The paradox of privacy
When you're driving the car, would you let an employee from a corporation sit in the passenger seat and record details on what route you're taking, which music you listen to and the text messages you send and receive?
When you're sitting at home watching TV with your family, would you let an employee from a corporation sit on the sofa next to you and record details on what types of TV shows you watch?
When you're in the gym working out, when you're going for your daily walk, would you let an employee from a corporation stand alongside you and record details on how long you walked, where you walked, and how your body responded to the physical activity?
I suspect many of you would answer 'No' to all 3 questions. However, that's exactly the future that is being painted after the recent Google I/O event. Aimed at software developers, it revealed a glimpse of what Google have got planned for the year ahead. New services such as Android Wear, Android Auto, Android TV and Google Fit promise to change our lives.
In this article titled 'Google's master plan: Turn everything into data!", David Auerbach appreciates how more sensors in our homes, cities and on our bodies is a hugely lucrative opportunity for a company like Google. "That information is also useful to companies that want to sell you things. And if Google stands between your data and the sellers and controls the pipe, then life is sweet for Google."
In a brilliant article by Parmy Olsen, she writes about the announcement at I/O about Google Fit, a new platform. "There’s a major advertising opportunity for Google to aggregate our health data in a realm outside of traditional search". Now during the event, Google did state that users would control what health and fitness data they share with the platform. Let's see whether corporate statements translate to actual terms & conditions in the years ahead.
Why are companies like Google so interested in the data from your body in between doctor visits? As I've stated before, our bodies generate data 24/7, yet it's only currently captured when we visit the doctor. So, the organisation that captures, stores & aggregates that data at a global level is likely to be very profitable, as well as wielding significant power in health & social care.
Indeed, it could also prove transformative for those providing & delivering health & social care. In the utopian vision of health systems powered by data, this constant stream of data about our health might allow the system to predict when we're likely to have a heart attack, or fall?
Privacy and your baby
When people have a baby, some things change. It's human nature to want to protect and provide for our children when they are helpless and vulnerable. For example, someone may decide to upgrade to a safer car once they have a baby. We generally do everything we can to give our children the best possible start in life.
If you have a newborn baby, would you allow an employee from a corporation to enter your home and sit next to your baby and record data on it's sleeping patterns? In the emerging world of wearable technology, some parents are considering using products and services where their baby's data would be owned by someone else.
Sproutling is a smart baby monitor, shipping in March 2015, but taking pre-orders now. It attaches to your baby's ankle, and measures heart rate and movement and interprets mood. It promises to learn and predict your baby's sleep habits. You've got an activity and sleep tracker for yourself, why not one for your baby, right? According to their website today, 31% of their monitors have been sold. The privacy policy on their website is commendably short, but not explicit enough in my opinion. So I went on Twitter to quiz Sproutling about who exactly owns the data collected from the baby using the device. As you can see, they referred me back to their privacy policy, and didn't really answer my question.
@ManeeshJuneja @johnchavens Nobody will access your data without your consent. For more information, please visit: http://t.co/6rD1qJjIaT
— Sproutling (@sproutling) August 13, 2014
The paradox
What's fascinating is how we say one thing and do another. A survey of 4,000 consumers in the UK, US and Australia found that 62% are worried about their personal data being used for marketing. Yet, 65% of respondents rarely or never read the privacy policy on a website before making a purchase.
In a survey by Accenture Interactive, they found that 80% of people have privacy concerns with wearable Internet of Things connected technologies. Only 9% of those in the survey said they would share their data with brands for free. Yet, that figure rose to 28% would share their wearable data if they were given a coupon or discount based upon their lifestyle.
Ideally, there would be a way in which we as consumers could own and control our personal data in the cloud and even profit from it. In fact, it already exists. The Respect Network promises just that, and was launched globally at the end of June 2014. From their website, "Respect Network enables secure, authentic and trusted relationships in the digital world". Surely, that's what we want in the 21st century? Or maybe not. I haven't met a single person who has heard of Respect Network since they launched. Not one person. What does that tell you about the world we live in?
