The introduction of the iPhone in 2008 fundamentally reshaped how societies in the Western world functioned. Smartphones have completely altered the way we interact with each other and no other technological innovation has had a bigger impact on our daily lives.
However, the phenomenal adoption of smartphones globally has resulted in mass quantities of personal data becoming available for data brokers. These brokers then subsequently harvest the private information and sell it to various different industries. This sensitive information is invaluable for companies and enterprises looking to sell their products or goods by finding out the habits and likes of its targeted market.
For years, these data brokers have collected information about consumers and have operated in the shadows unaffected and unregulated. However, following the high-profile Cambridge Analytica scandal, everything has changed. The role of data brokers and how data is shared has come under intense scrutiny. It appeared that the general public was finally awakened to the dangers of data harvesting and how companies were using their personal information without their consent.
It became a major political scandal when it became clear that the UK firm had used the personal data of millions of people’s Facebook accounts without their consent and used it for political purposes. The information was used to gauge political opinion in the Brexit referendum and the 2016 US Presidential election.
However, it has since been described as a watershed moment and has led to governments both in Europe and the US to demand that tech companies impose tighter regulations on how their data is processed and used.
Europe has been actively pursuing legislation that forces enterprises and organizations to take more responsibility with regards to how they manage the data they’ve been provided with. The European Commission reinforced this mindset with the introduction of the General Data Protection Regulation (GDPR) - Europe’s new privacy law brought into effect in May, 2018.
The European Commission has forecasted that the value of the data brokering market in Europe will reach $107bn by 2020, and the IDC has projected that data vendor sales will increase to $10.1bn by 2022, which represents a significant rise from $3.1bn in 2017.
However, it has also emerged that campaign group Privacy International has submitted a formal request to the EU to have seven data brokers investigated in relation to data protection concerns. It is clearly evident that European regulators are seriously concerned about the way the industry has been operating and is devising a clear blueprint in a bid to clamp it out.
Mathias Moulin, director for the Protection of Rights and Sanctions at French data protection watchdog CNIL, expressed his reservations about the way the sector currently operates and has insisted that many brokers are being disingenuous in relation to how they’re processing the personal data of consumers.
Moulin said, “They are all processing personal data, and there is absolutely no doubt about that. They all try to say that it’s anonymous to lower the pressure from the public, but that’s not true. They know that and we know that.”
Much of the focus in relation to data protection and violations has focused on large tech companies like Facebook. However, regulators and policymakers from the UK, France and Ireland are also examining the data-mining industry in an effort to uncover how these less established or recognized brokers are flourishing in the current climate.
As aforementioned above, Privacy International has been a leading advocate for regulation and changes in data and one of the seven brokers it asked the European regulators to investigate was US multinational, Oracle. It accused the software behemoth of breaking European data protection rules.
UK information commissioner, Elizabeth Denham, expressed her grave concerns that their policies on data are not aligned with those clearly outlined in law and in direct conflict with the rules of the General Data Protection Regulation.
Denham said, “We’re concerned about whether or not their practices are compliant with the laws. We’re looking at how they conduct their business and their general compliance with GDPR. There certainly does appear to be a dynamic tension between the way businesses are conducted and the principles in the GDPR.”
Jeffrey Chester, who is an executive director of the center for Digital Democracy in Washington, has said that the advent of this new digital revolution means that all users are invisibly attached to a living, breathing database that tracks their every move. According to Chester, the rapid growth of smartphone adoption has inevitably led to an exponential increase in online data, which in turn has created a new species of data harvesters, which he calls ‘privacy death-stars’.
Chester said, “The explosive growth of online data has led to the emergence of the super data broker – the privacy death-stars such as Oracle, Nielsen and Salesforce that provide one-stop shopping for hundreds of different data points which can be added into a single person’s file.”
There has been an outpouring of criticism towards data brokers in relation to how they mislead people by claiming data are truly anonymous.
Moulin from CNIL added, “None of these actors are processing anonymous data, they are processing personal data. Data on location is very sensitive with data on location you can identify a real person.”
Other regulators say businesses may fall foul of GDPR if sensitive data can be inferred from these audience categories. The European rules insist on higher standards for any data revealing demographics such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership.
One senior official at one prominent European data protection regulator said, “We will be asking organizations to justify if they have names that suggest a special category of data.”
John Mitchison, head of Policy and Compliance at the Data & Marketing Association, the trade body for data-driven businesses said that many data broking entities have already started to make changes to its fundamental day to day operations in order to fall into place of what is required for GDPR. He said, “When GDPR came in, people were forced to look at the legislation and realized the tech they were using was right at the boundary and limit of the existing law.”
What has become clear is that there has been a sharp awakening from users in our digital-driven society that there are perils associated with us becoming dependent on internet-connected devices such as smartphones, tablets and laptops.
Our personal information should be important to us, but for far too long there was a carefree attitude from the majority of users globally in relation to us sharing our information online. Coupled with the fact that there were data brokers hoovering and harvesting all of this data up in order to sell to companies has unsurprisingly caused a reaction, especially when that data was taken without consent and used to determine the outcome of democratic elections.
Data brokering was previously a relatively unregulated industry, but European regulators are clamping down and are ensuring they comply with the strict guidelines of GDPR. Technology is fantastic and can transform our lives, but it’s important to ensure that it is not used against us, and the sweeping GDPR regulations in Europe have started a conversation that really should have happened years ago. Data is the new oil, but how our data is shared should be determined by us and not companies.