Analysis & Opinions - Hive

Privacy Consciousness in the Big Data Era

| May 15, 2013

In my last post, I discussed how technological change has shaped – and to some degree have been influenced by — changing societal norms. Yet technology has not been the only driver in shaping the techno-societal landscape — non-technical decisions made by developers (and yes, sometimes influenced by lawyers) have arguably played an equally important role.

Exploring how we are coping with our inability to answer the questions "who owns my data? And…why do they have it?" has become an increasingly popular topic for the mainstream media (notably, the Slipstream column in the New York Times). But prayers for regulation aside, the collection, use, and resale of data that was once exceptionally private is here to stay.

I'm not here to vilify data collectors — far from it. Despite my strong inclination towards maintaining the traditions of days past (I'm probably the only person in his twenties who still reads physical newspapers), societal inertia cannot be held up ipso facto to argue for stronger privacy protections when we ourselves are responsible for sharing the data that is now traversing the endless servers of cyberspace. The benefits of the big data revolution are myriad, cut across sectors, and the best is surely yet to come.

But how did we get to the point where I — theoretically a privacy and cybersecurity expert — find myself inured to the amount of data that I'm signing away the rights to at any given time? (Although, I must say it is comforting to say that it's not quite 1984 in the land of big data — Google Now seems to think I'm a Cubs fan). To focus the conversation a bit, let's focus on mobile — and let's talk about how application and ecosystem developers together have, for lack of a better word, conspired to remove bargaining power over data ownership from the individual.

We are all (presumably) familiar with the process of installing an app on a smartphone. Once an app has been located on Google Play or the Apple App Store, we tap "install," whereupon we are presented with a list of device features that the app requests permission to access. I'm sure many of you — like me — have asked yourself "Why does that program need access to my GPS location?" It's even possible that when faced with a particularly egregious misrepresentation as to what's new in an app, you have refused to update. But that puts you in the minority — the rest of us absentmindedly tap "Accept and Download" and move on living our monitored lives.

How many crashes do you think were fixed by Facebook having more access to location data?

How did we end up here? Well, app developers have a pretty sweet deal given the current mobile ecosystems. In a classic case of fine print combined with unequal bargaining power, the ability of consumers to control their data have been eviscerated in a totally legal way. If you don't agree to the proposed permissions, you can take your smartphone and go home — you don't get to play with the latest, greatest apps. Those responsible for the major mobile ecosystems — Apple and Google — made a decision at some point, perhaps for technical reasons, to disallow users from toggling individual permissions on an app — it is all or nothing.

In this world, why wouldn't Facebook throw the kitchen sink of permissions in? Only the most privacy conscious of individuals would be willing to give up the benefits of such a critical app for the marginal, ineffable privacy benefits — after all, the preinstalled Google Maps is already collecting your location — what's the matter if Facebook has it as well?

In essence, the bigger and more valuable the app, the more able the developer is to collect data — on the terms that he or she sees fit. If the terms of service of the app say the data can be resold, that's that — the consumer has entered into a contractual relationship with the developer — in law school, we called this a "meeting of the minds." I'd argue that given current data collection practices, consumers and data collectors are about as far as possible from reaching a "meeting of the minds" each time an app is downloaded.

From a legal standpoint, this is all squeaky-clean. There isn't much law enforcement can do about it — disclosure cures all, and the major ecosystems are quick to disclose what apps are, at a hardware level, able to do. The Federal Trade Commission and state attorneys general, the agencies empowered to protect consumers, find themselves hamstrung absent a misrepresentation — and even in the most egregious cases, this usually ends up leading to a minor civil settlement and a change in the privacy policy — not exactly the biggest win for consumers.

As an entrepreneur developing applications that take advantage of the plentiful data collected and disseminated by today's app economy, it's easy to be of the mindset that collecting all the data that you can and sorting it out later is the best way to go. But it is important to take a strategic view — the present inequality in bargaining power will not last forever. Those developers are privacy conscious, and expressly so, will be hailed as leaders when the pendulum of privacy norms in our society swings the other way. That said — don't hold your breath for Congress.

For more information on this publication: Belfer Communications Office
For Academic Citation: Mohan, Vivek.“Privacy Consciousness in the Big Data Era.” Hive, May 15, 2013.

The Author