This event took place on June 23, 2015 at the Consulate General of the Netherlands in San Francisco. The following write-up is a liberal summary of what was discussed.
The Netherlands Office for Science & Technology (NOST) Silicon Valley is all about innovation. Most, if not all of these innovations involve software and large sets of data, each with their own data privacy implications. Complexity will rapidly grow even further as machines get connected (think Internet of Everything) and more intelligent. In the not too distant future, your fridge will be talking to you expresso machine, your phone, car navigation system and favorite grocery store. And what about if your health insurance company were to provide you with a robot? What information is the robot collecting while it is taking care of you, and how much of this data is being shared with your insurance company? With questions like these and many others, it is about time to have a discussion on Data Privacy.
So, NOST organized a Conversation on Data Privacy, June 23 at the Consulate General in San Francisco. Among the audience was a group of Nyenrode Business School Executive MBA students on Business & IT. Four speakers discussed Data Privacy from very diverse backgrounds. Mark Nelson, of Stanford’s Peace Innovation Lab, David Kim of Lumiata and UC Berkeley’s New Media Lab Greg Niemeyer each discussed the virtues of big data in support of peace, healthcare and education respectively, as well as their resulting data privacy implications. Adi Kamdar of the Electronic Frontier Foundation (EFF) very eloquently provided insights on data privacy awareness, or the lack thereof, and the role of EFF in that respect. Jurriaan Kamer, one of the Nyenrode Executive MBA students did a terrific job moderating the – at times heated – debate.
It’s hard to summarize or even begin to draw conclusions of the most engaging and energized discussion that ensued. So I’ll mention a couple of viewpoints that came up. One of them is the observation that realistically a present-day End User License Agreement (EULA) might as well read something like “Sooner rather than later, please expect us to spill some of all of your beans. Be it, because we can’t help it, or deliberately, per our 53 page user agreement you’re about to sign if you want this device to work”. One could pretty much compare such a EULA with a digital equivalent of the Miranda Rights (“You have the right to remain silent. Anything you say or do may be used against you, etc.”). The first part of this mock EULA also goes to show that data privacy depends a lot on data security. So the two are impossible to separate. Existing healthcare data protection rules under HIPAA already put a tremendous burden on the companies that deal with patient data. This all but uninsurable risk will result in added cost to the system, and thus to its patients. And the aftermath of the Haiti eartquake demonstrated that strict application of HIPAA actually resulted in suboptimal tracking and treatment of earthquake victims.
But even in a perfectly secure environment, there are plenty of data privacy issues, that you may not realize at the time you hand over your data. This brings us to a second observation: there is a clear lack of understanding and awareness of how much we have already given up. Some examples brought up by the audience and panel members clearly demonstrated that fact. For example, a company like Über is apparently able to draw some very interesting conclusions from its user and driver data. And the bankruptcy of Radio Shack brought to light – in case we forgot all about it – that data really is money. Without this notion, the free internet wouldn’t even exist in its current form. But it took a decision by the Bankruptcy Court to prevent Radio Shack customer data from being auctioned off to the highest bidder.
Bottom line, throughout this debate, the operative word is TRUST. Ultimately, companies, and other parties handling your data will have to earn your trust. In such a complex environment, their drive for data protection will need to come from within, instead of being forced by – eternally lagging – regulations, telling them to do so.
NOST would like to thank the speakers for sharing their invaluable insights. We will be delving more into data privacy during the second half of 2015. This conversation provided a great starting point for further analysis.
John van den Heuvel – NOST San Francisco
This event was co-sponsored by Nyenrode Business University.