Connect with us

Data

GDPR Adequacy Decision of UK Aims to Focus on Innovation over Privacy

Published

on

UK GDPR Adequacy Decision

Former chief New Zealand privacy regulator and Facebook critic, John Edwards has been named to replace Elizabeth Denham as chief of the UK’s data protection watchdog, the ICO, as the government promises a post-Brexit “shake up” of data rules and a possible watering down of GDPR.

While GDPR is seen as the gold standard for data privacy and is being copied not only by other countries, but also by individual states in the US, there has been no progress at all to create an equivalent federal privacy law in the US Congress. 

Furthermore, the EU’s focus on privacy as a human right and the US prioritization of mass surveillance for national security are fundamentally at odds. Two transatlantic data sharing treaties have been struck down, Safe Harbor and Privacy Shield. And we now face a mismatch between legal reality in which organisations are not allowed to use cloud or data services from US tech firms as none comply with GDPR, and a political reality in which everyone is turning a blind eye as there is currently no realistic alternative.

Furthermore, there is unlikely to be any breakthrough as long as there is partisan gridlock in Congress and no real will in the US to uphold the privacy of its allies by protecting them from its own surveillance regime.

The UK, as ever, occupies a mid-Atlantic position: as a member of the Five Eyes Consortium it is complicit in the US mass surveillance, but as a necessity for its post-Brexit trading arrangements it has been granted a GDPR ‘adequacy’ decision by the EU allowing data to continue flowing freely between the EU and the UK.

Enter John Edwards, a notable Facebook critic who has headed up the Office of the Privacy Commissioner In New Zealand for the last seven years and who is now going to replace Elizabeth Denham as head of the UK’s ICO. 

In the wake of the 2018 Cambridge Analytica data misuse scandal Edwards publicly announced that he was deleting his account with the social media company — accusing Facebook of not complying with the country’s privacy laws.

His appointment aligns with the UK government’s agenda to tame the tech giants as it works to bring in safety-focused legislation for digital platforms and reforms of competition rules that take account of platform power.

Boris Johnson had already commissioned a special task force to investigate how the UK could reshape its data policies outside the EU, also issued a report this summer — in which it recommended scrapping some elements of the UK’s GDPR altogether — branding the regime “prescriptive and inflexible”; and advocating for changes to “free up data for innovation and in the public interest,” as it put it, including pushing for revisions related to AI and “growth sectors.”

At a time when the Irish, which are largely viewed positively by their EU colleagues, are being rebuked for failing to uphold and enforce GDPR, any move by the UK, which is not viewed at all well by them on most fronts, to diverge from its data-sharing commitments and dilute its own version of GDPR, is likely to cause alarm. 

UK GDPR Adequacy Decision

Despite the fact that its GDPR ‘adequacy’ decision is time-limited to four years, the UK government is risking any chance of this being renewed by preparing to reveal how it intends to “reform” (aka: reduce) domestic privacy standards.

Those in favour of reform, point to the cost of compliance, the chance to do away with frustrations such as cookie pop-ups, and the need to resolve the problem with the legal use of US cloud services – rather than ignoring the problem. They also question the point of a more rigorous regime, if, as in Ireland, it is not being enforced.

Those against reform, argue that if a UK firm trades with Europe or even processes or stores the personal data of a single EU citizen then it needs to comply with EU GDPR anyway. Most organisations will therefore need to conform to the higher standards set by the EU and will want to avoid having to run two separate systems in parallel. They will therefore experience no benefit from any dilution of UK GDPR. Furthermore, the UK risks failing to have its GDPR ‘adequacy’ decision renewed in a few years time. 

The potential costs of complying with two different systems or of facing regulation or litigation from either the EU or UK make this an issue that all senior executives need to be aware of.

Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. At a growth rate of 15 percent year over year — Cybersecurity Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.

Whatever your situation, you need to expect the cost of your cybersecurity to increase over this period and your data privacy compliance costs are also likely to increase – more so if you end up complying with both the UK and EU versions of GDPR.

Data

The battle for your privacy – is it already lost?

