OpenShift Commons Paris - Choose Your Own Observability Adventure
Who ownes the customer? Privacy in the connected age.
1. who owns the customer?
privacy in the connected age
James Harrison
okcompare
2. technology
can we keep up?
• technology finds new
ways to erode privacy
• balance between
individual/vendor/
data aggregator
• The law has to keep up
• Why is this important?
http://youtu.be/xFAWR6hzZek① Our data has a value
② companies want our data
③ we must regain control of our data
④ our lawmakers must set guidelines and regulations
3. ① The customer
② Personal Identifiable
Information – the PDS
③ The legal right to Privacy
④ Data Protection
⑤ Data Owner
⑥ Data Processor or Aggregator
⑦ Anonymous Data
⑧ Big Data
definitions
4. technology progresses
we all have to keep up
Data in the
80’s
The birth of
the internet
The birth of
social media
Where
next? Who
will own the
customer?
5. we hand over data every day
unintentionally or intentionally
① Cookies - IP addresses are
tracked
② Google Street View
③ Location based privacy
④ Search Engines
⑤ You want to use our service –
agree to these t’s and c’s
⑥ Personal data traded for
convenience can result in
spam and unwanted
advertising
⑦ Facebook and social media
"Privacy is dead – get over it
Total anonymity is our only option
just keep off the internet
Everything on the internet is
PERMANENT
6. stage 1 - data in the 80’s
customer’s point of view
• Data in the 80’s
• Recent family who lived
in ‘86
• Who owned your data?
① the government
② the doctor
③ the post office
④ the insurance company
⑤ yellow pages and
⑥ the telephone directory.
http://www.euronews.com/2013/09/10/t
urning-back-the-clock-life-in-1980s-
canada/
7. stage 1 - data in the 80’s
business point of view
• Direct Marketing – buy
data from post office
• Direct Marketing – credit
cards in the 1980’s
• Telephone – cold callers
use directory
• Businesses - anyone who
had your data felt that
they owned you.
• Renewals on insurance
were near 80%
8. stage 1 - data in the 80’s
regulators point of view
Very clear definition
the customer has given
the data to the company
in return for a service
Little requirement for
regulation
9. Stage 2 - the birth of the internet
the customer’s point of view
• Complete anonymity
• The chat room
• Simple browsers
• Few ads
10. Stage 3 - internet in the ‘00
the customer’s point of view
• Inter-connected life
• Much more than just
your email address
• Data Protection and
the Privacy Policy
• Cookies
11. stage 3 – internet in the ‘00
the business point of view
• Businesses remained in the past, writing contracts with
each other determining who owns the customer.
• The proliferation of information meant that little by
little no one really owned the customer.
• Customer data was being recorded in many places
around the internet.
• Email marketing takes off
• Databases being created of great power. Tricks to get
people to give away more data by entering prize
draws/offer sites and more.
• Cookies – guided advertising
12. Stage 3 - the internet in the ‘00
the regulator’s point of view
the doctor, the government,
the post office etc
and now
every website you have
visited whose terms and
conditions you have agreed
to.
13. Stage 3 - the internet in the ‘00
the regulator’s point of view
USA
Concerning privacy laws of the United States, privacy is not guaranteed per se
by the Constitution of the United States.
It is purely a ‘voluntary’ process. Obama has recently instructed to have an
online Bill of Rights.
EU
For Europe Article 8 of the European Convention of Human Rights guarantees
the right to respect for private and family life, one’s home and
correspondence. The European Court of Human Rights in Strasbourg has
developed a large body of jurisprudence defining this fundamental right to
privacy. The citizen has a right to privacy through 1995 directive.
It is regulated in UK by Data Protection Act of 1998 and in France by CNIL
14. Stage 3 - the internet in the ‘00
the regulator’s point of view
USA
• Google reached a deal with the Federal Trade Commission (FTC)
and agreed to pay $22.5 million in penalties after the agency
found that the Internet search giant had made erroneous
statements in its online privacy statement.
• Repeated offender – Google Buzz fell foul, without a fine -
Google "automatically enrolled Gmail users in Buzz, and that
Buzz publicly exposed data, including users' most frequent Gmail
contacts, without enough user consent."
