Privacy International points GDPR finger at Facebook

An investigation from privacy advocacy group Privacy International on the flow of personal information has questioned whether Facebook and its advertisers are violating Europe’s GDPR.

To date there have not been any major challenges using the data privacy regulation. There have of course been numerous violations of user privacy, but as these incidents occurred prior to the implementation of GDPR, the old-version of the rules and punishments were used. This investigation from Privacy International could prove to be a landmark.

The investigation itself questions whether Facebook and the app-developers which use its platform for data collection and user identification is acting responsibly and legally. Using the Facebook Software Development Kit (SDK), data is automatically sent back to the social media giant, irrelevant as to whether consent has been collected, or even if the user has a Facebook book account.

“Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” Privacy International states on its website.

“App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called ‘mitmproxy’, an interactive HTTPS proxy, Privacy International has analysed the data that a number of Android apps transmit to Facebook through the Facebook SDK.”

After testing dozens of different apps, Privacy International claims 61% automatically transfer data to Facebook the moment a user opens the app, while others routinely send Facebook data that is incredibly detailed. Some of these users may be logged out of the platform or might not even have a Facebook account in the first place. Developers tested include travel comparison app Kayak, job search company Indeed and crowd-sourced search service Yelp.

Looking at the Kayak example, not only was information transferred back to Facebook once the app was opened and closed, but also during each stage of the search process. In the example Privacy International gives, the user selected a flight from London Gatwick to Tokyo between December 2 and 5, Narita Airport was then selected, before another search was conducted searching for hotels for two adults in the city. All of this information was sent to Facebook without prompt, despite Kayak claiming, ‘don’t worry, we’ll never share anything without your permission’, when the user signs in.

Alone this information is useful, but not incredibly so. However, when you consider the huge number of apps which will be sending information back to Facebook, an incredibly detailed picture of the user can be built. Using the other apps tested in this investigation, Facebook could also learn or make assumptions about the user’s religion (Muslim Pro), music interests (Shazam), salary and disposable income (Indeed Job Search) and interest in physical activities (MyFitnessPal). All of this information could be used to feed incredibly personalised advertisements to the user.

The big question which remains is whether this could be perceived as a violation of GDPR. Facebook has stated it released an update to the SDK which allowed developers to suspend the automatic data transfers, though this was only for version 4.34 and later. With the Opt-out section (the Google advertising ID) automatically turned off, some might suggest the user is being led as opposed to asked.

Another factor which could work against Facebook is the collection of data on users who do not have Facebook accounts; this is much more suspect. As per GDPR, a company has to have a specific and justified reason to collect personal information. It does appear Facebook is collecting information on users despite having no purpose or valid reason to do so.

With fines for violating GDPR up to 3% of annual turnover, the stakes are very high. This could prove to be one of the first tests of the rules, designed to protect the privacy of the general public, and few will be surprised Facebook is a central character in the story. With the social media giant seemingly antagonising many governments around the world, we suspect there will be a queue forming to have a swing with the sharp GDPR stick.

Facebook back on the ropes with more privacy punches

Facebook faces fresh questions surrounding data privacy, with reports emerging it granted advertising customers access to user’s private messages with friends and family.

This is a company which is not helping itself but is looking increasingly suspect. The data and sharing economy does of course require users to make an exchange in order to receive free services, but the personalised advertising machine created by Facebook is starting to look scary. The detail which is known on users, and the apparent nonchalant approach the firm has to abuse of the platform, is starting to become very worrying.

Now we have one of the most worrying accusations. According to the New York Times, new documents have emerged suggesting Facebook granted permissions to advertisers which seemingly go far beyond the consent granted by users.

Among the accusations, sourced from internal documents, Netflix and Spotify were given the ability to read user’s private messages, while Bing was able to access all information about a user’s connections without specific consent. Amazon was given permission to obtain contact information through indirect connections, and Yahoo was allowed view streams of friends’ posts. The Yahoo partnership can be traced back to this summer, long after Facebook had declared such practises had been ended.

