You wake up on a late Sunday morning with a hangover. The news is on TV: “Lion City Life Co. reported IT system breach. Over a million Singaporeans’ financial information is suspected to be leaked.” You fumble around the bed for your phone and see 37 unread messages from your bank informing you of withdrawals totaling over $200,000. Your mind reels from the shock at the loss of your entire net worth.
The hypothetical scenario should strike you with an uncanny sense of déjà vu. We watch data breaches unfold in the US and Europe. Cambridge Analytica and Facebook. Equifax. Google+. It is apparent that regulators are ill-equipped—be it in knowledge or technology readiness—for the unenviable task of playing watchdog to an ever-burgeoning security threat, akin to attempting to tame Goliath undergoing a growth spurt with a flimsy tree branch. Cyberattacks have no geographic bounds. The massive security breach at Singhealth reported in July 2018 exposed the vulnerability of our public institutions entrusted with sensitive personal data.
With increasing severity and proximity of these breaches, data privacy has been thrusted to the forefront of our consciousness. Why should we care about data privacy? Why is it more important now than ever? How can we protect our data? Before these burning questions can be addressed, we need to examine the role of data in our modern economy.
For tech giants like Facebook, Google and Amazon, user data is the currency they deal in. In a business model that is predicated on monetizing data, user data is transmuted into digital gold. This phenomenon becomes evident when we scrutinize the players in the data-driven marketing economy. Facebook is not just a social media platform, but also a comprehensive personal data collector and aggregator offering user data to the highest bidder; Google is no simple search engine, but monopolizes personalized browsing history to promise targeted and focused ad delivery.
The adage that there is no such thing as a free lunch, is timeless. If we recognize our personal and sensitive data (such as financial, health, biometric) as modern currency, we need to be cognizant that we actually pay for ‘free’ services and platform with privacy. Over time, aggregators’ appetite for more (and increasingly personal) data intensifies. How much is your data worth, and are we getting a fair deal?
Extrapolated advertising revenue in the US estimates that your data is worth at least US$240 annually. This does not factor in mutiple transactions for the same dataset. Data aggregators can reconstruct accurate profiles by amalgamating piecemeal data crumbs from various sources on the same individual. Users themselves also perceive a higher value of their data than the estimate. A research reported that users, profiled to use social media regularly, valued their data to be worth over US$500.
The value of privacy should however, go beyond monetary concerns. Data privacy protects your reputation by keeping the sensitive information anonymous. It protects you from harm, escalating from unwanted spam mail to illegal surveillance and identity theft. It is about having the power to decide what to reveal, to whom it is revealed, and how others can use that information.
To have that power, we need the knowledge, beginning with understanding our data privacy rights when dealing with organizations, businesses and public institutions.
PDPA and GDPR
In Singapore, the Personal Data Protection Act 2012 (PDPA) establishes the regulatory framework for how organizations can collect, use and store customer data. The Act establishes the Personal Data Protection Commission, an independent watchdog providing guidance and advisory.
The General Data Protection Regulation 2016 (GDPR) updates decades-old data privacy laws in the EU to keep pace with challenges consumers face in a data-driven and technology-based environment. Recognizing the data risk mitigation benefits of GDPR, some US-based companies call for a similar comprehensive federal privacy law in the United States.
To minimize our digital data footprint, here are some tips and tricks you can use to protect your digital anonymity:
Blockchain – not just HODLs, Moons and Lambos
Picture this – you can approach any bank or insurer to purchase a policy or invest in a mutual fund without any financial disclosure, and yet the counter-party can accept your application with full confidence. How is it possible?
The secure and trusting relationship between you and the institution is built on Self-Sovereign Identity (SSI) and decentralized trust. In 360F, we have piloted SSI on Sovrin blockchain. In the world of SSI, individuals enjoy full control over their data—with whom, when and how they share it. Let’s say you want to purchase a policy from insurer X. You need to prove that you can afford it. You will retrieve a digital certificate from your bank. This certificate is a verified and revocable credential – it verifies your bank account balance. This verified credential is then fed into a kit based on Zero-Knowledge-Proof (ZKP) protocol. The kit outputs a proof based on the verified credential to a requesting party. In other words, ZKP allows individuals to disclose verified information about themselves without sharing the data itself. Currently 360F has created ZKP pilot cases around the sales advisory and application process for banks and insurers.
Privacy – A fundamental freedom
Everyone has the right to privacy because it is a fundamental freedom. To sacrifice it for the convenience of using free digital platforms and accepting subsequent data breaches or leaks as an inevitable norm is tantamount to relinquishing an intrinsic human right. We may have nothing to hide, but that is not reason enough for letting the ever-vigilant Big Brother into your everyday life. Surely one can see the ignominy of living in a world where your neighbors are aware of your fertility issues and your employers of your peculiar preference in porn.
Copyright © 2019, 360F. All rights reserved.