May 11, 2019
In March of 2018 I participated in a Silicon Valley trek during my MBA/MS in Information Systems degree program at Boston University. During our week visiting and meeting with representatives of startups and established corporations, I had the opportunity to think critically about rapid change, disruption, and innovation. I started off the week interested in exploring how company culture and organizational issues can influence the success of startups. By the end of the course however, my attention shifted to data and privacy issues.Thinking back on my experience in the Bay Area, I still dwell on the following questions:
In the realm of the tech world we often think of data and privacy concerns in relation to the tech giants--Google, Facebook, and Amazon. Google and Facebook offer consumers services in exchange for access to their personal information to be used by the companies for their own business purposes. Billions of individuals around the world have accepted this deal and benefit from personalized ads, shopping recommendations, and tips about interesting events happening in their communities. I will acknowledge, however, that the revelations about Facebook’s relationship with the UK research firm Cambridge Analytica does hint at a more nefarious aspect of the company’s business model.1
With Amazon, consumers are shelling out actual money for products and services, but all three companies can be grouped together for a simple reason. For the individual, none of the services of these companies is essential. While we can argue about how Facebook, Google, and Amazon can make our lives easier, if you are concerned about the types of information any of these companies have about you, you can delete your Facebook account, pay for an email client, and/or shop exclusively at brick-and-mortar stores (I will note that the prominence of AWS and Google Cloud services do make a complete separation from these companies difficult).
The trip to Silicon Valley brought my attention to “essential” companies and organizations that hold vast amounts of personal data, specifically healthcare, financial services, and telecommunications corporations. I will focus on telecom as it directly relates to my most memorable observations during the trip at the Verizon Innovation Center and Ericsson’s San Francisco office.
Both Verizon and Ericsson (through its recent acquisition of the company formerly known as Placecast) touted their abilities to assist companies in providing relevant advertising based on real-time location data.
On its surface, an event like walking past a Starbucks and receiving a mobile coupon for a discounted latte (an example stated by Verizon) seems benign. But should a telecom company disclose your exact location to a third party? And have consumers consented to that level of intrusion? They have already paid (directly or indirectly) to use a service. The selling of this information suggests that telecoms expect that they are owed more.So how is this an issue that can’t just be handled by the consumer? The difference between this and Facebook is that we all need communication devices. In the United States, more than half of households only use mobile devices for communication.2 In the developing world, cell phone usage is just as prevalent as it is in the United States, but in some countries fewer than 10 percent of the population has access to a landline. In 2016, the United Nations declared internet access as a basic human right. And in many parts of the world with limited broadband and accessibility to desktop computers, mobile phones are the only access point.3
Targeted advertising is the least of my concerns regarding the use of data from essential services. My fear is that this information can and will be used against consumers by law enforcement or government entities either because the holders of this data feel forced to or have no ethical qualms about handing over this information.
The 2018 Supreme Court case, Carpenter v. United States4 dealt directly with this issue. The court found that the government’s obtaining of a defendant’s cell-site information without a warrant constitutes a violation of the Fourth Amendment of the Constitution.
More than “liking” a Facebook page or clicking on an ad, location data gives insight into a person’s actual actions, not just their intent. Companies could unintentionally disclose information about sexuality, health status, or anything else that an individual has the right to keep private. Depending on the part of the world where this person lives, the disclosure of this information could put them in personal harm.
There are some upsides to “essential” services using personal data outside of its intended use. Financial services firms could nudge customers to seek credit counseling or financial advice if previous behavior suggests that they need it. Location services can tell you the best time to travel on the road, or as mentioned above, give you discounts to nearby stores. Despite any possible good intentions, however, I believe it’s ethically wrong to divulge this information without explicit permission from the originator of the data.
So how do unsuspecting consumers protect their location data? Well, you can always go off the grid, but that is an unrealistic ask in the world we live in today. There is also an opportunity for more government regulation, similar to GDPR in Europe. However, this seems unlikely in the United States with its current anti-regulation political environment.
Ultimately, the solution to this problem is in the hands of the organizations that hold the data. To build trust and to keep sensitive data safe, these “essential” companies need to allow consumers see the data they have and inform them of how they intend on using it. Consumers should be able to decide what information they are open to share with a third party. Companies could incentivize consumers to allow the continued use of their data with discounts on products and services. There could even be a business opportunity for a two-sided marketplace in which consumers could sell accurate and very personal information about themselves and telecoms could provide more useful information to advertisers.
1Cambridge Analytica Suspends C.E.O. Amid Facebook Data Scandal, NY Times
2Wireless Substitution: Early Release of Estimates From the National Health Interview Survey, January–June 2017, CDC
3Thirty-second session Agenda item 3 Promotion and protection of all human rights, civil,political, economic, social and cultural rights,including the right to development, United Nations
4Carpenter v. United States, Oyez