Aside from the NYT investigation, one user has also taken the time to pen her frustrations after realising location controls on the platform made no difference to personalised advertising. Aleksandra Korolova turned off all available location services on Facebook, WhatsApp and Instagram, cleared location details off her profile, removed geo-tagging on photos, but was still receiving personalised ads based on recent movements.

“Reading Facebook’s explanations to advertisers provides insight into how this is done,” said Korolova in a Medium post. “Specifically, Facebook tells advertisers that it learns user locations from the IP address, WiFi and Bluetooth data.”

The illusion of control has been created, though Facebook is finding ways around user consent and loopholes to any commitments it has previously made.

The inability for Facebook to be transparent, clearly telling the user what is going on, is incredible. There are so many examples of this company misleading the general public, governments and regulators, they are becoming difficult to count. This is a toxic company which should not be trusted. We are struggling to believe any statement which the company is now making.

In response, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, has gone to Facebook’s standard response.

“…we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs,” said Papamiltiadis. “We’re already in the process of reviewing all our APIs and the partners who can access them.”

This seems to be Facebook’s new response to accusations which question whether it has acted ethically or legally; partially accepting responsibility and saying they will do better in the future. This is not a good enough answer anymore. It might have worked the first couple of times, but the repetition from Facebook executives just shows how little the company thinks about the general public. We are just assets to be traded in the pursuit of greater advertising revenues.

Privacy is a small hurdle; the grey expanses of technology regulation are too wide for this to be a problem. Facebook is making a mockery of the general public and the data privacy landscape.

UK Gov pulls back the curtain on Facebook data policies

With pressure mounting against Facebook over the last few months it was only a matter of time before a treasure trove of treachery was unveiled; the UK government has done just that.

Considering the breadth and depth of the information revealed by Damian Collins, a MP and Chair of the Digital, Culture, Media and Sport Committee, and the likelihood this is only scratching the surface, it’ll be some time before we discover the full impact. But, the door has been opened. For Facebook, the PR machine will have to find another gear as this will take some battling.

“As we’ve said many times, Six4Three – creators of the Pikinis app – cherrypicked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users,” Facebook said in a statement. “The set of documents, by design, tells only one side of the story and omits important context.”

Facebook is standing by changes made in 2014 which prevented developers seizing personal information of user’s friends, those who had not opted in. This is effectively the saga which kicked off the entire Cambridge Analytica scandal. Facebook argues Six4Three didn’t receive a temporary extension, allowing the app to continue operating while the changes were implemented, and the court case is manufactured revenge.

The Six4Three lawsuit is where Collins and his Committee managed to get their hands on the documents which have been unveiled here. Officials compelled Six4Three CEO Ted Kramer to hand over the documents while on a business trip to London. The documents were obtained as part of a legal discovery process brought about through Six4Three’s lawsuit against Facebook.

The documents are quite damning, suggesting Facebook used user personal information as a commodity, offering the team a useful bargaining chip to secure more attractive contracts, while also nipping any competitive threats before momentum was gathered. For Facebook, this should be considered a nightmare, and it seems investors agree. At the time of writing share price had dropped by 2.7% in overnight trading.

While these reports might not come as a surprise to those who work in the technology space, the general public are unlikely to find these reports very appealing. Facebook crafts an image of itself as a business which wants to help society, though these documents creates a perception of millionaires viewing the user as nothing more than a number, trading away information which doesn’t really belong to them. This idea will not be well-received by the general public.

Looking at the specifics of the documents, apps were invited to use Facebook just as long as it improved the Facebook brand, while some competitors were not allowed to use Facebook tools without the specific sign-off of CEO Mark Zuckerberg himself. One of these examples is Vine, which could be viewed as a means to obstruct rivals. Those who are legally-minded will know this could cause all sorts of problems for the social media giant.

Facebook has clearly recognised this is an issue as well. As part of its statement, Facebook has said it prevented apps which replicate the core functionality of its platform from reaping the full benefits, though it plans to remove this ‘out of date’ policy as soon as possible.

