The findings presented in an article by German magazine Computerwoche published on Feb 11, 2014, are a forceful reminder that messages about excessive data capture via mobile apps seem to have gone unheeded so far. As reported, tests by TÜV Trust IT established that “almost one in two mobile apps suck up data unnecessarily”.
What’s “unnecessary” of course depends on your viewpoint: it may seem unnecessary to me if my mobile email app captures my location; the provider of the app, on the other hand, could be capturing the information to provide me with a better service and/or to make money from selling such data to a third party. The trouble is that I don’t know, and I don’t have a choice if I want to use the app. From a consumer perspective, this is not a satisfactory situation; I’d even go as far as calling it unacceptable. Not that it matters what I feel; but privacy advocates and regulators are increasingly taking notice. Unless app providers take voluntary measures, they may see their data capture habits curtailed by regulation to a greater degree than would otherwise be the case.
Let’s step back a moment and consider why so many mobile apps capture more data than is strictly speaking necessary for the functioning of the app:
The recent Computers, Privacy & Data Protection Conference (CPDP) showcased a series of innovative projects that are based on big data. Big data is one of the four imperatives that shape the age of the customer — one of Forrester’s main focus areas — and the changing regulatory framework of data protection in Europe has big implications for big data initiatives.
Central to data protection is the existing EU Data Protection Directive, which legislators have been trying to update for years to reflect the changing online realities. The proposed Data Protection Regulation focuses on a redefinition of the concept of “consent.” User consent now has to be freely given, specific, informed, and explicit.
This new definition forces businesses to be more transparent about how they gather, use, disclose, and manage customer data in the form of the principles of privacy notice and purpose limitation. Complying with these new privacy principles is a challenge in the age of the customer, as privacy regulation affects:
Yesterday, Acxiom, one of the world's largest data brokers and a key player in the marketing services ecosystem, launched an important new consumer service (still in Beta) called "About The Data." It's an initiative to show consumers some of the data that Acxiom has compiled about them, to provide education around how certain types of data are sourced and used, and to let users correct and/or suppress the use of these datapoints for marketing purposes.
This is a big deal. Why? Because it's pushing Acxiom (and, frankly, the entire third-party data industry) way out of its comfort zone on a few levels.
First, this is not a company that is used to dealing with consumers on a mass scale. Acxiom's DNA is fundamentally B2B; learning how to communicate to, and design tools for, individual consumers is a massive undertaking, and it shows in the UI. For example, when I attempted to register my address with a "#" preceding my apartment number, the format was rejected without any indication that symbols were disallowed in that field. As a tech-savant, it only took me one more attempt to figure that out, but not all consumers are so savvy. Similarly, clicking the "Home" button on the navigation bar logs users out without any notice or warning.
Earlier this month The Information Technology & Innovation Foundation (ITIF) published a prediction that the U.S. cloud computing industry stands to lose up to $35 billion by 2016 thanks to the National Security Agency (NSA) PRISM project, leaked to the media in June. We think this estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe. That is, if you believe the assumption that government spying is more a concern than the business benefits of going cloud.
Having read through the thoughtful analysis by Daniel Castro at ITIF, we commend him and this think tank on their reasoning and cost estimates. However the analysis really limited the impact to the actions of non-US corporations. The high-end figure, assumes US-based cloud computing providers would lose 20% of the potential revenues available from the foreign market. However we believe there are two additional impacts that would further be felt from this revelation:
1. US customers would also bypass US cloud providers for their international and overseas business - costing these cloud providers up to 20% of this business as well.
2. Non-US cloud providers will lose as much as 20% of their available overseas and domestic opportunities due to other governments taking similar actions.
Let's examine these two cases in a bit more detail.
Notes from the TechAmerica Europe seminar in Brussels, March 27, 2013
This may not be the most timely event write-up ever produced, but in light of all the discussions I’ve had on the same themes during the past few weeks, I thought I’d share my notes anyway.
The purpose of the event was to peel away some of the hype layers around the “big data” discussion, and — from a European perspective — take a look at the opportunities as well as challenges brought by the increasing amounts of data that is available, and the technologies that enable its exploitation. As was to be expected, an ever-present subtext was the potential of having laws and regulations put in place which — while well-intentioned — can ultimately stifle innovation and even act against consumer interests. And speaking of innovation: Another theme running through several of the discussions was the seeming lack of technology-driven innovation in Europe, in particular when considered in the context of an economic environment in dire need of every stimulus it can get.
