There is one thing that sets 2018 apart in technology, from the point of view of both businesses and users – and that thing is called data.

While data-related industries like big data, analytics, and advertising companies have been established for some time now, there are several things that have shaken the world in terms of the news cycle this year.

First, it is the revelation that some entities have taken advantage of user data in manipulating political sentiment. This became particularly evident with the the Cambridge Analytica scandal. Second is the enforcement of the European Union’s General Data Protection Regulation or GDPR in May 2018.

These two, at least, highlight how sensitive can personal and private data be. In the Cambridge Analytical scandal, the UK-based data mining, brokerage, and analytics firm was discovered to have inappropriately acquired data from Facebook users and aggressively utilized it in targeting political campaigns, particularly during the 2016 U.S. presidential elections.

Meanwhile, in May 2018, the European Union’s GDPR came into force, which means that businesses will need additional privacy controls for personal user data, particularly for EU citizens, and for businesses whose customers may be residing in the EU countries. The regulation also gives users better control over their own data, which includes the need for consent before their data is collected and used, as well as the ability to erase their own data when necessary.

The state of data in Southeast Asia

Similar to Europe, Southeast Asian governments are starting to explore data privacy acts. The first started in the Philippines with the Data Privacy Act (DPA) in 2012, although it was implemented in 2016. Today, there are now three countries implementing comprehensive data protection laws in the Southeast Asian region, out of a total of 10. According to Ateneo, “Of the remaining seven, two have ongoing efforts to draft and pass a legislation, while three have some relevant policies on privacy and data protection.”

Cybersecurity is currently lacking across the region and is considered of utmost importance for the region to secure itself through its anticipated growth over the next decade. A report from A.T. Kearney said the region needs to spend about $171 billion collectively on cybersecurity between 2017 and 2025. The effect of not doing so could be drastic – an estimated $750 billion in market capitalization at stake for the top 1,000 companies in the region.

Also read: Why culture will play a huge role in compliance with data privacy rules

Thankfully, innovative startups and companies in the region are looking to solve these issues.

The benefits of data collection

Data collection, in itself, cannot be characterized as bad in the first place. One of the main benefits that the information era has brought is the speed by which businesses and users exchange, share, and access information — all for the purpose of improving transactions and relationships. Even user information itself, managed in the right ways, has big advantages for an individual consumer.

For example, ad targeting ensures that marketing material delivered to a user is relevant to their interests. Customer profiles mean better curation of products, content, and services, which are, in turn, meant to delight customers. Without data and without targeting, businesses are left at the dark, and they can only provide generic products regardless of the preferences, demographics, and even location of their customers.

Meanwhile, data is also a big driver of success when it comes to leveraging behavioral economics. Businesses can more easily predict demand when they know the users’ sentiment. Companies can also determine how to design products based on consumer sentiment. Whereas users’ benefits can derive from sharing data, such as convenience and perhaps some monetary gain through discounts and promotions.

Data sharing becomes disadvantageous, however, because there is an asymmetry when it comes to how data is utilized and monetized. Social networks, for example, are a prime example of how oversharing can become disadvantageous to users. While services such as Facebook, Twitter, or even Google and Gmail, are free, users have grown accustomed to forking over their personal data in the form of traceable behaviors, preferences, and connections — whether intentional or unintentional. The businesses that collect data can then expect to monetize these through targeted advertising or through other means.

In short, businesses profit from user data. Users are no longer satisfied with this scenario, however. As early as 2015, users have been demanding better privacy protection amidst the ubiquity of devices and services that can potentially collect user data – such as smartphones, portable computers, connected appliances, and even closed-circuit TV cameras. Earlier this year, Mozilla Foundation, the developer of the Firefox browser, has urged users to become more vigilant about their privacy and push for more protection from businesses and governments.

One emerging trend that has arisen from all this is the idea that users should go beyond having control over how their personal data is shared. For example, there is the ideal scenario wherein a user can also earn from the data that he or she shares with businesses and with platforms. This way, data can be collected, exchanged, and monetized fairly – and the benefits go not only to the businesses that collect and analyze data, but also to the users who own the data in the first place.

How tech overcomes the challenge of privacy

In all this, there can perhaps be no way to discuss privacy without bringing in blockchain tech to the equation. Blockchains are essentially a decentralized and immutable ledgers. When it comes to privacy, blockchains can offer the benefit of both transparency and anonymity — that is, all transactions are written in stone for better accountability. However, details can be anonymized as these are essentially encrypted. Also, platforms can make use of additional technologies such as using a database separate from the blockchain to store private and personally-identifiable data.

Also read: For Datum’s Theo Valich, universal basic income can be addressed through a data marketplace

This is what blockchain companies have been building on. There have been several startups that were established precisely for this purpose — notably Datum and Civic, for instance. These companies try to empower users with better control over their personal data, to the point of being able to monetize behavioral and other data through opt-in programs, as is the case of Datum. “[W]e return data ownership to individuals and let them be part of this new economy,” Datum’s CEO Roger Haenni has been quoted to say.

The main onus of GDPR and other privacy-protecting regulations goes beyond simple monetization and data exchange, however. There are several pain points for both businesses, developers, and individual users, in making sure such a fair exchange of data is seamless and effective. The key here is in making authentication and controls seamless and secure, but without being too dependent on gadgets.

A Hong Kong-based startup called iTrue aims to embed itself into businesses, services, and interfaces in a deeper but less intrusive manner. By combining biometrics, blockchain, and a data marketplace, iTrue plans to render passcodes, device-based authentication, and other such challenges. “A user simply has to be himself or herself, and biometrics will authenticate that user for access into a place, service, or any other system,” says iTrue CEO Jack Cheng. “Users will, however, need to approve whether their data is used by the system or monetized through the marketplace,” he adds.

The takeaway: Privacy is not only a business issue, but a personal one, too

There is no doubt that privacy is taking centerstage in today’s technology-driven industries. With the ubiquity of mobile and always-connected devices like smartphones, and the rise of the internet-of-things, everything will soon be keeping tabs on our actions both as users and as business entities.

This is actually considered more of a business issue, rather than just a technology issue. After all, businesses can glean data from customers even without the involvement of technology. Simply having a record of your name from a credit card transaction, for instance, constitutes data collection. The same goes with being recorded on CCTV.

Data sharing is therefore everyone’s responsibility, and both businesses and users will need to be proactive in safeguarding their data. Thus, even with some added burden in terms of cost and effort, businesses should not be afraid of regulations like the GDPR. Rather, we should all embrace it as yet another opportunity to both provide and derive value from the increasingly-important data economy.

—-

e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.

Photo by arvin febry on Unsplash