This is of course on concession Facebook is making, though there will have to be a hell of a lot more over the coming months. These documents are damning of the attitudes towards data privacy and also Facebook’s own policies. The lawmakers are sharpening their sticks and it won’t be long before they start taking more accurate aims at a firm which has done little to aid investigations, dodging meaningful questions like perfectly crafted PR ninjas.

One of the biggest recurring themes of the documents is the value which has been placed on data obtained through user’s friends. The idea of linking financial value to the developer’s ability to gain access to friend’s data is one of the key issues being raised by Collins. Some might suggest this goes against repeated statements from Facebook that it was unaware its platform was being abused.

This is the issue. Facebook has continually proclaimed its innocence, accepting criticisms that it should have done more, but ultimately the blame for abuse should be directed elsewhere. These documents suggest the social media giant was not only aware of the abuses but debated and understood the controversial nature. This does appear to be a complete contradiction of the firm’s previous stance.

Another example of this is an update made to changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user.

Perhaps this suggests a breach of trust during internal meetings and email exchanges, but it also damages the brand credibility of Facebook moving forwards. Facebook is in a hole right now, there’s no doubt about that.

Google faces GDPR complaints over user location tracking

Seven privacy advocacy groups will be reporting Google to their relevant data protection authority, claiming the firm is violating GDPR through location tracking of users.

Forbrukerrådet (Norway), Consumentenbond (The Netherlands), Ekpizo (Greece), dTest (Czech Republic), Zveza Potrošnikov Slovenije (Slovenia), Federacja Konsumentów (Poland) and Sveriges Konsumenter (Sweden) will all file complaints, while vzbv in Germany is considering action for an injunction and the  Transatlantic Consumer Dialogue will bring it to the attention of the Federal Trade Commission. This is of course not the first time Google has faced complaints in the EU over privacy, but the volume here might cause a headache.

The complaint is a simple one. Even if a dataset has been anonymised by Google, detailed information on that users location can make this irrelevant, while in-depth and personal insights can be learned, violating user rights to privacy. For example, if a smartphone is stationary for eight hour consistently, at the same time every night, it would be a fair assumption this is the home address of the person, while learning about what bars they visit could give away the sexual persuasion of the individual.

Not only are these insights which can be used for personalised advertising, but the data can be sold onto other companies to dictate was services are sold to that individual at what price. An insurance company could up premiums for someone who never visits the gym, but this is not personal information which the individual has given permission to be released. Some would argue it is an invasion of privacy, others would suggest it is statistical science and fair game.

One of the complaints being made against Google is the lack of transparency. Yes, Google has made the consumer aware it collects information when the opt-outs are not altered in ‘location history’ settings tabs, though it has not made the user aware this opt-out could be irrelevant. By using other apps and services, Google is collecting the data in any case. Once it is said out loud it should seem obvious, even if you have opted out when you want to use the Maps app, you will have to send Google your location data, but the slight contradiction has the capacity to confuse users. This is not what many would consider complete transparency.

“Google’s practices leave consumers very little choice other than providing their location data, which is then used by the company for a wide range of purposes including targeted advertising,” European privacy group BEUC said in a statement. “BEUC and its members argue that these practices contradict basic principles of the GDPR, such as the lawfulness, transparency and fairness of processing, and infringe on data subject’s rights such as the right to information. In our assessment Google notably lacks a lawful legal ground for processing the location data in question.”

There will of course be investigations over the course of the next couple of months, as we suspect there will be more complaints filed in the near future, though this will be a test of GDPR. As a reminder, the largest fine which the EU can impose is 3% of annual turnover. Google might have been able to swallow previous fines from the EU, but this one will be a bit more difficult to justify.

BBWF 2018: Open data is the key to nailing smart cities

In an entertaining session at Broadband World Forum, a common theme emerged; open data, which is a key component of any successful smart city programme.

