Balancing big data and privacy – the need for a secure framework
Imagine two scenarios in 2030. You are in a serious car accident and end up unconscious and unable to communicate when the ambulance arrives. You are allergic to penicillin, and you are also a diabetic with a serious heart condition. But the medical staff doesn’t know any of this when they arrive. If all your personal data and medical records are accessible to the medical staff, they can immediately start treating you while taking into account all those serious conditions and potentially saving your life thanks to this information. But in another, darker scenario, the same personal data is shared with neither your knowledge nor consent to insurance companies that then is deny you medical insurance and life insurance due to your medical condition, or to potential employers who will not employ you since you might become ill when you are in your fifties.
I think these are some challenges we might end up actually facing in the future, and we need to find some answers.
There are so many societal benefits to collecting and analyzing personal data, which can contribute to medical research and to a better society. But with more and more data being collected every year, new challenges arise and challenge our right to privacy as we know it.
The big-data-driven telecom analytics market alone is expected to have a compound annual growth rate of nearly 50 percent – with annual revenues expected to reach USD 5.4 billion at the end of 2019, according to an Ericsson white paper on big data analytics. Personal data is becoming hard currency for many different industries, not only the ICT sector and so many industries are already finding themselves in possession of a lot of personal data. How can all this data be handled in a responsible way? And we are not only talking about challenges and responsibilities of companies but very much also governments, research institutions and other actors.
In my opinion, big data raises a number of questions. What about consent? Do I as an individual have a real possibility to opt out or is the consent I can give only an illusion? Is the consent I give really an informed one or do I just click the consent form in order to be able to access the services I want? Who will have access to all my personal data, both during my life and after? How can possible misuse of all that personal data be prevented? How is personal data collected, stored, shared and analyzed, while still taking into account my right to privacy?
Luckily enough, the issues raised above as well as a number of additional ones were discussed at length at a recent Wilton Park event I attended. The topic was Safeguarding rights in the big data revolution and the event gathered some 40 participants from governments, civil society, companies and academia.
Did we reach any conclusions or find solutions to these very complex and constantly evolving questions? Difficult to say. My personal reflection is that we need to put in place a secure framework balancing how big data can be used and to put in place strong protection against possible misuse of personal data. It is also important that all actors, including industries, step up and show leadership in how to manage personal data in a responsible way, both using the enormous potential benefits of big data but at the same time respecting the right to privacy.