Personal information greases the wheels of many of the services we take for granted today, to the point that some even call it “the new oil.” Ontario’s Privacy Commissioner Ann Cavoukian calls these services, collectively, “Big Data,” and warns that:
Big Data’s current use of personal information is unsustainable, increasingly resulting in ‘pollution’ via privacy infringement…If not properly addressed, the privacy and economic concerns raised by Big Data threaten to decrease individuals’ willingness to share their personal information—in effect, cutting off the flow of the ‘oil’ on which the analytic ‘machinery’ of Big Data runs.
Cavoukian proposes to transform this unsustainable new oil into a renewable resource by engaging people and organizations that use their data in the concept of the personal data ecosystem, where individuals better control their personal data and also derive direct benefits from its use—beyond free access to products and services and convenient access to marketing. However, for the personal data ecosystem to protect individuals’ information and offer sufficient value to both individuals and the organizations that use their information, Big Data needs a personal counterpart: Big Privacy.
The commissioner has released a white paper to address how Big Privacy could work by applying the principles of Privacy by Design. “Big Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design” outlines the seven elements of Big Privacy that “mutually complement and reinforce one another while also enabling Big Data to coexist with privacy objectives”:
- “Personal clouds” linked into personal cloud networks manifest a real, active personal data ecosystem. They provide individuals with control of virtual compute capabilities which proactively protect personal information and engage as peers with other personal clouds or business clouds on the individual’s terms.
- “Semantic data interchange” gives individuals fine-grained information-sharing control and enables personal cloud services to attach individuals’ privacy preferences and policies to their data in a standard, interoperable and machine-readable form.
- “Trust frameworks” provide transparent and open governance of personal cloud network ecosystems where individuals, organizations and service providers are members, contractually binding them to respect the rules and tools established by the trust framework.
- “Identity and data portability” provides the ultimate guarantee that individuals and organizations—not their service providers—control their own data.
- “Data-by-reference” (or subscription) enables individuals or organizations to change their minds about how their data may be used—for example, by revoking the rights of a Big Data system to analyze their data.
- “Persistent accountable pseudonyms” allow individuals to express themselves freely but with a certain discretion, remaining within the context of what is legally acceptable.
- “Contractual data anonymization” provides a way, along with accountable pseudonyms, for valuable Big Data systems to operate in compliance with all privacy regulations and personal preferences, allowing patterns to be found on an aggregate level without the need for identifiable personal data.
Both individuals and Big Data win in this scenario, according to Cavoukian. Individuals gain control over their information and organizations that use individuals’ personal information can reduce administration and compliance costs and access better quality information. It might seem far-fetched at the present moment, with companies seeking and exploiting ever more personal information, but a number of organizations are working to implement such Big Privacy frameworks right now. Moreover, people are increasingly concerned about the fate of their personal data and governments are beginning to take notice.
The benefits of this approach at this time may be limited, without broad implementation and adoption of the Big Privacy and personal data ecosystem principles, but organizations should be aware that the future of personal data might look vastly different than the present.