The format was an interesting one. Four smart cities were given seven minutes to explain their proposition, and then three minutes to answer questions. Featured were Milan, Athens, Helsinki and Amsterdam, though thanks to your correspondent getting lost on the show floor, the Amsterdam pitch was missed and will not get the attention it deserves. That said, the common theme throughout was open data.

Starting in Milan, data is being used to create a hub of intrigue for start-ups. There isn’t necessarily a focus on segment or vertical, more a top-line ambition to create jobs and value for the economy. As part of the initiative, more than 300 data sets have been made available for citizens and businesses to create new applications and services. Looking at the numbers, the scheme should be deemed a success.

There are currently 1600 start-ups based in the city, out of the total of roughly 8000 across the whole of Italy. 10,000 people are directly employed (or own) start-ups, 80% of which survive the first two years of operation, the most dangerous time for any business. These are certainly promising numbers.

In Helsinki the message is the same. The Mayor has an ambition to create the world’s ‘most functional city’ through digital, with tourism a key factor. Part of this story is opening data up to the community and local businesses to create value.

Finally, over in Athens, open data has been used in a different way. Thanks to financial difficulties in Greece, governments are not trusted. This makes it incredibly difficult to launch new schemes, though by opening up data to the general public and businesses, Konstantinos Champidis, the Chief Digital Officer for Athens, said the team are regaining credibility. The aim here is not only to try and help those citizens create something new, but develop a culture of transparency to regain the trust.

Trust is a key element in these smart cities strategies, as while open data does fuel innovation, the data has to be sourced in the first place. Should citizens not be open to having information about them or their activities collecting and analysed, the whole concept of the data economy runs dry.

We’re sure the presentation from the city of Amsterdam was equally as interesting as the three we saw, but the theme was plainly clear here; open data is a critical component of the smart cities mix.

Connected speakers could refresh smart home euphoria

Enthusiasm for connected devices is on the rise, but it’s taking the buzz away from smart appliances and the smart home category on the whole.

According to research from GfK, products which are geared towards improving connectivity and entertainment are gaining traction in the market, though this is replacing the appetite for smart home appliances which are geared towards efficiency and functionality.

“Take-up of smart home products in the UK continues to rise, with interactive speakers the hot product of the last year,” said Trevor Godman, Divisional Director at GfK. “In contrast however, the level of consumer excitement about smart home as a category has lost momentum somewhat – particularly for smart appliances and smart health products.  As smart home pivots to the mass market, it is essential that manufacturers look at what is holding consumers back and communicate compelling benefits that capture consumers’ imaginations.”

While Godman is taking a rather negative approach to the trends, we do not see it in the same light. The idea of the smart home, and various devices in the kitchen or around the house being connected and programmable is not a new idea. The smart fridge or connected light bulbs have been around for years without stimulating enough momentum for the segment to really take off. A creative spark was needed to engage consumers and offer an attractive proposition, unfortunately, smart energy readers do not offer this. Smart speakers and TVs do however.

For the mass market to embrace new ideas, there needs to be genuine excitement. Being able to switch the light in the living off with your smartphone might be functional and useful occasionally, but the smart speakers capture the imagination of the consumer. These are products consumers would actually want to buy, instead of a central heating system which reacts to the weather outside.

According to the research, the UK smart home market was worth £900 million in 2017, making it the second largest market in Europe. It has also become the fastest growing, increasing by 19% in value from 2016 and 35% by volume. There are now 336 brands offering 3,777 smart home products, while 85% of the UK’s online population now own at least one smart product, and the number owning four or more has grown from 35% last year to 44% this year. The fastest growing segment is smart speakers, though this does seem to be at the expense of other categories.

Manufacturers of smart cookers or connected mirrors might look at these statistics and worry, though GfK suggests consumers who plan to buy a smart device or appliance in the future have their sights set on a wide range of products. The smart home might have failed to deliver over the last couple of years, though the accessibility and entertainment value of smart speakers does seem to open up consumers to new purchases.

