Robert Plant

Previous
Next

Forget Narco-Trafficking, Info-Trafficking is more profitable, and it is legal, but is it ethical?

Privacy: There is no App for that

In the movie “Enemy of the state,”John Voight, an NSA official delivers the chilling line, regarding suspect Will Smith, “let’s get into his life” and though satellite technologies, communications monitoring, and active tracking devices they do just that. This technological ability was once the province of the intelligence services but it is now available to all businesses thanks to the consumer’s love of the Smartphone and their Apps.

The basis for this change is the ability of organizations such as GSMA, an association of more than 800 mobile operators worldwide, and whose members represent more than 5 Billion GSM and 2GSM connections; http://www.gsmworld.com/about-us/index.htm  to generate what is known as “census level data.” This ultra low level data is obtained from the users online activities through their Smartphone. The data is then processed, in which it is augmented with demographic data collected “with the consent of a representative sample of mobile internet users” becoming ‘irreversibly’ anonymised. It is then sold in the B2B marketplace. This level of detail is highly valuable as it enables market-level analysis of site visitation and engagement metrics, such as page views, times spent on specific sites, device types and features. http://www.gsmworld.com/newsroom/press-releases/2010/4614.htm

Ironically, Voight’s NSA character also states, “Privacy’s been dead for years because we can’t risk it, the only privacy that’s left is the inside of your head.” This too may also be a truth a little too close for comfort. However, luckily for businesses most consumers do not realize how far the technology has moved in a relatively short period. As such, now would be a good time for executives to consider how they are going to manage their App-centric consumer-privacy policy in advance of the potential pushback.

As a starting point, three recommendations can be made:

  1. Apply the rules of the most regulated market you serve to your global operations.

The principals applicable to good corporate social responsibility can also be applied to data. Just as companies are rebuked for using manufacturing practices in an overseas facility that would be considered illegal or unethical at home, companies need to adhere to ethical, global data privacy standards.

The GSMA-comScore Mobile Media Metrics product http://www.comscore.com/Products_Services/Product_Index/Mobile_Metrix was developed and deployed with co-operation from five mobile operators in the UK. As such it is subject to the country’s strict data protection legislation http://www.legislation.gov.uk/ukpga/1998/29/contents. The UK laws work to protect the individual and this would lead developers to aggregating their data. However, in countries, such as the United States, that lacks such legislation the temptation to focus on the individual’s data, rather than the aggregate is very tempting.

Executives at this point in App development need to reflect on the consequences of their data collection actions very carefully and create customer centric policies. They should note that for most Apps their consumer’s barriers to exit are low, and handset lifecycles short allowing a potential for consumer defection to another App and platform. For example, to favor a mobile device that protects the consumer by changing or modifies data collection, this could be done by sending out high volume random App data requests not affiliated to the user’s real actions and thus hiding the true requests in amongst the chatter.

  1. Do not be opaque in your communications to the consumer.

The vast majority of consumers are not lawyers, and they do not read the legalize that comes with their computer contacts. For example, the Apple “Terms and Conditions” document is 34 pages long and contains 17,462 words.  http://www.apple.com/legal/itunes/us/terms.html#GIFTS While customers may click first and ask questions later, knowledge of this behavior should not be used as an excuse to have them sign off on open data access and the subsequent exploitation of that data for commercial benefit with third parties. Following our first recommendation, consumers in countries with strong data protection policies assume that their well being  has a basis in law, while those in the countries with less legal oversight should be provided with frequent and ample provision to understand a company’s data acquisition and use policies. This leads to our third recommendation, enabling the consumer to act upon their knowledge of a company’s policy.

  1. In opt-out theaters -  make it easy.

Within theaters of operation, such as the EU, the data protection policies favor the default to be that customer data is not collected, and that customers have to ‘opt-in’ for that to happen. In other theaters, including the United States, the default is that consumer data is collected or you can not have the service. To “opt out” is often extremely difficult. As such few people avail themselves of the mechanisms to do so.

For example, Apple collects data on their customers  App usage, which App they have downloaded, how long they use an App, and when an App is deleted. Their Privacy Policy runs to 6 pages (2,417 words) http://www.apple.com/privacy/  and informs US-based customers that Apple may need to collect information including social security numbers, something anathema to UK users. As such it fails to meet our first recommendation for global equality. Apple does however provide a mechanism for opting out of data collection http://support.apple.com/kb/HT4228 ( http://oo.apple.com) but they don’t reveal how many customers have availed themselves of this facility, failing criteria two, nor does this action block the collection of App data by mobile operators, or network routing telcos such as Neustar Inc.

Customers personal data should be treated with respect, and data opt out provision should be made easier, for example, every time a customer pays a bill or there is a policy change  they could be asked to reaffirm their willingness to opt in, preferably in terms less than 34 pages in length. Alternatively, in countries with lax legislation, the customer could be financially compensated for providing their data, a potential win-win compromise solution.

The current situation reminds me of the part in Enemy of the State where Hackman tells Will Smith “You have something they want,” to which he replied, “I don’t have anything” Hackman retorts “Maybe you do and you just don’t know it.” The Smartphone consumer is about to understand that they have something very valuable that business want, and that are being watched, it is just that they just don’t know quite how much yet.

Leave a Reply