Equifax’s data leak was truly monumental; it involved compromised information of 145 million people. An interesting part of the story was the hearing with former and current executives of Equifax, Yahoo, and Verizon at the US Senate Commerce Committee. In this hearing the interim CEO of Equifax Paulino do Rego Barros indicated that it is Equifax and other companies that own this consumer data, not consumers, and consumers have no control over it. This even when it emerged that several customers have had their data collected without their directly knowledge. How long can it continue like this?
At the same hearing Marissa Mayer, the former CEO of Yahoo, admitted that she believes consumers should own their own data. But Equifax didn’t even commit to pro-actively notify people whose data might have been compromised. This all, of course, raises a question, what lawmakers can and should do. The EU brings General Data Protection Regulation (GDRP) in the next year to give more control to consumers. Or could it be the market and new technology offer solutions for this before lawmakers really do much more?
The question about ownership of certain data is not simple. One can argue that an individual should own all the data that is from her or him. Someone else can argue that if you use a bank account or credit card, the bank or credit card company in question owns the data linked to those accounts. It is a little bit like, if two parties have a phone call, is it both of them or neither of them that own the rights to the call and can for example publish it?
Probably the fundamental question isn’t who owns the data. The question is, who can use it and for which purposes. Now the situation is not in balance. Companies collect all kinds of data from individuals, sell it to other companies, combine it with other data sources, and utilize it for their own business. At the same time, consumers often cannot even have their own copies of this data, don’t know to whom their data is sold, and how it is combined with other data sources. When all the data was in paper form, the situation was probably better for consumers, they at least had their own papers at home.
Google and Facebook have been criticized for collecting data and using it for business. At the same time, those, and some other internet companies, offer tools for consumers to see their own data, export a copy and also delete them. Banks, publishers, retailers, and many others companies collect a lot of data, but typically consumers have no visibility to this data and how it is used.
Finance services and health care are two areas where companies have a lot of data from people. It is often also very sensitive information in nature. There are many companies in those industries, and people often use services from several companies. It is often valuable too for the consumer that companies can share information between them. For example, when you go to a doctor or hospital, it can help in your treatment that they know your medical history, and when you apply for a loan or use wealth management services, your finance history helps to find the right products and make decisions. But it must be consumer’s decision to share this data.
I earlier wrote that data should enable consumers to do things, not only help companies to optimize their businesses. Similarly, consumers should also have their own copy of their data and the ability to use it when it offers value for them. For example, they could go to a new hospital and insurance company with their personal medical history, or apply for a loan or make personal finance planning with their own data.
We have had two parallel, but slightly opposite, developments with the internet. While each individual can generate more activity - for example publish his or her photos, articles and have their own e-commerce site - the data is concentrating more to some central places, such as to big companies, data aggregators, and data processors (for example Equifax or online marketing platforms). Now we can see developments that we could move to more distributed models with data too and individuals could get better control over their data.
This technically is also linked to blockchain development that particularly has an impact on the finance industry. Blockchain basically distributes finance data, transactions and authority around the Internet, to individuals and their nodes. A person can have her or his own bitcoin and cryptocurrency wallet, which is not the account of a bank or finance institution. Now we will see solutions where people can have their own safebox for their finance, health care, and other data.
Lawmakers will probably try to give further rights to consumers to control their own data; in some countries sooner, some later. But new distributed ledger and data models can empower consumers sooner to take control and impact the balance. In finance and data services we can see development that the control and databases will be distributed. It is not anymore a hierarchical centralized model to manage data, but it will be a distributed model with the consumers in control.
Written by Jouko Ahvenainen, Prifina Co-founder.
First published on Telecom Asia.