The purchase of smart home devices might not be growing across the board, but that isn’t necessarily awful for those who have their eyes on the long-game. Smart speakers are normalising the idea of the connected economy. Once the basic concept has been accepted by the mass market, the opportunity to sell becomes significantly easier as value is more readily realised and accessible.

Philips might preach about the benefits of a smart central heating system, but the frivolous purchases were needed to normalise the segment first. The smartphone ecosystem didn’t explode overnight, there were years of adoption as the touch user interface become second-nature, the same could be said here. Frivolous purchasing is needed before the connected bug can spread throughout the home.

Smart speakers starting to drive next era of digital

Years usually pass before the world realises a technology breakthrough actually happened and it catches on; the voice user interface might just have arrived at that watershed moment.

The fantastic breakthrough of touchscreen mobile phones is often attributed to Apple, though if you go back to 1992 IBM unveiled a phone called Simon which featured the first touchscreen. Apple didn’t invent the concept of touch screens, it simply innovated, making the iPhone a genuine smartphone as opposed to a PDA. This might seem like an odd introduction, but the same trend is emerging in the smart speaker world.

Amazon and Google did not invent the concept of the voice user interface, they simply used their brands to effect change and offer a product which was dutifully adopted by the masses which call themselves fans. In releasing their own smart speakers, the two internet giants did what other companies couldn’t; they normalised the voice user interface.

According to Nielsen’s MediaTech Trender survey, the smart speaker has penetrated the mass market and is normalising the concept of the smart home, as well as the idea of your voice being the control function. Across the US, 40% of homes now own at least one smart home device, with 24% owning a smart speaker, up from 22% in the previous quarter. Of those who currently own a smart home device, 65% plan to purchase more. Looking at the speakers themselves, usage is up, the average user interacts with the device for 72 minutes on the weekend and 65 minutes during the week, while 81% of users report using voice-command searches for real-time information, such as weather and traffic conditions, during a typical week. The more normal it becomes to use your voice in the home, the more acceptable it becomes elsewhere in the world.

Another interesting statistic from the report are the services synced to the speakers. Music streaming services are unsurprisingly the most popular, 53%, while the second most popular is shopping apps at 52%. With the user seemingly becoming accustomed to ordering goods through the smart speaker, there are a horde of new opportunities emerging, from grocery shopping to on-demand purchases linked to advertisements.

Finally, the most device synced to the smart speakers is the smartphone. This might seems like a very obvious statement, though only 32% of the respondents have linked their smartphone to the device. This is a small percentage of what is possible, though the potential to learn more about these individuals who have synced their devices is quite exciting. The virtual assistant is no-longer limited to the users home and can start to learn about habits in the big, wide world. This offers a much more in-depth opportunity to create valuable, personalised services.

As it stands, the smart speaker is little more than an entertainment product. 90% of users listen to music on the devices, 81% search for real-time information such as the weather, 68% listen to the news and 68% use it for alarms or timers. However, these devices are introducing new concepts and features which are gradually becoming accepted and normalised by the user. The voice user interface is an incredibly important one.

Just like the touch interface opened up new opportunities to make money, the voice interface will do the same. But this is a while down the road, mass adoption of both new devices and the normalisation of new concepts need to take place first. New ideas open the mind up to even more new ideas, including services and products, as well as blurring the lines of what would be considered intrusive or unacceptable. The smart speaker is playing a critical role here.

Google attempts damage control on privacy regulations

Google has unveiled its ideas on the regulatory framework of tomorrow in what looks like an attempt to influence legislation and restrict the long-arm of government intervention.

On the whole, the internet players of Silicon Valley have largely been left to do what they want. This is not to say there are no regulations or consumer protections, but the breadth and depth of regulatory red-tape is no-where near the same scale as the telco industry. In airing its ideas on what the regulatory environment of the data economy should look like, Google is seemingly trying to maintain this status quo.

“Today, we’re sharing our view on the requirements, scope, and enforcement expectations that should be reflected in all responsible data protection laws,” said Keith Enright, Chief Privacy Officer at Google. “This framework is based on established privacy frameworks, as well as our experience providing services that rely on personal data and our work to comply with evolving data protection laws around the world.”

