There are plenty of predictions about technology – from the utopian visions of a bright new hyper-efficient world where robots free humanity from drudgery, to doom-laden predictions of pervasive surveillance and the demise of personal autonomy at the hands of governments and corporations. But there are a number of counter-trends emerging that present their own narrative about how the future will play out.

Privacy is a public issue: The public’s perception of the threats to privacy, personal freedom and autonomy – whether from corporations or governments – is growing. Privacy has already emerged beyond a niche, specialist concern to being a mainstream public issue. It seems that almost weekly new research is released revealing increasing public concern about privacy and declining levels of trust in organisations’ handling of peoples’ personal data[1].

In addition, a lesson the public has learnt thanks to the revelations from Edward Snowden is that data controlled by organisations will always be susceptible to access by governments using extensive legal powers of disclosure and surveillance. This is becoming a liability for communications and technology companies, under pressure from their users, who are beginning to take measures to put some control back into the hands of their users[2].

This growing consumer and citizen awareness and distrust looks set to accelerate and will increasingly become a factor in decision making for ordinary people – decisions about the products we use or abandon, the brands we associate with, the political leaders we elect. And as data insights become increasingly actioned by bossy tech, this will exacerbate the trend – behavioural observations, and the interventions that result, will increasingly be seen as unwarranted intrusions and restrictions on personal freedom and autonomy.

Digital activism will expand the digital commons: Consumers are taking matters into their own hands. A 2013 study from the Pew Research Internet project found that “86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their internet protocol (IP) address”[3].

The plummeting cost and complexity, and increased ‘consumerisation’, of computing, processing and storage means that activists are now able to harness technology for themselves, without the aid of corporations and governments. The ‘digital commons’[4] will continue to grow, empowering more and more citizens and consumers to take matters into their own hands, such as deploying end-to-end encryption, anonymizers[5], and by “watching the watchers”[6].

Business model disruption is inevitable: The default internet business model – advertising – is showing some signs of strain, and even the biggest players such as Google are openly exploring new models[7]. Yet the value in personal data is so great, and the levels of public mistrust in organisations’ handling and use of personal data is so high, that it is inconceivable to me that entrepreneurs will not make a serious effort to exploit this disparity. What we are already witnessing is the emergence of new business models that threaten to disrupt not just the default internet business model, but more broadly the assumption that the organisation is the natural and legitimate point of control and ownership of personal data. Instead, new disruptive providers are seeking to put the individual in control of their personal data[8]. In the process, they are seeking to disintermediate data-intensive businesses from their existing sources of data.

Regulation will get tougher: Policy makers will act to toughen laws, even though they move at geological speeds compared to the rate of technology development.

New laws and regulations are being promulgated around the world, many following the European model[9]. And Europe is on a journey to update and toughen its data protection laws[10]. The EU proposals will increase fines, place tougher requirements on organisations for obtaining consent, and create a new ‘data protection by design’ obligation. The fines alone will focus attention, forcing organisations to devote more time and resources to compliance.

[1] The Royal Statistical Society, “New research finds data trust deficit with lessons for policymakers”, available at: https://www.ipsos-mori.com/researchpublications/researcharchive/3422/New-research-finds-data-trust-deficit-with-lessons-for-policymakers.aspx (accessed 10/12/2014)
[2] Apple, Inc, “A message from Tim Cook about Apple’s commitment to you privacy”, available at: https://www.apple.com/uk/privacy/ (accessed 10/12/2014)
[3] Pew Internet Research, “Anonymity, Privacy and Security Online”, 5th September 2013, available at: http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/ (accessed 12/12/2014)
[4] In her 2012 book, “Consent of the Networked”, Rebecca Mackinnon describes how activist individuals play a key role in influencing the shape of technologies and the balance of power in her chapter on the Rise of the Digital Commons. Summary available at: http://consentofthenetworked.com/about/
[5] For example, The Onion Router (TOR). See the Wikipedia entry available at: http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
[6] An example is the TrackMap project, whose aim is to show where data travels when people visit their favourite news websites through visualization, available at: https://github.com/vecna/trackmap (accessed 15/12/2014)
[7] CITEworld, “Google for business: Now 100 percent ad-free”, 16th May 2014, available at: http://www.citeworld.com/article/2156043/cloud-computing/gmail-ad-free.html (accessed 10/12/2014)
[8] Ctrl-Shift, “New market for ‘empowering’ personal data services will transform relationships between customers and brands”, 20th March 2014, available at: https://www.ctrl-shift.co.uk/news/2014/03/20/new-market-for-empowering-personal-data-services-will-transform-relationships-between-customers-and-brands/  (accessed 10/12/2014)
[9] For example, in South Africa the Protection of Personal Information Act 4 of 2013 (http://www.saflii.org/za/journals/DEREBUS/2014/84.html), in Ghana the Data Protection Act 2012 (http://mobile.ghanaweb.com/GhanaHomePage/NewsArchive/artikel.php?ID=229717) and in India proposals in the form of a Privacy Bill (http://www.dataguidance.com/dataguidance_privacy_this_week.asp?id=2233)
[10] European Commission Data Protection newsroom, available at:  http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
  • Tim Jones

    Stronger Regulation

    Regarding the comment about stronger regulation (Regulation will get tougher: Policy makers will act to toughen laws, even though they move at geological speeds compared to the rate of technology development.) workshop participants saw several implications: Primarily there will be increased state legislation and the possibility for more federal legislation – but not all legislation will be federal. Examples of this include California education policy, NYS CPO/Department of Education and the inclusion of biometrics in state data breach laws. This trend is most lively to continue unless there is either a major societal event that changes people’s views or there is some movement in congress.

  • Tim Jones

    The Problem with Online Cookies
    A good article just published by JC Cannon at Microsoft looking at how our privacy is invaded when we are online and how we can better protect ourselves. [I met JC in Mexico City in 2011 when sharing the privacy implications of the first Future Agenda programme] Couple of key excepts:

    “The vision of the Internet as a free and open community has been clouded by companies who want to maximize the use of it for their own gain to the detriment of individual privacy. Consumer complacency, helplessness, ignorance as well as the lack of transparency by companies has made it all too easy for companies to collect as much personal data as possible while providing little in the way of recompense. Companies are also reluctant to invest in practical security measures, leading to privacy mishaps.”

    “Many third-party companies that track website visitors across multiple sites don’t have a first-party relationship with those visitors. They may be opposed to using secondary techniques, such as digital fingerprinting, for re-identifying consumers because they can be unreliable and frowned upon. However, they may be able to stitch together cookies with assistance from first parties. For example, when Alice visits a website, the website may send a value to a third-party site to indicate Alice is visiting. The third party can attempt to match the value against one that already exists and store it in a database if it doesn’t. If a new cookie is also being placed, the cookie ID can be associated with the value and connected with a previous profile if it exists.”

    “Online cookies enable many scenarios that make online browsing personalized and more efficient. However, the same cookies can be used for tracking individuals and creating profiles. For the most part companies are looking to improve an individual’s online experience. However, there are those who may use tracking for nefarious or undesirable purposes. Providing transparency to users and control over their data is the best approach for maintaining trust and minimizing risk for all parties concerned. To date, letting the industry manage privacy has not effectively protected consumers. A strong Privacy Bill of Rights is needed to fulfill the hope of online privacy. Use #PrivacyBillOfRights to express your opinion.”

    More details on https://www.linkedin.com/pulse/problem-online-cookies-jc-cannon?trk=hb_ntf_MEGAPHONE_ARTICLE_POST