In anything but name, data is today’s most used currency.
In the current business paradigm, structured by big tech firms over a decade ago and replicated since by a number of online platforms, individuals willingly provide their personal information in exchange for a service. Personal data is subsequently repackaged – anonymised or not – and sold to advertisers and marketers.
Some form of equilibrium establishes itself – in theory – between convenience and value for the users, to whom the services appear to be free, and financial rewards for the platforms which monetize the personal data collected to generate revenues. In reality, the balance has been tilted over time in colossal proportions towards tech firms, whose valuations and profits have soared to historic heights as a result.
Yet it seems that this model may be reaching crisis point. The Pew Research Center recently reported that 64% of Americans have personally experienced a major data breach. And beyond technical and financial considerations, this also impacts confidence negatively, as highlighted by the Axios-Harris Poll 100, suggesting that Americans consider data privacy as the top priority companies should address.
This follows a record number of data breaches reported since 2016, in particular in the US. Following scandals such as the one surrounding Facebook and Cambridge Analytica, people have become increasingly aware of their online vulnerability and distrust for large platforms is setting in more widely.
The unavoidable rise of the Internet of Things will only make the issue more complex, as increasingly more intrusive and personal data will start to be collected about each of us — sometimes unbeknownst to us. Smart speakers, for example, bring intensive, real-time data collection to the comfort of our own living-rooms. This poses new challenges around the issue of consent and privacy: Why would you agree to have your conversation with your friends recorded simply because they own a certain type of smart assistant device?
The EU General Data Protection Regulation (GDPR), was a first step to ensure individuals’ hold over their data. Yet, it remains a European initiative and it is still too early to draw conclusions on its actual impact.
In some industries, the quality expectations around the data required are so high that organisations willingly pay for it. This is the case for example in academic research in which field experiments often require highly precise data. Researchers usually conduct deeply informative surveys on a wide number of participants (to obtain representative samples) who are remunerated for their answers.
If big tech firms were to move towards similar business models where they pay their users for their personal data, could it be a first step towards more transparency and the rebuilding of trust? (a key factor for their long-term success, and the digital transformation of society at large, free of excessive regulation).
The question around data monetization should be at the heart of the evolution of the tech industry for the next decade, but how can it be fair for all, transparent and work at scale?
A first approach to this question could be a top-down valuation of personal data established by online platforms. For example, economists drafted an experiment to value the free services, currently subsidized by the trading of personal data, of some web platforms. Participants on average responded that they were willing to leave Facebook for 110$ and Whatsapp for 600$ – thus valuing the personal data they deliberately provide to those platforms at those prices.
Such model would, however, require tougher enforcement of cybersecurity measures to guarantee that data usage is – and remains – as authorized by the user. As platforms would now be paying for our data, chances are that they would be able to use it but not possess it. In case of data breaches, they would therefore incur a greater liability with respect to their users who will now own and “lend” their data.
An alternative to this top-down model thought by and for large platforms is nonetheless possible. The tokenization – the process of replacing and valuing data with a secured identification symbol – offers such perspective. If tokens were to be backed by personal data and decentralized into a public blockchain, a new, bottom-up, market mechanism could emerge.
Cryptocurrencies might be a channel through which individuals value data. Large platforms needing to access and crawl data, such as Facebook or Google, would purchase the token corresponding to personal data directly to their miners (their users), in a secured way. In turn, the aggregation of tokens sold by individuals and purchased by firms would generate a new market thereby establishing a natural valuation of available tokens.
Such mechanism offers interesting perspectives as users would easily track their personal data value but also actively engage in the data market over which they will be able to share directly the growing benefits.
Yet answering the question of scalability isn’t that easy. The boom and bust witnessed by the ICO market in 2018 proved that the relative convenience and liquidity of tokens can easily lead to large speculative trends. And while trading with cryptocurrencies which did not back highly tangible products or services had no real impact besides financial losses and ecological damages, a similar situation with our personal data would present very high risks for society.
The scalability of such project thus presents as many hopes as risks – that shall be further investigated before diving in a new paradigm.
The Business Transformation Network has posted this article in partnership with Corix Partners.
Jean-Christophe Gaillard is Founder and Managing Director of Corix Partners
He is a senior executive and a team builder with over 25 years of experience developed in several global financial institutions in the UK and continental Europe, and a track-record at driving fundamental change in the Security field across global organisations, looking beyond the technical horizon into strategy, governance, culture, and the real dynamics of transformation.
A French national permanently established in the UK since 1993, he holds an Engineering Degree from Telecom Paris Tech and has been co-president of the Cyber Security group of the Telecom Paris Tech alumni association since May 2016.
He runs the Corix Partners blog and contributes regularly on the CIO Water Cooler, and has previously published articles on, InfoSecurity Magazine, Computing, the C-Suite.co.uk, Info Sec Buzz and the IoD Director websites. He was listed in the top 10 of UK 30 most influential thought leaders on Risk, RegTech and Compliance by Thomson Reuters in April 2017.