Our personal data needs protecting from Big Tech
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Data is quite clearly fuelling our economy. That’s why the business of collecting, analysing and ringfencing it is making its way out of search, ecommerce and social media and into every other area of the economy — healthcare, finance, insurance, education, and beyond.
A Financial Times investigation last week showed that numerous healthcare websites, including WebMD and Healthline, have been sharing sensitive user data with big technology platforms, such as Google, Amazon, Facebook and Oracle and a number of smaller companies. In the US, there were revelations of Google’s own foray into healthcare data collection and analysis, “Project Nightingale”, conducted with America’s second largest hospital group. Google amassed personal medical records on tens of millions of patients, without notifying them or their doctors.
Google has also announced plans to move into another industry — the financial services business — partnering with Citigroup to offer current accounts. The bank will keep its brands on the product, but Google will mine the data. No prizes for guessing who will walk away with the most value from that deal.
Data mining and monetising has long been the core business model for platform technology companies; it is the reason that, according to McKinsey Global Institute, roughly 80 per cent of the world’s corporate wealth now resides in just 10 per cent of companies, many of them in Silicon Valley. But surveillance capitalism is increasingly the business model for every firm, in every industry.
Google is keen to enter healthcare and finance in part because its competitors are already there. But Big Tech also has an edge in those sectors relative to older players. Tech companies are not necessarily subject to Health Insurance Portability and Accountability Act rules, which set privacy standards for traditional healthcare firms and insurance companies, or the penalties that come from breaching them.
Is it any wonder, then, that traditional healthcare providers are trying to find ways through the HIPAA loopholes themselves? Optum, a data company owned by UnitedHealth Group, has filed a patent application for data scraping software that would pull healthcare info from Facebook and Twitter. Others have tried to get around the rules by “anonymising” data, but some research shows algorithms can decode such data and reassociate it with individuals.
The bottom line is that the current regulatory system makes no sense at all in the age of surveillance capitalism. Traditional businesses have to abide by rules that newer ones don’t. There is room for regulatory arbitrage, not just in healthcare but also finance, where “fintech” ventures are not subject to the same rules as banks.
Should we be allowing companies of any sort to collect and monetise data in sensitive areas such as health, financial information, employment and so on? Given the monopoly power, privacy breaches and threats to our political system that have resulted from mass data collection, it is a question worth asking.
But if we do continue to allow it, we need a level playing field. How can innovation happen when no start-up has a prayer of competing with a Big Tech firm, or large healthcare company, or data broker, that has already grabbed the bulk of user information in any given area and made it proprietary?
There is one elegant way to deal with the problem — a public databank, which would be regulated by democratically elected governments. They should decide who is allowed access to citizens’ digital data, and for what purpose it can be collected. Individuals should also be able to see what companies do with their data, and transfer it as and when they like. All key existing civil rights and fairness legislation should automatically apply to such information.
Such a public data cache could be accessed by properly regulated private sector companies of all sizes. That’s an approach being considered in parts of Europe, and in Canada, where the government of Toronto has decided that data gathered by Google for its Sidewalk “smart city” should be in a public bank.
One can imagine a public database having huge value (as it already does in China, albeit without the appropriate debate about usage). As societies shift towards embracing digital identity, and probably digital currency (hopefully regulated by democratic governments, rather than Facebook or the Chinese Communist party), public oversight and transparency could create huge productivity gains, innovations and more user trust. Citizens could vote on how their data is leveraged: they might allow it in healthcare research, for example, but reject it in areas that are purely consumer focused.
The point is that right now we have a system that is not only at risk of bias and fraud, but also completely unfair as a marketplace. That’s not a sustainable situation for either business or liberal democracy. No wonder German chancellor Angela Merkel has called on Europe to create its own digital ecosystem. She’s right that it is time we began asserting our digital sovereignty, not just for political reasons, but for economic ones as well.
Follow Rana Foroohar with myFT and on Twitter
Letter in response to this column:
Legal instruments exist to empower us data subjects / From Sylvie Delacroix and Neil Lawrence, The Alan Turing Institute
Comments