use around Data are making things worse

Recent years have been marked by seemingly never ending scandals about surveillance programs aimed at gathering data about private citizens unbeknownst to them — the most iconic example of which was the NSA’s Prism program.

To avoid facing public outrage when it comes to data collection and ownership, however, governments and their agencies would be well advised to seek inspiration from the current practices of most of the biggest tech firms in the world.

Indeed, services such as Snapchat, Instagram and the likes have well understood that unintelligible Terms and Conditions can go a long way in getting often unsuspecting users to hand over their personal data — in all apparent legality!

This is no big news. Impatient to access the product, virtually no one actually takes the time and hassle to read what are often tens of pages of provisions written in a language only a law postgraduate can fully grasp the meaning of. If most adults swiftly scroll through the T of C in hope of finding the ‘I’ve Read and Accept’ button, imagine what the situation is for kids who don’t even know what Terms and Conditions are in the first place.

However, the reality of what’s hidden behind this intimidating, complex legal jargon is itself rather straightforward. By agreeing to their terms of service, one essentially gives those companies ownership over most of the personal data one shares on their platform. Tech firms are then free to keep, use, sell — and all-too-often lose — private information most of us do not even know we gave up the right to in the first place.

If you think this is bad, wait until the Internet of Things kicks in — further blurring the already complicated issue of data ownership. The question of who owns the information collected by smart-watches, smart-thermostats, or even connected-roads is indeed far from being resolved and the ecosystem is currently developing in what is essentially a legal vacuum. Arbitrating the question of data ownership between users and providers of increasingly ubiquitous data-driven services is one of the next big challenges the hyper-connected society will be facing — with deep implications both financially, ethically, and in terms of cyber-protection of the privacy of citizens.

Regulators cannot leave the question of IoT data ownership be governed by unintelligible Terms of Conditions and forced click-thru agreements that lead to a meaningless consent. And this is the direction the European Union has been taking with its General Data Protection Regulation (GDPR) which will come fully into effect in 2018.

The global regulation of this issue, however, will sure be complicated and will likely demand years of negotiations between all stakeholders, but moving towards tangible actions to engineer informed consent is absolutely key.

Practical actions could be taken straight away like requiring companies to translate and summarize their Terms of Service into transparent, meaningful language and plain English. A language that is also adjusted to their target audience, in particular if they are aiming at children or young adults.

Of course, such a move would remind users of the cold truth that if a product is free in monetary terms, then your personal data is the real currency because in reality, you are the product.

In reality, it is the long-term trust of consumers and citizens in the digital society that is at stake. The cynicism of many millennials towards technology and the rise in the use of ad blockers show that consumers are waking up to the reality of the problem. Trillions of dollars of economic value could be left unrealised if we fail to protect the trust people can put in the digital transformation, and that goes way beyond the short-term profits of a few tech firms.

 

JC Gaillard

Managing Director

Corix Partners


Find out more about how your business can truly protect its future from cyber threats by contacting Corix Partners.

Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and other C-level executives in resolving Security Strategy, Organisation & Governance challenges.

This article was written in collaboration with Vincent Viers.