We need data protection regimes as much as we need data
A report estimates that Google gets over 3.5 billion searches daily and internet users generate about 2.5 quintillion bytes of data each day. As a result, the total size of digital data will be 175 zettabytes by 2025, which means that information will be more abundant than ever before. Data is now considered an asset class or new currency, sometimes compared to oil since it is harvested and refined in order to "produce" insights. Data is also not new, but a critical resource on the planet growing at an unprecedented pace that is characterised by a high degree of variety, as opposed to being a uniform entity. In the modern world, the advent of machine learning algorithms and the availability of enormous amounts of digital data has given birth to the concept of big data, big data analytics, data ethics, data protection laws, datanomics, data economy, data sovereignty, data surveillance, surveillance capitalism, etc.
Impetus and impacts of data usage
Data types vary immensely, ranging from being processed from satellite imagery to environmental data from sensors, mobile devices data, digital pictures and social media content, credit card data, court data, health data, web-generated data etc. With the development of infrastructure and more efficient data transfer technologies, the colossal accessibility of broadband connections at affordable rates has contributed to realising the digital rights of the people. A 2018 report suggests that there are more than 500 million internet users in India, 731 million in China, and 312 million in the US. The Bangladesh Telecommunication Regulatory Commission's (BTRC) reported in December 2020 that the number of internet subscribers in the country stood at around 111 million.
In such conditions, the rise of the Internet of Things (IoT), machine learning, artificial intelligence, automation and predictive analytics, along with growing interactions between data, transformative technology and people, are continuously constructing promising algorithmic-power and opening up new opportunities for tech companies, governments and people at large. As a result, the task of improving existing or inventing new products and services requires a massive amount of data being collected, processed, utilised and shared throughout the world. For example, Uber runs on data sharing between services providers and consumers. So do apps dealing with food delivery, groceries, banking, insurance, etc. Elon Musk's Tesla is also a data-based-innovation, which is improving the status of self-driving cars. Genomics work with sequencing data is looking forward to improving the status of health IT services. Accordingly, the world has already made a turn towards a data-driven decision-making and supporting paradigm.
However, there is also a growing concern that wherever power lies, there lies the potential for misuse and abuse. This is also true in the data landscape because data is, though useful, not a panacea; meaning that data can also introduce entirely new classes of risks and harm. Potential risks may come from eCommerce brands, tech companies and also public agencies, such as police and military use of facial recognition or body cameras, surveillance CCTV cameras, etc. Although it has a decisive impact on society, traditional governance frameworks and risk mitigation strategies are proving deficient in dealing with the pitfalls of too much data being concentrated in a few hands. It is necessary to deploy risk mitigation mechanisms in the collection, aggregation, sharing and analysis of data, as well as in the monetisation, storage and disposal of data.
For these reasons, concerns have already been encountered in the sphere of public debate on the policy choices regarding the legal and ethical frameworks that apply to data. These include unethical or even illegal use of data insights, reinforcing a bias that already exists in society, and using data for purposes other than originally intended and without their consent. The pertinent questions here are—who should have control of the data? How should such systems be managed, or who should govern the data management, and who should have oversight over that governance? And again, under what conditions should data be collected, used, stored and disposed of? These questions revolve around the management of data availability, accessibility, usability, integrity and security, as well as concerns about ownership, impacts on trade and competition, implications for personal privacy and more.
The current legal landscape
Since most collected and processed data is held by private entities, there is little access to them, even for policymakers and researchers. Moreover, personal data may also be used for surveillance and monitoring purposes, if not effectively regulated. The optimal situation would be a world where data is ethically extracted, refined, distributed and monetised. This requires a robust regulatory framework that set out the rules for mining, owning, sharing and processing data in a responsible way.
The worlds' landmark law in this regard is the European Union's General Data Protection Regulation (GDPR, 2018), which protects personal information from being used for monetary gain without the full understanding or consent of the people concerned. The 2018 Data Protection Act in the United Kingdom also deals with the regulation of personal data used by organisations, businesses or the government. In the US, there is a number of laws regarding data in the different states of the country. The most recent law with regards to data is the California Consumer Privacy Act (CCPA, 2018), which recognises some rights, including the right to know, right to delete, right to opt-out and right to non-discrimination. Australia also has regulations such as the 1988 (Australian) Privacy Act. However, Bangladesh and India are yet to enact any specific legislation on data protection to date.
As mentioned before, data breaches by private companies is now a profound legal and ethical issue. In October 2018, the UK's data protection watchdog, the Information Commissioner's Office (ICO), fined Facebook GBP 500,000 for its role in the Cambridge Analytica scandal that allowed a serious breach of the data protection law. In July 2019, the Federal Trade Commission in the US fined Facebook around USD five billion after an investigation into eight separate data privacy related violations, which was certainly record-breaking and historic. Data awareness and protection regimes are now becoming increasingly significant in the modern world, and there are few who can ignore the need for having such regimes. We, in Bangladesh, cannot afford to be complacent for much longer either.
Md AB Malek is an independent researcher from Dhaka. Email: [email protected]
Comments