Advertisements tailored to your needs, fast ordering and timely delivery of all kinds of goods, easy payment with just one click. The internet makes a lot of things possible and much more convenient for consumers. However, a reciprocal service is often expected of you: Your data.
Do you know where, what kind and how much personal data you have already disclosed? Often this includes your name, date of birth, contact details and address, but also more-sensitive information such as bank and credit card details. At least a handful of companies can use this information to identify you, and they store it in their systems. You also indirectly divulge data about yourself: When you search online for the perfect gift for your partner, an Amazon book about Buddhism or the nearest ENT doctor, you leave behind digital traces. Companies can leverage these and make suitable offers based on this data.
The combination of information from all these different sources begins to produce a “clear” picture of you. Your personal data, your values and interests and wishes all combine to form an overall picture of your identity. For a company that wants to know what you need so it can win you as a customer, these details are the jackpot. They can identify you and target you specifically with their products … but your data is not only valuable for companies – hackers also crave it.
Over and over, data heists of well-known companies adorn the headlines of various media outlets: Equifax, MasterCard, Marriott and the Cambridge Analytica scandal on Facebook, to name just a few. Often, the damage cannot even be precisely quantified. Affected companies fight for their reputation and try to save their relationships with customers. But what about the users’ side? What makes user data so valuable? How bad is it when you lose control over your data?
Data: The resource of the digital world
Your data is considered a resource. This fact alone demonstrates the value data holds for companies, and it has grown markedly in recent years. There is a reason new careers categories are emerging that deal solely with the collection, analysis and processing of data: Big Data Scientist, Category Manager, Data Strategist or expert in Artificial Intelligence.
In a study on data protection, 85 percent of 1,000 IT decision-makers surveyed said that data was as valuable as a means of payment for overcoming business challenges. 56 percent also said they used the analyzed information to determine demand.
According to a survey conducted by Foresight Factory on behalf of the GDMA, consumers are also aware of the contribution their data can make to the economy. A majority of Germans surveyed assume that the more private the data is, the more a company could be expected to pay for it. Therefore an improved service, discounts or free products are mentioned as possible compensations for that data. However, the services offered are strongly adapted based on the available user data: Android users, for example, pay less for Amazon purchases than iPhone users.
Gross or net? – Your data as merchandise
The business model of some companies is based exclusively on the collection and analysis of user data. Take Google or Facebook, for example, which have many daily users. Both companies offer their services to consumers free of charge, and they earn their money primarily with advertising space. It is possible to precisely define the advertising opportunities, but it requires a lot of data. Fortunately for the advertisers, just a few clicks and likes on Facebook are enough for analysis to determine your exact preferences, interests, political views, intelligence and sexual orientation.
At the beginning of the year, Facebook made headlines with a research project. The media company reportedly paid users between the ages of 13 and 35 up to 20 dollars a month to gain a very-detailed insight into their smartphone activities, including activities such as chat conversations and websites visited. That brings us to the next question: How much is your data worth? Is $20 a month enough to reveal your identity?
The concrete value of your own data is hard to assess. The Financial Times nevertheless tried in 2013 and set up a calculator you can use to determine a lump sum value for your data. The tool, which is based on US data, gives an idea of how the value can change based on certain criteria, such as specific health data or family status. What is striking is that the total always stays under one dollar.
However, the fine imposed on Equifax creates a completely different impression as to the value of user data. In 2017, the US credit agency was the victim of a devastating data theft in which sensitive information was tapped on more than 140 million Americans. The company paid a fine of up to 700 million US dollars, part of which went to finance credit surveillance for victims whose data was compromised. This was intended to monitor suspicious activities on the accounts.
Your data identity
The legislator has a very clear opinion about the value of personal data: Every person is individual and worthy of protection. Within the framework of the General Right of Personality, the Federal Republic of Germany has made a clear statement in Art. 2 (1) i. In conjunction with Article 1 (1) of the Basic Law, every person has been granted a right to informational self-determination. The purpose of this right is to determine for oneself the use and publication of one’s data. Building on this, the Basic Data Protection Ordinance entered into force in May 2018. Personal data of natural persons are a property worthy of protection. Information from companies or associations is therefore not included.
Personal data is data that identifies or makes identifiable a natural person, such as names and birth dates. An indirect link is sufficient, so that customer numbers or IP addresses also fall under this protection. In addition, there is data that the law classifies as particularly sensitive. These include religious and ideological beliefs, health information, genetic and biometric data. The DSGVO thus grants consumers even more comprehensive rights and imposes stricter requirements on companies that want to collect data. For example, the collection and storage of data must always be purpose-oriented, follow the principle of data minimization and be protected against unauthorized access by third parties.
The Principle of Integrity and Confidentiality – Corporate Data Security
Personal data collected by companies must be protected from access by unauthorized third parties. This includes unauthorized processing and the protection of data against damage and loss.
The Basic Data Protection Ordinance requires companies to ensure data protection and prevent data loss through cyberattacks. In the event of a violation, a much-higher penalty now threatens than was in place at the time of the Federal Data Protection Act. Up to four percent of a company’s worldwide annual revenue can now be imposed as a penalty.
If a company becomes a victim of a cyberattack, not only is the personal data of customers, employees and business partners at risk … but also company-related data such as confidential files and trade secrets. Although this data is not covered by the Basic Data Protection Regulation, comprehensive protection must also be provided here. Companies therefore have a dual responsibility: they must protect their own data as well as that of customers, business partners and employees.
There are many measures a company can take to protect itself and sensitive data from hackers. Within the framework of managing this risk, one appropriate measure is the encryption of data. Various encryption mechanisms can be used for transmission from sender to receiver or for data storage, such as end-to-end encryption for email communication. The stored or sent information is no longer transmitted as plain text but converted into a coded message that can only be read with the appropriate key. Only those employees who are authorized to access it have that key. The risk of unauthorized access can thus be considerably minimized.
Recognize the value of your data
Data is a precious commodity in business life. Consumers are becoming increasingly aware that data is being collected about them, and this awareness is enhanced by the high level of transparency demanded of companies by the DSGVO. The protection of such data is a high priority for companies. But what the stored data is ultimately used for, what conclusions can be drawn from it and where it is collected from is hardly clear to anyone.
