Imagine trying to write policy around privacy and the Internet back in the 1990s. It was a world with fewer than 20 million internet users, most of them based in the United States. The task was given to Larry Irving in 1994 after he co-authored a paper on internet privacy. He became the first internet advisor to the then Clinton-Gore government.
"There were implications and problem no-one was looking at," Irving said, speaking at this year’s IAPPANZ summit in Sydney. Although there were regulatory policies in place around telecommunications, cable TV and satellite TV, there was no cohesion between them. Irving's team saw an inflection point looming. There was clearly potential for crossover between these and other fields.
Irving’s report was released over 19 years ago. There hadn’t yet been any privacy violations, but Irving and his team wanted to get ahead of what they saw coming—a potential minefield.
"What did we come up with in the end it? I think the framework we developed has withstood the test of time," says Irving. "We basically requested that industry develop a voluntary-consent model. We’ve debated that model for 20 years".
On reflection, Irving says he was struck by the level of optimism at the time, but a couple of things also surprised him. The level of growth exceeded all his expectations. And when it came to privacy, "We thought consumers would care. They apparently don't."
Irving says the pervasive nature of mobile devices, especially smartphones, is a particular concern. Every one of those devices acts a beacon that can be used to track individuals. This isn’t just a potential issue, it’s already being used in commercial settings to track how a customer moves through a store—to determine the best lay out for shopping spaces. It's being used to push specific offers when the tracking data and shopping habits from loyalty programs are correlated.
The problem with this, according to Irving, is that we don’t know what data is being held, how it is being used, how it will be used in future or what controls are in place to protect individuals.
That flow of data will only increase as wearable technology such as smartwatches, Google Glass and fitness trackers deliver a rich, constant stream of personal information. The potential uses for this data extend to corporate human resources systems, insurance companies and applications we haven’t even imagined. As the number of connected devices grows from about seven billion currently, to in excess of 50 billion by the end of this decade, Irving believes we need to take stock of the implications.
The trouble is that "legacy regulatory models rule, and will continue to rule—at least in the United States—for the foreseeable future," he says. It hasn’t all been plain sailing for companies using this data either. In many cases, when a service provider or store representative knows too much about a customer, there's evidence that customers feel their privacy is being violated— even though they actually provided that data. For example, when sales staff knows what products a customer has been browsing online, when they were last in the store or their previous shopping history, there's a negative reaction.
Read more: I've got my eye on you: Google Glass
Citing recent studies, Irving notes that more than three quarters of shoppers found that the existing level of cell phone tracking is unacceptable, while more than 80 percent of shoppers were concerned their data was not safe or secure. Most also feel that the benefits of all this data access reside with the stores, not customers.
Irving says the lack of cohesive regulation for mobile devices, from platforms to apps means we're flying without a net.
In his view, the time to establish regulatory systems for these technologies is now. Foreseeable problems can be addressed before they are exacerbated. He cites analogies about companies such as Uber which enter a market and disrupt it, but are forced to wait for the regulatory environment to catch up. Irving recalls a conversation with the executive chairman of Google, Eric Schmidt. Schmidt's view was that developments should take place in isolation of the regulatory regime so that innovation wasn't stifled. For entrepreneurs, this is a challenge—balancing creativity with innovation.
"This is going to be a very interesting period of time. One that I don’t think any of us is really prepared for," says Irving.
This article is brought to you by Enex TestLab, content directors for CSO Australia.