Published

on

Spoiler: yes, it is – though there are things you can do which I’ll look at in a future blog. Your online activity is tracked in more ways than you know – and not just with cookies on web pages. Your telco service providers track you. Apps on your phone and tablet track you. Search engines, social media, smart speakers, your TV, and credit agencies all track you. That font on the web page? Tracking you. That Facebook logo you used to share a link or news article? It tracked you. So does WhatsApp1. You don’t use Facebook or Google? They’re still tracking you. Did you get an iPhone because Tim Cook says it’s private? There’s good news – leave it in the box turned off, and it is.

The stark fact is that in the digital world, you are nothing but a product to be sold, quite literally, to the highest bidder2.

The physical world isn’t much better

Out there in real life, things are better, right? Wrong. We mostly all carry our phones with us, and it becomes a personal town crier about our behaviour. Stores have what’s known as ‘beacons’ that connect to your phone via apps like Facebook. Ever visited a department store concession and then got loads of ads right after? What a coincidence! Nope, they knew you were there, and they think you’re a hot prospect, even if you looked and hated everything. The tracking continues with ‘free’ in-store WIFI.

But of course, you turned off WIFI, Bluetooth and location services before left your home, right? No, you didn’t? It’s not a surprise because you’ve been groomed not to. 

In addition, facial recognition and gait analysis AI are increasingly used, which are clearly more invasive than security cameras. Once the preserve of national security services, this tech is now well embedded in commercial organisations. In the case of Amazon’s checkout-free stores, they actually watch everything you put in your basket, so you can just walk out and be billed. Convenient, but how is that data used? I’m sure everyone who uses those stores has read the privacy policy and know already. No need to worry then…

Does it really matter?

I’m pretty sure that if someone physically followed you everywhere you went and watched what you did, taking detailed notes, you’d get pretty hacked-off with it. As it’s all digital and mostly hidden, we put up with it.

I can see the argument that ‘It’s just a computer running algorithms to serve me ads, so what’s there to worry about?’ It’s true, but there are also nefarious aspects to it. You need to consider the points below, in addition to that embarrassing ad served to your nan when she borrowed your tablet:

  • You could end up paying more for goods or services because of your profile. It’s not legal everywhere, and even where it is illegal it’s very difficult to police 
  • If the company holding data about you is hacked, it could be used for criminal purposes such as the theft of your identity, theft of your property or assets, or even to extort you
  • Compulsive spending, gambling addictions and other mental health issues could be fed by ads and content that follow you around the internet
  • Government and security agencies can access commercial data, which could lead to more invasive surveillance if your metadata reveals connections to people or groups deemed of interest, even if your own connection to them is innocent or accidental
  • Do you tend to get searched every time at the airport? It could be ‘pre-crime’ AI picking you out due to the digital trails leave3

It’s worth noting that these points don’t offer a complete picture, they’re just the tip of the iceberg.

OK, so what about privacy laws and regulations?

You’re probably thinking about the EU’s General Data Protection Regulation (GDPR), the California Consumer Protection Act (CCPA) and other similar laws that have spread around the world in recent years.

The truth is that the laws are there, but privacy violations aren’t policed at all in most cases – it’s up to us to tell regulators (or lawyers) after we’ve approached the offending organisation. Data breaches and well-researched cases brought by experts will get looked at of course4, but it depends where in the world you are.

Is it time to give in?

Keep fighting is my view, there is momentum out there. Privacy awareness is increasing, and even Google is changing – they will end tracking cookies in a few years. Don’t get too excited though, there’s lots of other tracking tech out there, which will only increase. Google are merely shifting position5, not stopping what they do. Cloud providers and thousands of SaaS companies already offer more tracking tech and personal data analytics services than you can imagine. And that’s before we get to data brokers who make data about you, their business.

Want to understand more? Check out the links below, and watch out for my next blog, where we’ll look at how you and your data are sold, and dive deeper into our world of creeping surveillance. 


