One thing that has been common with most of the breaches thus-far is that they have mainly consisted of involuntary dissemination of information either through hacking, social engineering or just plain negligence. The flip side of the discussion is what constitutes voluntary dissemination or ‘acceptable’ use of consumer data by companies. This week a 2008 internal strategy document from Google illustrates some of their internal navel-gazing about what to do with all their consumer data.
Arguably Google, which is used by 75% of global internet users according to comScore, could potentially (and likely does) have one of the largest databases in the world concerning people’s actions online. The dominance of Google in search and Facebook in social networking has, in some respects, actually hurt their activities. Smaller competitors that have less scrupulous ‘do some (especially profitable) evil’ mottos have leveraged consumer data and behaviour to a hilt and are jumping ahead of Google as the market shifts from search-contextual advertising to advertising based on personal information such as hobbies, travel, income, friends, etc.. The question is: should companies be able to use/share that data and to what extent?
Considering that we spend so much of our time these days tied to our computers and phones, we leave a trail of virtual footprints and transactions all over our computers and the web. Outside of our computer usage, one of the other richest forms of behavioural data comes from transit cards. Most major cities with a transit system have some form of stored value card that you load with money, and with a simple wave of your purse or wallet, board metros, taxis, boats, trains and buses. In many countries, such as Hong Kong, where consumers use the Octopus card, you can also use the cards in shops to make small purchases.
Consider for a moment the data implications of this. What if, depending on the sophistication of the system, it could track every purchase or movement you made in a day? Now, there are of course positives to this and many ways in which technology could make your life easier but there are also tremendous potential negatives.
In a few conferences that we presented at last year, we brought up the issue of transit cards, specifically the Octopus card, one of the most advanced, and the possibilities of leveraging all of that data for marketing purposes as the cards contain potentially one of the richest sources of usage data available. Transit companies were thinking the same way - recently the CEO of Octopus Holdings Ltd, which runs HK’s Octopus card system, just resigned after the company admitted to selling personal data of 2 million customers to partners.
Technically it appears that no laws were violated, but Octopus crossed a very sensitive line in a very privacy sensitive country. Was Octopus right to sell the data? Assuming their intentions were in the right place, the money that they made from the sale would be reinvested back in the company, expanding the capabilities and services of the company, or perhaps given back to the public in terms of discounts. Would that legitimize sharing the data?
At the fundamental heart of all of this is a question of convenience. Right now in your pocket there’s a device allows people to know exactly where you are (give or take a few meters) at anytime of the day or night. Although we assume a bit of trust that your provider is not going to give up your details and personal information, whether consciously or unconsciously, you have 'opted-in' and made the decision to accept this trade-off.
Taking it one step further, if I’m ok with my mobile provider telling partners when I’m close to their store, I can ‘opt-in’ and I’ll get 5% off my mobile bill every month. If I’m a frequent traveller on the HK metro and I’m ok with a partner knowing how often I pass through Central every day, I can ‘opt-in’ and get an extra HK$1 every time I recharge my card. We use Google to search for information for free and Facebook to stay in touch with friends for free. What if Google said to keep searching for free, we get to share 10% of your surfing habits with partners - would you 'opt-in'?