Personal data is the raw material that fuels a significant proportion of business operations. A few examples include credit card scoring based on collated personal data from various sources, calculation of premiums based on past driving habits, or the use of online tracking to build complete profiles of individuals and then targeting them with personalized ads based on those profiles. While personal data is highly essential to these business operations, individuals have little to no control and oversight on the collection and usage of their personal data.
There is anger towards the data economy and frequent privacy violations; there are still ways to restore control to the people and rebuild a trust-based and transparent relationship.
This lack of control is due to a few practices common to the current data collection and usage practices:
- Personal data is scattered across so many different companies that it is nearly impossible to keep track of who accesses it, how they use it or who they share it with. For example, data brokersâ€™ business model depends on the collecting, collating, selling and licensing personal data on a mass scale. It is next to impossible to track data across systems and determine whether the data was obtained lawfully or object to the processing of data.
- The reproducible nature of data exacerbates the risks even further, contributing to a growing fear over privacy. Once personal data enters into a business’ internal systems, it can be copied to multiple locations, used by employees on their personal devices, left unprotected on legacy servers. All these processing activities increase unauthorized use or access to personal data.
- Collection, analysis, and personal data transfer are usually conducted behind closed doors not visible to individuals and often with technologies such as machine learning, which is opaque to ordinary individuals. Individuals are often not adequately informed about the use of their data due to reasons such as trade secrets, impracticality, or simply the bureaucratic hurdles caused by the relevant business itself. Even laws such as GDPR and CCPA may not be effective at coercing a business to provide the maximum transparency possible.
Individuals’ lack of knowledge on collection, use and sharing of their personal data inevitably leads to distrust in companies involved in personal data collection.
The imbalance of power and lack of trust is evidenced by a PRC study that found that 76% of Americans do not trust third-party businesses to handle their personal data and feel a sense of lack of control over how their data is collected, managed and used.
Furthermore, Americans outside of California want to have more control over their data and want to have the same protections on their personal data as regulated under CCPA (91%).
While consumer demands are crystal-clear, how to deliver on those demands remains unclear. Personal Data Stores, however, can be an effective solution to remedy consumer concerns and provide them the visibility and control over their data.
Personal Data Stores – An unconventional solution to a bleeding problem
What is the Personal Data Store?
Personal Data Store (PDS) is like a safe for individuals to upload, share, store, edit and erase their personal information, such as addresses, passport numbers, credit history, health records and other information.
One unique character of the PDS is that users(consumers) can unilaterally grant or withdraw consent to access their personal data. Once the consumer decides to block access to her data, the relevant business is prevented from accessing it.
How Personal Data Stores help consumers regain control over their data?
1. Increased transparency equals stronger control
Firstly, Personal Data Store gives complete visibility over what data an individual has, who accesses it, how it is used, and for what purposes.
The scattered nature of personal data in the current ecosystem makes it impossible for individuals to track who retains their data and who they share it with. For example, home address data could be captured and stored by data brokers, postal offices, e-commerce companies and various other entities. If individual wishes to find out who uses their data and how, it would be challenging to contact each entity, fill out forms, and then track requests.
With Personal Data Stores, however, individuals are given exclusive control and visibility over how their data is processed and by whom. Increased transparency is a prerequisite to having control over data and this is what personal data stores achieve.
Thanks to this visibility, consumers can withdraw access to certain third parties, edit personal data that is not accurate and ask for the deletion of their data.
2. Stronger control enables the exercise of privacy rights under the relevant laws
New privacy laws such as GDPR and CCPA provided new rights to consumers, such as the right to deletion of their data, the right to rectify inaccurate data and the right to restrict access to their data.
For consumers to properly exercise their rights under these laws, they first must have complete information about the collection and use of their data. Exercising privacy rights is a decision, and this decision will not be well-informed without individuals having control and visibility.
Via Personal Data Stores, individuals can see which specific data is accessed by which specific third-party on a granular level.
One factor that plays a vital role in the successful implementation of privacy rights is a convenient and swift exercise of those rights. If a consumer has to fill out tens of details to complete a form, wait for weeks to get her privacy right fulfilled, then the essence of such privacy rights would be undermined because the consumers would be discouraged from using their rights.
What if a person changes her health insurance plan and now has to contact multiple pharmacies and hospitals to update this detail?
New privacy laws exist to restore control to the individuals, and this cannot be achieved with processes that make it unbearable for individuals even to try to exercise their rights. In other words, the individuals would not be empowered but rather find themselves in the same powerless position.
Personal Data Store serves the purpose of privacy laws because it streamlines the process of exercising privacy rights such as deletion and data rectification rights. It provides a single user-interface that people can use to send their requests without dealing with the separate and cumbersome procedures set by third-party businesses.
Suppose an individual wishes data concerning her unsuccessful job applications deleted, for instance. In that case, she can log this request via the Personal Data Store, and all relevant third parties will be notified of this request and they will have to execute on such request.
A better future for privacy lies ahead.
New privacy regulations across the globe brought significant obligations on businesses to respect privacy and allow individuals to exercise certain rights over their data. While these new laws and the expansion of privacy is to be celebrated, there is still more work to be done. Personal Data Store can contribute to individuals’ empowerment by allowing them to exercise stricter control over the access and usage of their data.