With rising cyber-crime and the exploitation of personal data for commercial gain, companies have to work hard to gain consumer trust
Throughout the day, for business and pleasure, most of us create, release and share content about ourselves into the immensity of the worldwide web, inadvertently leaving behind a digital trail of personal data.
Every time you send an email, pay for a coffee using a bank card, or simply walk down a street fitted with surveillance cameras, your personal information gets released, captured and stored onto the internet.
Big data, extremely large data sets that can be analysed to extract patterns in thought and behaviour, brings with it big opportunity for companies. It is possible to learn a great deal about an individual’s movements, interests and relationships by analysing data associated with their use of a communications network. The OECD estimates that the personal data relating to a single European consumer is worth just under $5 a year to Facebook. Data from an American is worth closer to $10.
When used in an ethical context, data analytics can provide a host of benefits to business and society, including identifying human rights abuses in supply chains (see pages xx) Yet such benefits must be set against the potential impact on the human right to privacy, something enshrined in the Universal Declaration of Human Rights.
Peter Micek, head of global policy and legal counsel at Access Now, an organisation that defends and extends the digital rights, says there are three main ways that corporate use of data threatens human rights: runaway collection, sharing and processing of data; profiling using algorithms working with faulty data; and security failures. There are also many examples of deliberate misuse of customer data, such as dating website OK Cupid purposefully sending users on dates with bad matches as a behavioural experiment, or Facebook allowing academic researchers to manipulate the news feeds of 700,000 of its users in order to alter moods.
“The prevalent business model in the ICT sector remains to attract as many users as possible and find ways to monetise everything you know about their needs, relationships, and interests,” says Micek.
Ranking Digital Rights
The 2017 Ranking Digital Rights Corporate Accountability Index, published last month, evaluates 22 of the world’s most powerful telecommunications, internet and mobile companies on their public commitments and disclosed policies affecting users’ freedom of expression and privacy.
It found that the majority of internet users lack the information they need to make informed choices about providers, that the handling of user information is opaque, and that security commitments by companies lack evidence. It said companies will need to share credible information about security to gain consumer trust.
While no telecommunications company received a score higher than 50 out of a possible 100, top-ranking firms included AT&T, Vodafone, Telefonica and Orange, with the majority of providers asserting they are working hard to protect user privacy.
“Respecting our customers’ privacy is essential to maintaining their trust in our business, and managing privacy risk is essential to that approach,” said Annette Fergusson, who heads sustainable business at Vodafone, which ranked joint first amongst global telecoms providers, with AT&T, in the index.
“It is therefore really important for us to create the right culture and ensure that everyone that works for us understands the critical nature of the many privacy risks we face and how we manage those.”
One of the biggest risks is cyber-attack. According to the UK government’s Cyber Security Breaches Survey 2016, two-thirds of big UK businesses have been hit by a cyber-attack in the past year, costing UK businesses more than £34bn a year. Beyond the vast sums of money poured into preventing and remedying cyber-crime, companies are also losing consumer confidence. Talk Talk is one example of a company that is still struggling to win back customers after a 2015 security breach.
Tech least trusted
A recent KPMG survey of almost 7,000 consumers across 24 countries found that, compared to banking or health providers, companies in the technology sector are some of the least trusted, with only 21% of consumers expressing trust in the sector and 84% of respondents categorising smartphone and tablet apps used for navigation, chat or news that can access your contacts, photos and browsing history, as ‘creepy’.
Mikko Niva, global privacy officer at Vodafone, said: “No organisation, government or individual is immune from attack. Cyber-crime is growing around the world and the methods attackers use are continually changing.”
When these incidents happen, the ICT firm’s top priority is to “stop the attack, assess the impact, minimise impact to customers, notify the relevant authorities, contact customers as quickly as possible and provide them with support.”
Vodafone has invested heavily in technology to defend its systems against attack, Niva says. “We also have a team of security professionals continually monitoring our systems and the threat landscape, and we continually upgrade our systems to make sure we have the maximum level of protection possible.”
TalkTalk is still looking for ways to win back customers
Following a major breach in October 2015, which left the personal details of more than 156,000 customers in the hands of hackers, British telco provider TalkTalk reported a loss of £60m and shed over 100,000 customers in the quarter following the hack. According Kantar, TalkTalk went on to lose 14% of its customers in 2016.
Fast-forward to present day, the provider is still looking for ways to win back customers. While most broadband providers are increasing prices this year, TalkTalk is attempting to woo customers back by offering competitive broadband deals and scraping connection fees for new customers.
Equally, TalkTalk customers who claim they were conned as a result of the company’s data breach want to know fraudsters were able to gain their private account information, and whether they will ever receive compensation for their losses, some of which as high as £10,000.
Onus is on companies
Some companies are also turning to frameworks, such as Deloitte’s Privacy By Design, which provides guidance on proactively building privacy into the design and operation of IT systems, networked infrastructure, and business practices.
Consumers also have access to a number of tools and services to help protect their digital rights, such as Access Now’s free of charge digital security helpline.
But Rebecca MacKinnon, director at Ranking Digital Rights, believes the onus is on companies to make clear commitments to respect users' rights and provide credible evidence that they are implementing those commitments.
“Companies need to disclose enough information about their policies and practices so that I can understand what my "digital dossier" looks like, and why,” MacKinnon says. “Right now companies do not disclose enough information for us to trust them.”
This is part of our big data and human rights briefing. See also:
Refusing to dance with dictators
The transparency revolution
Barclays executive banks on blockchain
Kenyan mobile operators ‘pressured to give up data'