The three page document, which you can see here, is largely what you would expect from one of the internet players. Commitments to collect data responsibly, transparency for the user, limitations on collection and usage, offering control to the user, accountability of third-parties and interoperability are all aspects, but this is not what the helpful commentary is about. This is not about protecting the user, it is about Silicon Valley maintaining control of its own destiny.

With the US Department of Commerce’s National Telecommunications and Information Administration evaluating new legislation, the Senate about to start grilling tech executives and the White House preparing meetings with industry, the future is clear. The US Government intends to take a firmer grasp of activities in Silicon Valley, offering a more stringent rulebook and more protections to the consumer. This is not good news for the internet players.

To date, the internet players have made fortunes in the grey areas. There are more freedoms to use personal information and create advertising solutions as these are organizations which have slipped between the regulatory cracks. They have resisted the same rules as telcos, much to the frustration of the traditional communications industry, though this is not necessarily a bad thing. These are different types of businesses, applying the same rules as telcos is the square-peg-round-hole situation. These are businesses which are creating new services and innovating with data in ways some could not imagine, and need the flexibility to do so. That said, they should still be held accountable to regulation.

In releasing its ideas, Google is seemingly practising its own version of damage control. If new rules are on the horizon they’ll need to be influenced. A number of these practises are already in place at Google, meaning the business can continue to generate billions without a huge disruption to operations. That cannot be said its neighbours in Silicon Valley, but this is of little concern to the Do-No-Evilers.

Another interesting aspect to this announcement is perception. The industry has been hit hard by privacy scandals over the last few months, the Facebook/Cambridge Analytica saga is the biggest example, though Google has been collecting location data on users who have opted-out; it is far from innocent. In making these suggestions public, Google is putting a friendly face back onto the brand; its helping with the data privacy issue, not compounding it, will be the PR message here.

While this perception of helpfulness will help with its consumer reputation, it will also aid its grilling from the Senate. Enright is one of several executives who have been summoned to testify in front of several politicians to discuss how social media companies work and data privacy is secured. In demonstrating proactive enthusiasm prior to the grilling it might gain some much needed favour after Google left its chair empty during the Senate Intelligence Committee testimony.

The wild-west internet is slowly being swallowed up by the steady progress of regulation. The rules will never get in front of technological advancements, but to protect its billions, Google and its Silicon Valley neighbours will have to put on big smiles to influence rule makers.

It turns out regulating the data economy is really hard

New data regulations may well define the economy and society over the next few decades, and they are still far from perfect. But before you get too critical, you have to realise just how complicated this thankless job can actually be.

An interesting question to ask is whether privacy should be a right protected at all cost by regulations, or should rules makers allow the user to trade his/her privacy for benefits? This is the foundation of some information businesses, Facebook is a good example, as targeted advertisements allow for the delivery of free services. On a more simplistic level, free TV channels such as ITV having been doing this for years without the hyper-targeted platform.

If data is the oil of the 21st century, rule makers need to figure out how personal information can be used without inhibiting privacy.

“You have to remember it is a very tricky balance to strike,” said Jocelyn Paulley, Director at law firm Gowling WLG. “On the one hand regulators do want to take a flexible approach which allows for innovation, but they do also have the responsibility to create rules which protect the right to privacy, it is a human right after all.”

Privacy InfographicAs Paulley points out, it’s a little bit more complicated than simply just writing down rules and punishments. The issues arise when you try and predict the future. There are so many different paths technologists and innovators are heading down, how do you possibly write iterations for all the different possible outcomes. Regulators certainly don’t have the man-power to undertake such tasks, and they most likely don’t have the competence either.

Today’s approach is about applying flexibility in the rules, while also listening to the community about what developments are likely to emerge in the future. While this leaves grey areas, Paulley highlights there is little choice at the moment. The breadth of developments in the technology world means almost theoretical laws are written, before being applied into specific use cases. Interpretation does create complications, though the last thing regulators want to be (despite doing an excellent impression at times) is a speed bump to progress; sometimes the grey areas just have to be accepted as the lesser of two evils.

“Part of the complications in the UK are that we are a common law society, not a constitutional one,” said Paulley. “At European level, GDPR has been written to allow for future developments and for member states to localise some rules.”

Will this allow for privacy to be treated as a commodity? Perhaps, but more needs to be done to educate the consumer.

This is perhaps the most touchy aspect of data privacy. Regulators might well be open to the idea of users trading their privacy for benefits, but rules are there to make sure consumers are not abused for their ignorance. Understanding the data economy is incredibly difficult, made more thorny by the complexities of terms and conditions. Technology companies muddy the waters intentionally, therefore regulators cannot offer too much flexibility otherwise the protections are not there for the consumer.

If you were to ask the consumer today whether they would trade privacy for free services, they would probably say no until you start laying out the bill. £10 for Facebook, £2 a month for Google, no free Spotify, 50p for the Evening Standard each commute, £2.50 for every game you download on your smartphone, £50 a year for email and cloud storage, 1p a message and 10p a minute for calls on WhatsApp. It starts to add up and suddenly trading privacy becomes an attractive option, but consumers lack an understanding of the mechanics of the digital economy.

Part of the European Commission’s General Data Protection Regulation (GDPR) is geared at creating a greater level of transparency. With the Cambridge Analytica scandal, part of the reason the consequences were so great for Facebook was due to a lack of transparency. Data science has advanced at a remarkable rate over the last few years, especially when it comes to targeted advertising platforms, but Facebook hadn’t taken the user on the journey with them, explaining how personal information was being used. When the curtain was pulled back, the sight of CEO Mark Zuckerberg manically pulling levers on the big data machine while frantically shouting “Senator, we sell ads” shocked the general public.

Facebook Data

By forcing technology companies to collect opt-in from consumers, regulators are also ensuring the consumer receives an education on what it actually means. Companies now have to explicitly state what personal data will actually be used for. Paulley highlighted the hope here is by becoming more transparent, the consumer will trust these companies more, therefore fuelling the data economy. However, there is a risk once the users understand how the machine works they will opt-out of the system. This is perhaps one of the reason companies have not been so forthcoming with the dark arts of data science; the fear of a negative reaction.

This fear has now become a reality at Facebook. By concealing the dark arts of data science, the trust was broken. Facebook had advanced data science so much without taking the consumer on the same journey, the reality of progress was scary. Campaigns such as # DeleteFacebook on Twitter emerged making the consequences of privacy failure very real. Perhaps this was a watershed moment which will ensure companies do not resist the rules and promote transparency themselves; when you are caught out (and it always happens eventually) the consequences are just as bad, if not worse.

GDPR has some promising areas, but there aspects, such as criminal screening in recruitment, which need more clarity in the future. Flexibility is required to promote innovation, but rigidity to safe guard the consumer. Regulators haven’t gotten it right so far, but that isn’t entirely unexpected. Writing rules for the data economy is unchartered territory, and it’s very complicated.

Infographic: Is privacy a right or a commodity?

With the digital economy leaning more heavily on user openness and sharing personal information, you have to ask how privacy should be regulated.

On one had you have those who want to protect privacy at all costs. That is perfectly reasonable, but it does make it difficult for certain aspects of the digital economy to work effectively. Most publications, for example, now offer free content to the user but the value exchange is personal information which can be used to create advertising platforms.

In pushing for hardcore privacy protections in regulation and legislation, you have to wonder whether this business model could operate effectively. GDPR has caused all sorts of issues for some organizations, and this is only the tip of privacy reforms.

If you asked the consumer to pay instead of offer information as a value exchange, they might not be too happy. Free has become the norm nowadays. So is regulating to stringently protect privacy the right thing to do when the consumer might be happy to trade privacy for benefits?

We do not know the answer to this question, so we asked Telecoms.com readers for their input.

Privacy Infographic