Deep down, are we increasingly becoming apathetic about privacy? Is convenience a higher priority than knowing that our personal data are safe? Is being safe and secure in the digital world just a big hassle?
A survey of 15,000 consumers in 15 countries for the EMC Privacy Index found a number of behavioural paradoxes, one of which they termed "Take no action", "although privacy risks directly impact many consumers, most take virtually no action to protect their privacy – instead placing the onus on government and businesses". It reminds me of an interaction I had on Twitter recently with Dr Gulati, an investor in Digital Health.
@ManeeshJuneja simplistically: choice between "nanny state" option or the "rights aware consumer" option. latter has many advantages
— Vishal Gulati (@vgul) August 23, 2014
What needs to change?
Our children are growing up in a world where their personal data are going to be increasingly useful (or harmful), depending upon the context. What are our children taught at school about their personal data rights? It's been recently suggested that schools in England should offer lessons about sex and relationships from age 7, part of a "curriculum for life". Shouldn't the curriculum for life include being educated about the intersection of your personal data and your privacy?
We are moving towards a more connected world, whether we like it or not. Personally, I'm not averse to corporations and governments collecting data about us and our behaviour, as long as we are able to make informed choices. I like how in this article about the Internet of Things and privacy, Marc Loewenthal writes "discussions about the data created are far more likely to focus on how to use the data rather than how to protect it". Loewenthal also goes on to mention how the traditional forms of delivering privacy guidelines to consumers aren't fit for purpose in an increasingly connected world, "They typically ignore the privacy notices or terms of use, and the mechanisms for delivering the notices are often awkward, inconvenient, and unclear".
When was the last time you read through (and fully understood) the terms and conditions and privacy policy of a health app or piece of wearable technology? So many more connected devices, each with their own privacy policy and terms and conditions. Not something I look forward to as a consumer. The existing approach isn't effective, we need to think differently about how we can truly enable people to be able make informed choices in the 21st century.
Now, what if each of us had our OWN terms and conditions and privacy policy and then we could see if the health app meets OUR criteria? We, as consumers, decide in advance what we want to share, with whom, and what we expect in return. How would that even work? Surely, we'd need to cluster similar needs together to perhaps form 5 standard privacy profiles? Imagine comparing three different health apps which do they same thing, but you can see instantly that only one of them has the privacy profile that meets your needs? Or even when browsing through the app store, you choose to only be shown those apps that match your privacy profile? That would definitely make it easier for each of us to be able to make an informed choice.
Things are changing as it was revealed last night that Apple have tightened privacy rules in their new operating system for people developing apps using their new HealthKit API. An article cites text pulled from the licence, developers may "not sell an end-user's health information collected through the HealthKit API to advertising platforms, data brokers or information resellers," and are barred from using gathered data "for any purpose other than providing health and/or fitness services."
Apps using the HealthKit API must also provide privacy policies.
This news is definitely a big step forward for anyone who cares about the privacy of their health data. Although the guaranteed link to a privacy policy doesn't necessarily mean it will be easy to understand for consumers. I also wonder how companies that develop health apps using the HealthKit API will make money, given current business models are based around the collection and use of data.
Will the news from Apple make you more likely as a consumer to download a health app for your iPhone vs your Android device? Will it cause you trust Apple more than Google or Samsung? Have Apple gone far enough with their recent announcement or could they do more? Will Apple's stance lead to them becoming THE trusted hub for our health data, above and beyond the current healthcare system?
How can we as individuals do more to become aware of our rights? As well as the campaigns to teach people to learn how to code, should we have campaigns to teach people how to protect their privacy? When commentators write that privacy is dead, do you believe them?
We're heading towards a future where over the next decade it will become far easier to use sensors to monitor the state of our bodies. Would you prefer a future where my body=my data or my body=their data? The choice is yours.
[Disclosure: I have no commercial ties with the individuals and organisations mentioned in this post]