Written by IEEE | November 9, 2016 | Updated: April 3, 2017
IEEE Member Diogo Monica (Security Lead, Docker) was front-and-center with Nathan Eagle (CEO, Jana) and moderator Katie Collins (Reporter, CNET) to dive into a complicated conversation on data collection.
The panel revolved around data ethics, begging the question of whether or not public data should be seen as “fair game.” Monica jumped right in to say that the foundation of data collection should be establishing legitimate consent — urging companies to follow an opt-in vs. opt-out mindset around data collection that puts transparency with consumers first.
Eagle expanded on the topic of consent by recalling his experience working with call detail record (CDR) data. He suggested that there’s huge value in analyzing data, and it’s been done for decades to understand consumers. The missed opportunity though, according to Eagle, has been analyzing specific data points instead of looking more closely at aggregate data.
Monica maintained his stance on transparency when asked how the system could be made better. He suggested that problem isn’t with data collection, but instead with process and protocol, saying that if there isn’t a process, the system is broken from the beginning. Monica said that it’s critical to identify the clear business value or objective that justifies data collection. He went on to reinforce Eagle’s point, saying that businesses should analyze the aggregate data while adopting differential privacy measures that protect anonymous data points, holding the company responsible for transparent data collection.
Eagle and Monica both agreed that there’s a model for bringing the user into the data exchange. When you create a value-based exchange with the consumer, you’re gathering a better, more reliable set of data. Ultimately, this level of transparency promotes self-reporting, a technique that served Eagle particularly well when he conducted his CDR work in Rwanda in an attempt to create predictive data models around cholera outbreaks by analyzing movement data.
When regulation snuck its way into the conversation, Monica warned that it’s best to let big companies set the standards. He suggested looking at industry leaders who have existing data retention policies, enforced in tandem with privacy policies to establish a benchmark. Monica added that evaluating factors like correlation and metadata are important and can be impactful, but it’s critical to first solve for “why,” while also understanding how the data will be used and collected.
Eagle shared Monica’s sentiment on standards, and both agree that the conversation around data collection is in need of a pivot toward positivity. Monica said the conversation needs to be steered away from data breaches, and instead on the economic benefits and incentive of data collection without government regulation, which he says could be detrimental to security.
Monica wrapped up the panel by pointing out companies like Facebook and Apple as strong examples of transparency in data collection. In particular, he cited Apple’s work with differential privacy as a bold move in favor of the user, where data sets are fully anonymized.