Sources:

1: WhatsApp insist they don’t read your messages, but metadata about your contacts and usage is shared with other Meta companies, Facebook’s parent. Learn about metadata here:
https://www.youtube.com/watch?v=xP_e56DsymA

2: UK regulator says real-time bidding violates GDPR, Martech, June 2019
https://privacyinternational.org/examples-abuse/1981/pre-crime-software-border-guards

3: Pre-crime Software for Border Guards, Privacy International
https://privacyinternational.org/examples-abuse/1981/pre-crime-software-border-guards  

4: NOYB (None of Your Business) is a good example of legal expertise used to bring privacy cases with regulators:
https://noyb.eu/en 

5: Google’s cookie ban and FLoC, explained, Wired, May 2021: https://www.wired.co.uk/article/google-cookies-floc  

Continue Reading

Data

Sustainability: using Data, AI and IoT for good

Published

on

Data growth is always bad news, isn’t it?

You’d probably think all data growth is evil after my last two blogs1. I laid out how uncontrolled data growth was bad for your carbon footprint, bad for your risk exposure and bad for your budget. Unrestrained collection of personal data means it’s also bad for your privacy, too.

There’s an old saying ‘You can’t see the wood because of the trees’2, and this is all too often the case when it comes to data. We have so much of it, we can’t see or find the data that matters. Which, ironically, is a problem we won’t have for much longer with actual forests, given the way we’re working at deforestation.

Controlled and smart data growth can, however, be good for our planet. It already has been – we’d have wrecked the ozone layer without the satellite data collected decades ago that led to an unusually successful global effort. In the future our ability to collect and process even more data will be transformational, and we’ll absolutely need it to help us meet climate goals if we’re to sort this mess out.

The main reason we know where the climate emergency will take us is down to the digital modelling3 of our world. Due to our ability to collect ever more granular data, these models have got better over time. It’s allowed us to shift from a debateable ‘we think’ to a level of certainty that we can now say ‘there’s no doubt’. And digital models are driving change everywhere, in lots of positive ways.

Twins – but not the Schwarzenegger and DeVito kind

If you’ve ever seen the film Twins, where the two actors above played genetically engineered twins, you might think that ‘digital twins’ bear as much resemblance. You’d be wrong.

Machine learning and AI’s ability to process data has progressed so much in a relatively short time. We can use it to drive engineering efficiencies that improve reliability and extend the working life of all kinds of components. Aircraft engines once had 8-10 sensors, now they have many thousands, and data collected from them leads to all sorts of improvements. In a similar fashion, trains can create multiple terabytes of data in a relatively short space of time. Sensor tech has changed too – it’s not just about temperature, pressure, motion, or speed anymore, it’s now also about what machines can ‘see’, too.

This allows us to design better stadiums, model more efficient cities and transport systems, and make them smarter. Combining all these sensors with reliable networks means we can understand how events or extremes applied in the digital world, to a twin, will play out in the physical world. And what’s even more exciting is the capacity to use AI to do this in real-time, allowing us to react and avoid dangerous or wasteful situations arising in the first place.

It’s not all about avoiding a disaster or an extreme situation in a big, smart city though. AI running all the time in the background will have an increasing direct benefit on sustainability, pretty much everywhere. Things such as energy efficiency, optimised use of resources and limiting waste production can work in buildings, manufacturing plants, hospitals, Universities, or pretty much anywhere. Google famously pointed its own AI tech at datacentre cooling4 and saved 40% on its cooling bills, which produced a corresponding reduction in CO2.

IoT and 5G – they’re not just hype

While my angle in this blog centres on data, data relies on many components before it can be collected and used, and the two biggest deals here are the Internet of Things (IoT) and 5G. I can almost hear many of you thinking ‘5G? How many folks really have access to that???’

Right now, the real deal about 5G for many of us is the infrastructure changes to support it – the cables and switches that get the data to and from the 5G masts. It’s not just had an incremental upgrade; it’s all getting a mammoth one. This extra capacity is what’s allowing AI and sensor data to help us radically change things, and it’s happening even if you can’t get (or don’t use) a 5G signal yourself just yet. Many cities are already smarter than you think and 5G will allow them to get smarter. Really smart.

Sustainability doesn’t have to be a cost centre

There’s a lot of negative talk about how much it costs to be sustainable. It will vary by what business you’re in of course – there will be losers. That said, I’m a great believer that every organisation has a chance to change and for many, sustainability will have a cash benefit, not a cost. So, sticking to my data theme, what can you do?

