It is common knowledge that as we traverse the Internet, we leave a digital trail behind us, full of personal information about who we are, what we like, where we are, and where we’ve been. We know because we see evidence of ourselves everywhere we go online, through targeted advertisements that seem to know us better than we know ourselves. But what is happening behind this process? What is the business of this personal information we provide? How do companies convince you to share more data about yourself, and keep sharing it, and find a way to profit off of your personal data?
This was the subject of Adam Tanner’s talk at Fordham Law School’s Center on Information Law and Policy, based on his new book “What Stays in Vegas: The World of Personal Data – Lifeblood of Big Business – and the End of Privacy as We Know It.” In his new book, Tanner, a Fellow at Harvard University’s Institute for Quantitative Social Science,” and a former bureau chief for Reuters, tells the story of the business of personal data in the context of one of the world’s most famous commercial landmarks, Las Vegas. Tanner’s book, and his discussion, points to some of the challenges that must be overcome in the data era – namely, how do we build trust in the general public that their personal information will be handled with sensitivity and care?
Tanner uses Caesars Palace and other Las Vegas casinos to explore the ways individual consumers are surveilled both on and offline – through slot machines, surveillance cameras, credit card purchases and consumer loyalty programs – to show how providing personal information is becoming an expected, and often unnoticed, element of consumer experience. Customers are given rewards in exchange for personal information, which is then used to refine business strategy and increase profit.
But for Tanner, Vegas is not actually the main attraction. Instead Tanner is interested in the emerging industry devoted to the production and sale of personal data, especially data brokers, data diggers, and other businesses that exploit the intimate details about ourselves that are exposed online (for instance, sites like bustedmugshots.com). His message is clear: though data can be used for good, it can also make us vulnerable and expose us to predators.
Tanner’s solution, however, is less clear. In his talk, and in his book, he presents two key recommendations to solve some of the challenges posed by the sale of personal data, advocating for a combination of personal responsibility and information policy reform. Though he acknowledges that the data we put online often stays there forever, he still cautions his readers to limit the data they put online about themselves. This recommendation, however, presents new challenges. But, like in Vegas, we don’t always know when a “surveillance camera” is nearby, and to avoid them would be to avoid Vegas altogether. Though that would be a welcome suggestion for those averse to gambling and bright lights, avoiding the Internet in a similar way would be an almost impossible task in the 21st century.
Here at The GovLab, we are exploring the sharing and use of data to solve public problems in a manner that protects privacy. We look into ways to increase trust in how data is being collected and used. As more data is collected, we need better techniques to de-identify data, prevent re-identification, and shape the potential uses of data, through technological advancements and policy reform.
His second recommendation–replacing privacy policies with a “nutritional label” for sites collecting personal data similar to food packaging–would be one step towards making the business of personal data more understandable for individuals online. These abridged privacy policies would replace longer policies and terms of service online, and would be developed by privacy commissions to set standards for grading data collection and sale. Though a promising recommendation, the challenge that will come from this recommendation will stem from how these labels would be regulated across state and national borders (failing the existence of centralized privacy and information commissions, like those in Canada and the EU), and what effect this would have on personal data disclosure.