Productive, predictable and useful or manipulative, malign and intrusive? Corporations and governments routinely use our data – but when does this challenge our privacy and civil liberties?
In 1995, Tesco launched the Clubcard. It was to be a gamechanger for the UK supermarket chain, enabling it to store information about its customers’ buying habits – so they could reorder what they’d bought before and receive information on new products, offers and deals that they might not otherwise have known about.
What’s more, customers could collect points – to buy even more goods.
Following a highly successful trial of the card, Tesco’s Chairman at the time, Lord Ian MacLaurin, told his marketing advisers: “What scares me about this is that you know more about my customers after three months than I know after 30 years.”
Fast forward to 2020 and the Clubcard now has 17 million ‘members’ across the UK – and every other supermarket has followed suit in one form or another.
But this is small beer. Retail data collection and mining is now a huge global business. Scan through your own and your family’s bank and credit card transactions over the course of a year and the chances are that you will find the names of large, mainly American, corporations – Amazon, Apple, Microsoft, Netflix, Spotify and the like – all taking regular payments.
The key is that they all rely on repeat business that requires no effort from you, and which effectively takes place under the radar.
That requires data. And lots of it. And many people don’t have any issue with that. Convenience is king.
Pushing back
Some, however, see it differently. Harvard Business School Professor Shoshana Zuboff writes in the introduction to The Age of Surveillance Capitalism: “Surveillance capitalism’s products and services are not the objects of a value exchange… They are the ‘hooks’ that lure users into the extractive operations on which our personal experiences are scraped and packaged as the means to others’ ends…
“We are,” she continues, “the objects of a technologically advanced and increasingly inescapable raw material extraction operation. Surveillance capitalism’s actual customers are the enterprises that trade in its markets for future behaviour.”
Others closer to home echo her concerns. “Prominent technology companies such as Facebook have been tracking our movements for years in order to, among other things, advertise more effectively or sell that data to the highest bidder,” says Mark Dunster, a Guernsey-based Partner at law firm Carey Olsen.
“Everything we now do on a phone or computer, click on or ‘say’ online becomes ‘data’.
“Companies and governments have the capacity to exploit this data for their benefit,” he continues. “For example, to track us, to sort us, to grade us and to make decisions about our lives.
“In the past few years, we have seen the introduction of the European Union’s General Data Protection Regulation (GDPR) in an attempt to give some power back to the data subjects.
“It’s still too early to tell if this is having the desired effect, but on a micro basis we, as lawyers, have seen clients and employees successfully achieving transparency over the data that companies and employers are utilising.”
Big auntie or big brother?
So, if the suspicion is that the data we share is destined to be used to commercially exploit us, will the data we share with the government, its agencies and other public sector authorities always be used to our benefit? In general, we trust them – but should we and can we?
When mobile phone data proves that criminals or their victims were in a certain place at a certain time, and is used to convict the guilty, the world breathes a sigh of relief.
DNA records have led to prosecutions years after crimes have been committed. CCTV and road traffic cameras keep a constant eye on what’s going on.
Geo-positioning data of all sorts is now part and parcel of our everyday lives and we don’t, for the most part, reflect upon it or consider it intrusive.
“Remember back in the days when people used to get extremely het-up about CCTV cameras being installed around shopping centres and town centres?” asks Richard Field, Partner in the Guernsey legal practice of Appleby.
“Now they’re there in less obvious places, but they are still there. In fact, they’re used by private companies as well, in universities and shopping centres and in all sorts of places. So while this is increasingly less physically intrusive, it’s exponentially more subliminally intrusive on our private lives.”
So potentially intrusive is it that the development of self-driving cars has been threatened because they are highly reliant on the gathering and use of CCTV data in order to operate.
Fight for anonymity
GDPR and the California Consumer Privacy Act (CCPA) are two examples of laws designed to prevent the indiscriminate gathering of such data in the interests of protecting the public’s right to privacy. Now, for example, this kind of data has to be anonymised before it can be used.
At the same time, of course, a start-up German tech company – brighterAI – is building a business in data anonymisation which will enable data to be gathered and used without people caught on camera being identifiable.
Once again, the same conundrum faces us. On one level, we are happy for data to be collected and used to enhance our lives or make us safer; on another level, questions are increasingly being asked about what limits there should be around organisations spying on us.
Coronavirus shadow
In recent months, Covid-19 has taken this debate to another level.
“In relation to the pandemic, there’s been a lot of media attention and a lot of discussion around the use of contact tracing apps and apps for other purposes around tracking where people have been, who they’ve seen and also self-diagnosis tools,” explains Field.
“You can easily see that, on one level, that kind of monitoring helps fight the spread [of Covid-19] in terms of making sure people stay where they’re supposed to be staying. But what happens when the pandemic is over?
“That information and the apps – are they still going to be there? Are governments still going to monitor where people are going and what they’re doing? It begs the question why they need to do that.
“Those of us living in smaller jurisdictions or jurisdictions where we have a strong rule of law and a moderate, sensible government might not be greatly concerned, but if you’re living in jurisdictions where there is an autocratic leader, dictator or similar, you’re not going to be comfortable with those kinds of things being used to monitor what you do.”
Research by London-based advocacy group Privacy International has found that 27 countries are using mobile phone data to track their citizens and more have developed tracking apps for people to use.
“On the face of it, it makes logical sense,” says Carey Olsen Senior Associate Luke Sayer. “In Guernsey, we know the health department has been manually tracing people’s ‘chains’ once they test positively for the virus. That is, of course, easier in a small environment, but would pose difficulties in the UK, for example.
“However, such an application needs to be mindful of human rights and data protection laws. Article 8 of the European Convention on Human Rights demands a right to respect one’s private life.
"That right can be observed if any tracing application is voluntary. However, to be truly effective, experts are suggesting mandatory use of any tracing application. In our opinion, such mandatory use would require a clear and detailed legal basis.”
Multiple impact
There is a further aspect to this, too – the use of multiple data sources. Harnessing and merging personal data from a variety of different sources can cover many aspects of one’s life and behaviour.
These include sources such as Google or Facebook, medical records, credit checks, geo-positioning data, shopping and travel apps, data collected by pieces of tech such as Amazon’s Ring or Google’s Nest, tax and financial services company data and whatever can be found on the web.
Some of this is freely available. Some can be bought, and some – probably all – can be accessed by the authorities.
All in all, the reach that can be made into one’s personal life is now deep indeed. The data exploitation genie is now so far out of the bottle that it may be too late to cram it back in and prevent any further intrusion into our lives.
Appleby’s Richard Field summarises the current state of play. “On one level, technology, social media and all these things that we’ve become accustomed to are opening up opportunities in terms of better connectivity across the world, better opportunities in terms of finding jobs, more access to culture, books, music, all that kind of thing.
“But the counter to that is that we’re giving up a lot of information about what our thoughts, views and feelings are and those are being packaged up and used as intelligence – effectively, for them to sell us more.”
Each of us now needs to decide how much of our data we allow others to see and to store. As a society we need to decide what’s useful and valuable and what is potentially harmful, intrusive and exploitative. But how are we to do so and, crucially, when?