Understanding the new rules for data privacy in the digital economy
Amid news of Facebook’s recent $5 billion dollar fine in the wake of the Cambridge Analytica scandal and other data breaches, the social media giant has come under fire once again after it was found that it had hired contractors to transcribe voice chats on its Messenger app without the consent of its users.
Other Silicon Valley players, including Apple, Google, and Amazon have similarly used human review systems for their smart computing devices and have faced the same criticisms.
Now a national priority, governments have developed policies and protections that aim to safeguard user data, but tech companies have continued to show a flagrant disregard, time and time again, for one’s right to privacy, leading to growing distrust of these corporations.
Buried in lengthy ‘Terms and Conditions,' data collection practises are often vague and in the case of Facebook, fail to provide greater context of the extent to which data is analysed and by whom. No longer resting on tacit consent, companies should strive to rise above decision-making driven by private commercial interests. As enterprises continue to navigate the modern digital economy, new technologies and systems that are more compliant are ultimately needed.
The perils of a single point of failure
Throughout the process of digital transformation, legacy industries have sought to re-evaluate their use of computing and storage solutions, resulting in a marked shift from local servers to cloud storage solutions. What enterprises forget, however, is that while cloud-based storage may offer greater efficiencies and ease in how data can be shared across parties, the issue of centralisation still needs to be addressed.
Most recently, the Capital One data breach which led to the exposure of sensitive data for over 100 million North American banking clients, gestures towards the inherent drawbacks of centralised data storage solutions. With a single point of failure, centralised systems are an easy target for hackers while simultaneously, an ill-intentioned insider would have the ability to also access and expose the records of users.
As such, calls for a decentralised solution are more apt than ever. Blockchain, for example, allows for a trustless network consisting of different parties, each with different intentions and different needs for the data being circulated. In industries such as banking and finance, or even healthcare, where the circulation of sensitive data is inherent to efficient operations, decentralised networks can allow for secure data sharing without needing to trust the parties involved.
Trust the maths, trust the code
Though blockchain has long espoused the ethos of placing one’s trust in code, with an easily auditable, immutable ledger of transactions, parties are forced to act with greater accountability and responsibility in mind. For sectors where consumer trust is paramount, such as digital communications and payments, this is especially important. However, this very matter of transparency can easily emerge as a hindrance.
Despite its benefits, the reality is that full transparency isn’t always feasible. In the financial services sector, for example, a level of privacy is needed to secure personal identifiable information (PII) and transaction information across entities and counterparties.
To address this need, many enterprise blockchain projects, such as EY's Nightfall, are working specifically to advance privacy-enhancing technologies, such as zero-knowledge proofs (ZKP) to mask private transactions on a public blockchain.
From start to finish
With an estimated 4.16 billion Internet of Things (IoT) devices expected to be in the world by 2025, the extent to which data and smart devices will power our everyday lives––from the adjustment of your thermostat to the exchange of funds between a business and a consumer––will only continue to grow.
As these connections proliferate, the data generated will serve as a record of historical behaviours that can be used to better optimise business processes, determine consumer preferences, champion greater standards of user experience, or even help to propel increased research and development in areas of medicine, autonomous transport, and supply chain.
At the end of the day, this is all a matter of how data is treated. Beyond examining the infrastructures within which data is stored and shared, corporations should go even further, looking specifically at how raw data is treated before it’s even uploaded to a server. Today, advanced cryptographic algorithms are already being designed and commercialised to eliminate existing data security loopholes.
Privacy enhancements such as homomorphic encryption and garbled circuit effectively break down the original raw data before it’s compiled into a circuit––this encrypted data can then be shared and computed upon without ever revealing the raw data. In fact, once the garbled circuit has been applied, it will not be possible to reverse-engineer the circuit back to its original raw data state. This is especially useful in industries such as healthcare which are regulated with highly restrictive patient privacy requirements.
The threat of innovation
In 2019 alone, the global cost of data breaches is expected to reach $2.1 trillion. Year after year, news stories of yet another hack or another security flaw with grave consequences appears to now be a norm. While mature security measures gradually flood the market, hackers tend to behave in turn, engaging in hacking attempts marked by increasing sophistication, which then prompts greater technological advancement in cybersecurity measures.
A looming threat, for one, is the rise of quantum computing with IBM having launched its first quantum computer for both scientific research and commercial use earlier this year. Once fully developed, quantum computers will pose a critical threat to cybersecurity measures due to their highly-efficient computing power which can solve the most sophisticated cryptographic algorithms in next to no time.
Having been described as “one of the most radical shifts in the history of science,” researchers today are already working on post-quantum cryptography in order to ensure that privacy-preserving mechanisms are able to evolve accordingly.
Though a seemingly inevitable cycle of threat mitigation amid the ongoing digital revolution, make no mistake, enterprises still need to take it upon themselves to invest in the right resources in the right areas of their business operations.
With a growing distrust in corporations that don’t sufficiently value personal data sovereignty, more clearly needs to be done. The reality is that data is here to stay and the benefits to be reaped from this wealth of information can and should be used for the greater good.