  • Think about reducing/expiring unnecessary data – it all has an impact and a potentially much bigger cost/risk profile (see here)
  • Some (whom I disagree with) say that data is ‘the new oil’. Sadly, if you don’t think about where you store it, it could be powered by the old black stuff (or another fossil fuel)
  • Think about shifting it to the cloud. The big cloud providers are mostly powered by renewables, and reach a level of efficiency that most orgs can’t get close to themselves
  • In closing I’ll say that we’re heading for exciting changes in this area, and while AI, IoT and 5G get all the hype, our old friend data is what’s making it all happen. And the best part? For those of you so inclined, you can play a part too. If you want to experiment with actual data as a Citizen Data Scientist, there are many open-source libraries you can access – often published by higher education establishments or local governments (even smart city data) and by commercial organisations. As a commercial entity, you could even tap into this community yourself5.

    For those less analytically inclined, there is an ever-growing number of ways to participate in Citizen Science6 and play your part as a (really) smart sensor – something your kids can enjoy too. Data isn’t always good or useful, but the good stuff has the possibility to be priceless to us all.

    Sources:

    1: 1st blog: https://elnion.com/data-sustainability-and-fixing-the-pain-you-didnt-know-you-had/ , 2nd blog https://elnion.com/when-ransomware-is-also-leakware-what-can-you-do/

    2: Changed slightly for ease of understanding, the actual saying is ‘You can’t see the wood for the trees’ https://www.collinsdictionary.com/dictionary/english/cant-see-the-wood-for-the-trees (link also explains the US variation)

    3: Diagnosing Earth: the science behind the IPCC’s upcoming climate report, Aug 2021 https://www.nature.com/articles/d41586-021-02150-0

    4: AI for data center cooling: More than a pipe dream, Datacenter Dynamics, April 2021

    https://www.datacenterdynamics.com/en/analysis/ai-for-data-center-cooling-more-than-a-pipe-dream/

    5: How to Use Citizen Data Scientists to Maximize Your D&A Strategy, Gartner, June 2021

    https://www.gartner.com/smarterwithgartner/how-to-use-citizen-data-scientists-to-maximize-your-da-strategy

    6: Citizen Science Provides Useful Data For Sustainable Development Goals, International Study Shows, Forbes, July 2020, https://www.forbes.com/sites/jeffkart/2020/07/15/citizen-science-provides-useful-data-for-sustainable-development-goals-international-study-shows/

    Continue Reading

    Data

    Data sustainability, and fixing the pain you didn’t know you had

    Published

    on

    The search to make data sustainable

    I was recently researching some stats on IT and data sustainability related to the UN’s 17 Sustainable Development Goals (SDGs). While looking, a social post led me to a few sites that focus on SDG 3: Good Health and Wellbeing.

    The sites included stories showing the results of operations that are commonplace in the first world but are sadly much less common in many poorer countries. They showed/recounted the moment when the bandages come off, and the person smiles. It’s a truly special smile that only comes when someone’s chronic pain is gone, or a core faculty such as sight or mobility returns.

    Due to the fact I was searching for sustainability information on IT and data, it got me thinking: many businesses could have a ‘bandage removal moment’ of their own if they properly got to grips with their data.

    Now, before I go any further, I want to stress that I’m not comparing an individual’s suffering to a business problem, I really am not. There is a correlation though, and an opportunity to reduce your carbon footprint, which matters to everyone.

    Uncontrolled data growth: a sustainability blind spot

    ICT and particularly data have a huge carbon footprint. If ICT was a country, calculations indicate1 it would fall somewhere between Germany and Japan2 in terms of CO2 output, with the highest estimates even eclipsing the output of Japan. This means your data has an impact on us all, but mostly on poorer nations, as highlighted by representations at COP26.

    The data pain that I alluded to is uncontrolled growth – something most midsize to large organisations suffer from – which is a creeping condition that’s rarely dealt with until it becomes critical. Dealing with it early has many benefits, even if you do put your finances before saving the planet.

    Why is data painful & what are the symptoms?

