First let’s lay the foundation with some definitions.
You have probably noticed that your browser proposes you links to click on as soon as you start typing based on your previous search. You probably know that an algorithm on search engines for flight tickets remembers your search and enables the prices to go up if you do the same search again on the same computer. You might have asked your browser to remember your passwords out of convenience. But sometimes it feels that your web browser know maybe a bit too much about you…
This is all enabled by cookies. Cookies are small pieces of data sent from the website and stored in a user’s web browser while the user is browsing a website. The purpose is to facilitate web browsing for users. From the website owner’s perspective it represents a key marketing advantage. The user will be able to find again the items on his/her shopping cart, making his/her whole experience smoother. Moreover, the recommendations provided to the user and the pages displayed are shaped by the data collected on his/her previous activity, for instance on Amazon.com or even on Netflix.com. For more information on cookies: a simple explanation by the UK magazine Wired.co.uk
Data is power. The one who owns it acquires leverage. Web users are used to giving away data either to log into their account on a website or to have access to more promotions for examples. But where does that data go? How is it used? And in what form? The answer is “it depends”. It depends on the website and on the web browser. Sometimes the data is encrypted, sometimes it isn’t. Issues arise when there is an external usage of that data, particularly when it is sold to third parties. Because of the lack of transparency and privacy breaches which occur too sporadically to lead to meaningful change, users do not hold websites accountable. It seems to be too vague an entity to know exactly who to target, although larger companies like Google receive a lot of focus. A “Michelangelo moment” (1) according to the Economist issue of September 13th 2014, would most likely change the current statu quo and result in a drastic backlash… but such a privacy breach has not happened yet. [NB: The recent hacking at Sony was to targeted to produce a general backlash]
Recently users have been asked to “opt in” on each new website they visit, that is to say to allow cookies to collect data while browsing on the site. Websites operating in Europe were forced into converting their cookie policy from “opt out” to “opt in” by a European directive so-called the “Cookie Law”.
But where is the “no” button? Who has really read everything after clicking on the “more info” button? Signing out of newsletter is already a tedious process, and “opting out” of cookies is even more so.
The impact of connected objects
What is now often called “connected objects“, “smart objects” or “the internet of things” includes all the objects that are connected thanks to the cloud and are thus able to collect data. For instance, a Tesla car equipped with a software to notify the customer when a repair is necessary, a Ralph Lauren polo which records calories burned and heart rate and sends them to your smartphone, or a Philips light bulb controlled via tablet. These type of objects where once regarded as gadgets, though views are evolving and they may soon become the norm.
But at what cost? The fear is that with these connected objects our every move will potentially be recorded. The third party usage of this data becomes a central issue, because some data might be interested if shared, for instance driving conditions for other drivers.
A solution proposed in the November 2014 issue of the Harvard Business Review would be for companies to sell “binding or aggregate data on purchasing patterns, driving habits or energy usage” rather than individual customer data..
In the same issue, Alex Pentland draws the structure of a “New Deal on Data”. The idea is “to give people the ability to see what’s being collected and opt out or in. (…) It’s a rebalancing of the ownership of data in favor of the individual whose data is collected. (…) People are ok about sharing data if they believe they’ll benefit from it and it’s not going to be shared further in ways they don’t understand.” Such works are key to drive awareness and to lobby governments toward these best practices. Transparency will foster trust among Internet users.
In the near future, new legislation will need to be passed by regulators to ensure privacy while using connected objects. The debate is always the same: do we let companies regulate their websites themselves or do regulators need to intervene? Companies have every reason to change their operating model as it is costly to collect all the data they can (all the more because not all data is relevant), and dangerous as their systems could be hacked resulting in massive privacy breaches and countless headaches.
Nonetheless the status quo remains and a bigger push from regulators, consumer groups and citizens is necessary. After all, we should all as citizens and web users feel involved with the issue.
For more information: the interview of MIT professor Alex Pentland.
(1) In 1992, the Michelangelo virus widely infected software and pushed people to invest in anti-virus software.