The scene was set by John Boswell, senior VP, chief legal officer, and corporate secretary at SAS, who provided a neat summary of the technology developments (cheap storage, unprecedented access to compute power, pervasive connectivity) giving rise to countless opportunities related to the availability, sharing and exploitation of ever-increasing amounts of data. He also outlined the threats posed to companies, governments, and individuals by those who with more sinister intent when it comes to data exploitation, be it for ideological, financial, or political reasons. Clearly, those threats require mitigation, but John also made the point that “regulatory overlays” can also hinder progress, through limiting or even preventing altogether the free flow of data.
As individuals get better access to the technology that enables their participation in the information age, so privacy has to be considered and regulation applied to raise standards to those that are acceptable across that society. It was interesting, therefore, to note the cultural recoil that occurred in response to the NSA’s recently discovered, and rather widespread, caller record collection (not to mention other 'PRISM' related data!) - it’s clear that this has crossed a boundary of acceptability.
This isn’t however, just a US problem. A news story recently broke in India highlighting that local law enforcement agencies had, over the past six months, compelled mobile phone companies to hand over call detail records for almost 100,000 subscribers. The requisitions originated from different sources and levels within the police force and their targets included many senior police officers and bureaucrats.
Unlike the NSA scrutiny, which although potentially unreasonable, at least appears legal, the vast majority of these data requests did not have the required formal documentation to uphold or justify the demand, yet they were fulfilled. This revelation was revealed by Gujarat’s State Director General of Police, Amitabh Pathak, and came hot on the tail of a similar story originating from New Dehli where the mobile phone records of a senior political leader, Arun Jaitley, were also acquired by a very junior law enforcement officer.
I was lucky enough to spend some time in Kerala working with Indian classical musicians many years ago. I first arrived during the monsoon season, and along with the world-class thunderstorms that I watched from a thin rubber bath mat on the roof, I could see the jungles getting greener and the people happier. For thousands of years, monsoons have had significant economic, emotional, and cultural importance in India. Rain determines whether there will be food to eat, and monsoon season typically used to signal the long-awaited return home of soldiers to their wives. Classical music in India, unlike its Western counterpart, is always very attuned to time, place, and mood. Rāgas, the name given to Indian classical forms, have rules to help guide improvisations in the moment and the monsoon season has inspired the Malhar group of ragas, a formulation specifically attuned to the emotions, environment, and context of the monsoon season.
Marketing and advertising, like Indian music, has always been contextual. As far back as 1867, billboards were being rented by marketers in dense urban areas outside train stations, and even earlier, direct mail took demographics into account to determine which regions and people to deliver flyers to. The truth is, though, that targeting brush strokes were broad, with flesh and bone staff doing a much better job of understanding a moment, a customer’s intent, and what the best thing to say would be.
As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:
New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.
Reflections from the 10th Safer Internet Day Conference in Berlin, February 5th 2013
Earlier this month, I had the pleasure of speaking at the Safer Internet Day Conference in Berlin, organized by the Federal Ministry of Consumer Protection, Food and Agriculture and BITKOM, the German Association for Information Technology, Telecommunication and New Media. The conference title, ‘Big Data – Gold Mine or Dynamite?’ set the scene; after my little introductory speech on what big data really means and why this is a relevant topic for all of us (industry, consumers, and government), the follow-up presentations pretty much focused either on the ‘gold mine’ or the ‘dynamite’ aspect. To come straight to the point: I was very surprised, if not slightly shocked at how deep a gap became visible between the industry on the one side and the government (mainly the data protection authorities) on the other side.
While industry representatives, spearheaded by the BITKOM president Prof. Dieter Kempf and speakers from IBM, IMS Health, SAS, and others, highlighted interesting showcases and future opportunities for big data, Peter Schaar, the Federal Commissioner for Data Protection, seemed to be on a crusade to protect ‘innocent citizens’ from the ‘baddies’ in the industry.
Yesterday, I realized I have a criminal side. Of course, I know that I have a bit of a history for speeding. And I’ve had my share of parking fines. But until yesterday afternoon, I didn't think I had ever violated someone else's property rights. Now I know that I have – and I do it quite regularly as well.
The data protection laws talk about data. Data is defined as every type of information in a machine (device). When I’m talking and you’re listening, there’s no data. When I’m talking and you record my voice or take a picture, there’s data.