“A full 90 percent of all the data in the world has been generated over the last two years.” 1
One of the side effects of this hyper-connected world we live in is that every one of us has an enormous data foot print. Over the last decade internet companies have allowed us to share every aspect of our lives. Depending on how liberally you spread your personal data, various organisations now know your age, gender, ethnicity, search history, purchasing behaviour, geographical location, friendship group, political orientation, religious beliefs, exercise habits, heart rate, blood pressure and much more.
Interestingly, or perhaps worryingly, the data is in some cases sold to third parties. This obviously makes it harder for you to keep control of your data and it will allow companies to change their offering based on what they know about you. For instance, if your pharmacy sells their customer data onto your life insurance company, it might very well impact your premium.
In terms of mind+machine, these data sets, whether collected or acquired, bring countless opportunities. Companies like Google and Facebook show you adverts based on your search history and preferences, others like Amazon and Netflix suggest books or films you might like based on your past purchases. Some audacious companies will tell you when it is time to exercise and even motivate you to run faster when you are slacking. The more data they have, the better they can tailor their message to you.
In the recent US presidential election Cambridge Analytica collected ‘between 4000-5000 data points on every single adult in the US’. It allowed them to micro-target advertising for their candidate. ‘One email or letter to the timid introvert at No. 22 who cares about jobs and limited government, another to the loud extrovert next door who cares about gun rights and ISIS.’ 2
If all this seems slightly creepy, fear not, legislators in Europe are leading the field with the General Data Protection Regulation (GDPR), which will come into effect in 2018.3 The key aim of this regulation is to put the individuals back in control of their data and it will have a massive effect on a lot of mind+machine use cases. Specifically those using personal information will have to put safeguards in place that automatically comply with the GDPR and the EU–US Privacy Shield, its transatlantic counterpart.
While I will not detail the intricacies of the GDPR here, I want to elaborate on one specific aspect: Profiling.
Profiling has been broadly defined as “any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person or to analyse or predict in particular that natural person’s performance at work, economic situation, location, health, personal preferences, reliability or behaviour.”
This definition includes any big data analytics use case of any data-driven business. It includes for example sponsored suggestions you might get on Youtube or Google as part of your search result and it also includes the work that Cambridge Analytica did for Mr Trump. GDPR will require your explicit consent for this data to be collected and used for personal profiling and for any repurposing of the data.
Obviously this doesn’t mean that these use cases will disappear. A section of internet users will not mind sharing their data or might even prefer having adverts tailored to them. As long as they remain profitable, companies will continue to use them. However organisations that use them will need to do so with a greater awareness of the risk involved. The key here is to us a consistent methodology across all use cases that helps break down the opaque blob of analytics into manageable pieces with clearly allocated responsibilities and accountabilities. Each use case should be managed individually or at least in small homogeneous groups.
In my book mind+machine I spend more time discussing the impact of the GDPR and propose a methodology to help prepare for it. Click below for more information: