Advertisements tailored to your needs, fast ordering and timely delivery of goods of all kinds, easy payment with just one click. The internet makes a lot of things possible and much more convenient for consumers. However, a return service is often expected: Your data.
Do you know where, what kind and how much personal data you have already disclosed? Often this involves your name, date of birth and contact details as well as your address, but also more sensitive information such as bank and credit card details. At least a handful of companies can use this information to identify you, and store it in their systems. You also indirectly divulge data about yourself: When you search online for the perfect gift for your partner, an Amazon book about Buddhism or the nearest ENT doctor,. you leave behind digital traces. Companies can display these and make suitable offers based on this data.
The combination of different information begins to produce a “clear” picture of you. What constitutes you, your personal data, but also values and interests, or wishes that develop from individual parts to form an overall picture – your identity. For a company that wants to know what you need, to win you as a customer, these details are the jackpot. They can identify you and address you specifically with their products … but your data is not only a valuable asset for companies – hackers also crave it.
Again and again, data heists of well-known companies adorn the headlines of various media outlets: Equifax, MasterCard, Marriott and the Cambridge Analytica scandal on Facebook, to name just a few. Often, the damage cannot even be quantified percisely. Although affected companies fight for their reputation and the continued existence of their customers, but what about the users’ side? What makes user data so valuable? How bad is it when you lose control over your data?
Data: The resource of the digital world
This metaphor is often encountered within this topic, and it paints a clear picture of the value of the data for companies, which has grown strongly in recent years. There is a reason that new occupational fields are emerging, which deal solely with the collection, analysis and processing of data: Big Data Scientist, Category Manager, Data Strategist or for example expert for artificial intelligence.
In a study on data protection, 85 percent of 1,000 IT decision-makers surveyed said that data was as valuable as means of payment for overcoming business challenges. 56 percent also said they used the analyzed information to determine demand.
According to a survey conducted by Foresight Factory on behalf of the GDMA, consumers are also aware of the contribution their data can make to the economy. A majority of 60 percent of the surveyed Germans assume that the more private the data is, the more a company could be expected to pay in return. Therefore a better service, discounts or free products are mentioned as possible services. However, the services offered are strongly adapted to the available user data: Android users, for example, pay less for Amazon purchases than iPhone users.
Gross or net? – Your data as merchandise
The business idea of some companies is based exclusively on the collection and analysis of user data. Take Google or Facebook, for example, which have many daily users. Both companies offer their services to consumers free of charge, and they earn their money primarily with advertising space. It should be possible to define these as precisely as possible, which requires a lot of data. Just a few clicks and likes on Facebook are enough to determine exactly what your preferences, interests, political views, intelligence and sexual orientation are.
At the beginning of the year Facebook made headlines with a current research project. The media company reportedly paid users between the ages of 13 and 35 up to 20 dollars a month to gain a very detailed insight into their smartphone activities. Activities such as chat conversations and visited websites. That brings us to the next question: How much is your data worth? Is $20 a month enough to reveal your identity?
The concrete value of your own data is hard to grasp. The Financial Times nevertheless tried to do this in 2013 and set up a calculator, which users can utilize to calculate a lump sum value for their data. The tool, which is based on US data, gives an idea of how the value can change due to certain information such as specific health data or family status. What is striking is that everything stays under one dollar.
The Equifax fine gives a completely different impression. In 2017, the US credit agency was the victim of a devastating data theft in which sensitive information was tapped by more than 140 million Americans. The company paid a fine of up to 700 million US dollars, part of which went to the victims of the hack by financing credit surveillance for all those affected. This was intended, for example, to monitor suspicious activities on the accounts.
Your data identity
The legislator has a very clear opinion about the value of personal data: Every person is individual and worthy of protection. Within the framework of the General Right of Personality, the Federal Republic of Germany has made a clear statement in Art. 2 (1) i. In conjunction with Article 1 (1) of the Basic Law, every person has been granted a right to informational self-determination. The purpose of this right is to determine for oneself the use and publication of one’s data. Building on this, the Basic Data Protection Ordinance entered into force in May 2018. Personal data of natural persons are the property worthy of protection. Information from companies or associations is therefore not included.
Personal data is data that identifies or makes identifiable a natural person, such as names and birth dates. An indirect link is sufficient, so that customer numbers or IP addresses also fall under this protection. In addition, there is data that the law classifies as particularly sensitive. These include religious and ideological beliefs, health information, genetic and biometric data. The DSGVO thus grants consumers even more comprehensive rights and imposes stricter requirements on companies that want to collect data. For example, the collection and storage of data must always be purpose-oriented, follow the principle of data minimisation and be protected against unauthorised access by third parties.
The Principle of Integrity and Confidentiality – Corporate Data Security
Personal data must be protected from access by unauthorized third parties by the respective companies. This includes unauthorized processing and the protection of data against damage and loss.
The Basic Data Protection Ordinance requires companies to ensure data protection, and prevent data loss through cyber-attacks. In the event of a violation, a much higher penalty threatens than at the time of the Federal Data Protection Act. Up to four percent of the worldwide annual turnover can be set as a penalty.
If a company becomes a victim of a cyber-attack, not only is the personal data of customers, employees and business partners at risk … but also company-related data such as confidential files and trade secrets are at stake. Although this data is not covered by the Basic Data Protection Regulation, comprehensive protection must also be provided here. Companies therefore have a double responsibility: they must protect their own data as well as that of customers, business partners and employees.
If a company becomes a victim of a cyber-attack, not only the personal data of customers, employees and business partners but also company-related data such as confidential files and trade secrets are at stake. Although this data is not covered by the Basic Data Protection Regulation, comprehensive protection must also be provided here. Companies therefore have a double responsibility: they must protect their own data as well as that of customers, business partners and employees.
There are many measures a company can take to protect itself and sensitive data from hackers. Within the framework of this risk management, one measure is the the encryption of data. Various encryption mechanisms can be used for transmission from sender to receiver or for data storage, such as end-to-end encryption for email communication. The stored or sent information is no longer transmitted as plain text but converted into a coded message that can only be read again with the appropriate key. Only those employees who are authorized to access it have the appropriate key. The risk of unauthorized access can thus be considerably minimized.
Recognize the value of your data
Data is a precious commodity in business life. Consumers are also becoming increasingly aware that data is being collected about them. This awareness is strengthened by the high level of transparency demanded of companies by the DSGVO. The protection of this data is another high priority for companies. But what the stored data is ultimately used for, what conclusions can be drawn from it and where all this data is collected at all will hardly be clear to anyone.