We were lucky enough to not only have an expert panel at our second Business Network event this September, but we were also treated to a lively debate. One of the panel members who offered brilliant insights was Dr Glenn Parry, an Associate Professor at UWE Bristol, and CoI on the £1.2m EPSRC Hub of All things, an Internet of Things personal data server. We wanted to find out more on his thoughts on privacy online, so we asked some of the questions the audience wanted answers to, but didn’t get the chance to hear, in our Q+A session.
Glenn – thanks for being part of our panel discussion. We talked a lot about what privacy means in the digital age, but let’s start simple: do you think privacy for individuals is achievable online?
If you take privacy as a state where ‘one is not observed’, then no – not with the current platforms provided. We can move towards it if individuals have their own platform/server and the Hub of All Things helps (I’ll explain that later). But in the online world there is always a data trail.
As an individual you can do a lot to see what’s going on. Try running Ghostery on your browser and it will tell you who is trying to take your data. Couple that with an advert stopper like Adblock to see which webpages track you and which webpages even block you if you use these tools.
Can you say something about the balance between the need for privacy and the positive potential of open citizen generated data sets created for the common good? Is openness counter to privacy?
I am not sure about a need for privacy as we must be careful with what we mean by private. In the physical domain we know when we are in town we are being observed by other people and by CCTV. Boundaries are understood. These boundaries aren’t established online.
I think we can be open but private if we are given some control back over our data. As it stands, too many unknown organisations get access to our data. Individuals don’t consider or even know enough about what is happening when they are in the online space.
In the panel discussion you mentioned that the key issue in online privacy is not anonymity, but vulnerability. Where do you draw these lines, and how can this inform the way people approach their online behavior?
Online privacy is objective – it comes down to whether or not you being observed. Vulnerability is subjective and relates to your individual risk. This is why it’s more relevant to talk about, as you can feel vulnerable even if your online privacy is high.
In Geoff White’s talk at the event we saw how easy it is to track and identify a mobile phone just through the frequently used networks the phone starts to look for when trying to connect to Wi-Fi. If a journalist arrives in a country and switches their phone on it potentially could quickly reveal who they are and who they work for, immediately making them vulnerable if someone local is hostile to them. In this context, failure in privacy leads to vulnerability.
Is it fair to demonize the tech industry when it comes to privacy? Does the benefit of innovation outweigh the cost of privacy? Or can innovation take place without invasion of privacy if that was desired?
I think it is unfair to demonise the tech industry. I’ve met a lot of folks from the industry and they are all trying to do good things by creating offers and businesses that are valuable to consumers. A better way to think of it is explained well by my colleague, Professor Irene Ng. She says that privacy costs are an externality of the market, like pollution is for cars. I like this analogy as it frames the issue as one that is bigger than the engagements between businesses and consumers.
Can innovation take place without invasion of privacy?
That’s a difficult question as obviously it is determined by the area in which you are innovating and what you mean by privacy. If we are looking at personal data the boundaries we set for privacy rely heavily on context. For example, you will say something to your doctor that you deem ‘private’. That’s shared with her, and perhaps goes in your electronic record. If you are rushed into hospital your notes may be instantly shared electronically – an innovation that may save your life but the boundary of what was considered private between you and the local doctor just expanded, perhaps to a lot more people. Digital innovations allow you to move data quickly and repurpose it. We have a problem when we don’t have power of consent, or the consent is tied up with access to a system we need access to. This is the system boundary problem. To me it is more an operations management and process issue than an innovation one. We’ve created a complex system where boundaries shift and we often don’t know who now can access our data.
How can individuals take back power over their data, and what could be the advantages of this if it became wide-spread?
This is something we’ve been exploring with The Hub of All Things (HAT). At the moment firms who you interact with – from supermarkets to banks – hold a ‘vertical’ piece of data about you which can be valuable, but also misleading. The real value lies in ‘horizontal’ data, which is the link between multiple vertical data sets – linked via resource, location and/or time. Data protection means firms shouldn’t share your data without consent so all they see is the vertical. It also means you, as an individual, can ask for a copy of your data and create your own horizontal. The HAT is research that examines how that might work.
In addition, HATDEX is drawing on the findings from the research to create a system where you can import data yourself. You can then see all your data in one place, and then share and trade in a Marketsquare. This puts the individual back in the equation, and helps us see what data we have, give consent for others to see it and get an indication of what it’s worth. If we understand our data has value we are more likely to want to know more about who can get it.
We also have a new research project, the HAT Living Lab which will help us understand the ways data leads to perceived vulnerability and create frameworks that can guide the future. We are currently welcoming other researchers to work with the data in the living lab.
The Hub of All Things wants people to ‘claim their data’ – what could be done so that the public have more awareness that they have the right to claim their data – and that they can?
Projects like the HAT and Tim Berners-Lee’s ‘Solid’ platform are the starting point for this awareness as they will let people see the data they have. Google and Facebook are already much further ahead in working to capture data from across multiple silos so that they can know more about you. But this is businesses holding your data, not you as an individual. However, hopefully in the long term the cost of businesses holding your data will be too high and projects like HAT and Solid will become the standard approach.
It makes more sense to me, ethically, morally and financially, for everyone to hold their own data and share it as they see fit. That would see us working with businesses, and having power with businesses, rather than them having power over us. The idea of ‘Power with’ was written about by Mary Parker Follett in 1924, when referencing how self-government in small communities best creates growth. This concept is where my heart lies and that’s the HAT ethos.
Check out our events page for more GL Business Network events.