EU
• Germany in 2008 that discount supermarket chain Lidl had been
systematically spying on its employees with the use of private
detectives, the company was forced to pay a fine of only €1.5
million.
• UK – max is 500,000 and mostly to public bodies not private.
15. Stage 3 - the internet in the ‘00
the company’s point of view
16. Stage 3 - the internet in the ‘00
the regulator’s point of view
EU regulations now ensure that all sites that use cookies
have to explain this to the customer before they continue to
use the site.
There is no such regulation in USA.
17. Stage 4 - the birth of social media
the customer point of view
• The handing over of data that was not just an
address, a phone number or an email address
• Personal data revealed
• Habits revealed
• Everything recorded
• From a closed garden to personalised websites
18. Stage 4 - the birth of social media
the customer point of view
• Sharing of personal data between sites to enable new apps,
easy to use and very
• One click ‘agree to access data’
19. Stage 4 - the birth of social media
the company point of view
• Even better advertising
• More targeted
• Apps
• Social search
• Mobile
• Terms and conditions and
privacy policies become
so long that no one reads
them
• One click data
• The birth of big data
industry
20. Stage 4 - the birth of social media
the regulator’s point of view
USA
• Facebook has tripped up many
times on the issue of clarity to its
customers on privacy.It makes
numerous changes without
informing the customer.
The FTC is currently investigating a new
complaint
EU
• There are continuous complaints
but no regulation……yet
21. pushing the boundaries
the customer reaction
• Google and Gmail
reading your email
• Facebook and Beacon
• Facebook and privacy
policy
• Google street view
• wi-fi sniffing
22. pushing the boundaries
the customer reaction
• We keep giving up our data
• The companies keep making
money from us
• They continue to believe
they own us
• The aggregators break the
rules and believe they own
the data
• The regulators are toothless
NSA – Prism – the public
reaction
23. pushing the boundaries
the customer reaction
NSA/Prism and Ed
Snowden
• We know the
government spy, why
do they lie?
• We know that
companies use our
data, why do they lie?
24. the future
(or one view of the future)
• SUN MICROSYSTEMS – 1999 Stephen Mcneally -
"Privacy is dead – get over it”
• Eric Schmidt, GOOGLE – 2010 told us that anyone
concerned about online privacy "had something to
hide”
• If Mark Zuckerburg were to create FACEBOOK again
today, user information would by default be public, not
private as it was for years until the company changed
dramatically in December 2010.
25. the alternate future
personal data store (1)
• World Economic Forum's
'rethinking personal data'
project, by the EU with its
new proposals for data
protection.
• by a growing range of
entrepreneurs and
innovators -- that personal
data is a personal asset.
• Customers own and be
able to protect their own
PDS
26. personal data stores
who owns the customer?
• You do!!!!
• You need to learn to
manage it like money in
your bank account
• Can you make money from
your data?
• companies get it for free,
so why bother paying
• PDS market could explode
to a $2 billion market by
2016
• Personal/singly/evernote/
handshake etc.
27. the alternate future
vendor relationship management
• Governments must set
guidelines to protect
anonymous data from
being made into PII
without the customer’s
knowledge.
• Lawmakers must have
sufficient teeth to be able
to prosecute and protect
the individual’s right to
their own PII.
28. vendor relationship management
who owns the customer?
• Customers give their PDS to
those companies who they
trust and revoke that when
that trust is lost.
• If you as a company do not do
what you say you are going to
do, you lose that customer.
• It does not matter how much
you protest that you own that
customer, they will no longer
want to deal with you.
• You choose who you want to
do business with
• They add value, you give them
access to your data
• If they do not, you revoke this
29. who owns the customer?
• The balance between the individual’s right to
privacy first discussed 120 years ago to the
company’s requirement to provide better service.
• As individuals we must be aware of these changes
• As entrepreneurs we must be aware of the
potential opportunities
• As businesses, ask a simple question – do I add
value?
• As lawmakers we must keep up with technology
and provide organisations and enforce the law.