    If you think about it, much of this is obvious, but it’s become normalised. There’s the high cost of enterprise arrays, and storage upgrades come around all too quickly. Cloud storage costs rise. There’s the increased burden of data governance and compliance. Security issues continue, with the associated risks of a data breach. Then there are the backup and replication costs, of which an increasing number are hidden due to them being a tick-box option lumped-in to the cost of cloud services (and often fail in terms of value and meeting retention/recovery needs). Nor can we forget disaster recovery (DR) where costs can be substantial.

    Too much data also leads to a lack of visibility. Finding the right data can be hard. Finding quality data is harder still. I can’t tell you the number of times I’ve seen companies put projects in place to collect and store data that they don’t realise they already have. Unsurprisingly, data availability and quality is #2 on the list of reasons analytics and AI projects fail in the finance industry3, and I’m confident you’ll find similar stats whatever sector you work in.

    Why does it happen?

    In most cases, data ownership is a root cause. It’s either no-one’s, someone else’s, everyone’s or ‘just mine’. Not having an organisational owner for all data means that no responsibility equals few real controls. Then there is a lack of training on data management, which allows regular human nature to flourish – hoarding being the worst of many ills. Always remember – data value peaks and troughs, but risk (mostly) remains constant – particularly in our increasingly regulated world.

    Once a data growth problem is bedded in, it becomes too big to deal with and generally sits obstinately at the bottom of the ‘too hard’ pile. Until, that is, it becomes unsustainable from a business perspective, and action must be taken.

    Business vision restored

    Imagine for a moment that you get a grip on your data – what happens? Several good things:

    • Reduced risk – a smaller attack surface, tighter security and less chance of compliance failures, fines, and brand damage
    • Savings on all the storage challenges mentioned above, with big wins in storage costs/cloud billing, plus faster recovery times and lower DR costs
    • Your carbon footprint will be lower

    Perhaps the biggest business win though, is opportunity. With a handle on all your data, transformation plans can become a reality much faster, so you’ll be delighting customers and shareholders alike. Contrary to popular belief less data, not more, will make your business smarter and more agile. You’ll also get to smile (no bandage required) in the knowledge that you’re helping to save the planet.

    What can you do?

    Without a sound case or a compelling event, your data problems will stay firmly at the bottom of the pile, so you need to do several things:

    • Look at the numbers – start with unstructured data as that is often where the problem lies – it could be up to 80% of your total. Be sure to poke around for hidden costs
    • Include every aspect – data management costs, governance costs (inc. risk), other risk factors and importantly, the cost of missed opportunity
    • Understand the opportunity of data – it’s transformational (AI/ML etc.) – but only if you can find the data of the right quality. Investigate data project delays/failures in this area
    • If you’re talking to the board, reference bottom line savings, ransomware, compliance fines/data breaches, and subsequent reputational damage

    If you’re growing, you can avoid a lot of the potential problems by acting early. There’s no magic bullet – it really is a people, process and technology issue. If you’re an enterprise, you must start with discovery. Profile your data to find out how much of a mess you’re in – after that, automation is your friend but be careful… there’s a lot of technology snake oil out there.

    If you found this blog interesting or useful, then do like I did and wonder over to some causes that make a real difference to real lives. As I’ve talked about ‘that special smile’, the Smile Train does exactly that kind of work, and Cure Blindness brings smiles by returning people’s sight. With a focus on carbon emissions recently at COP26, hopefully this has served as a reminder that sustainability4 comes in many forms. Wouldn’t it be great if you reduced your emissions and helped these charities? After all, every positive action has an impact!


    Sources:

    1: Emissions from computing and ICT could be worse than previously thought, Science Daily, Sept 2021 https://www.sciencedaily.com/releases/2021/09/210910121715.htm

    2: Carbon Emissions by Country, Worldometer, 2019 https://www.worldometers.info/co2-emissions/co2-emissions-by-country/

    3: 21 Top AI Adoption Challenges for the Finance Industry, Analytics Week https://analyticsweek.com/21-top-ai-adoption-challenges-for-the-finance-industry/

    4: SDG 3: Ensure healthy lives and promote well-being for all at all ages, United Nations, 2021 https://unstats.un.org/sdgs/report/2021/goal-03/  

    Continue Reading

    Trending On Elnion

    Copyright © 2021 ELNION ONLINE - All rights reserved.