Who owns and controls our personal data, and how is it being used?
Browse Blog Topics

Who owns and controls our personal data, and how is it being used?

Sharing personal data with companies in exchange for access and convenience is something many people take for granted. From video services providing personalized entertainment options based on past behaviors to social enabling people to stay connected while serving up targeted advertising, user data has become commoditized.

But consumers are waking up to the fact that their personal data is being monetized, often without their knowledge, and are beginning to pressure governments and regulators to tilt the information privacy scales in their favor.

“The largest digital companies have built their revenue models on — for lack of a better term — ‘surveillance capitalism,'” says Gus Warren, managing director of Samsung NEXT. “They literally track everything we do and use that data to better target ads and sell to advertisers.”

In Samsung NEXT’s End of the Beginning episode on cybersecurity, Warren and other experts highlight the intensifying debate over data ownership and digital privacy. Consumer perceptions are beginning to shift heavily in favor of users have control over their data rather than corporations.

“We believe in a future where each of us has control over our data, attention, and time,” Warren says.

Data regulations favor consumers
Warren predicts that every individual will have more control, autonomy, and agency over their information in the near future. Regulators in the European Union (EU) are in the forefront of this trend with implementation of the General Data Protection Regulation (GDPR), giving anyone located in the EU protections against unauthorized collection, export, and usage of their data.

The California Consumer Privacy Act (CCPA) is a similar law, which will likely force the hand of other states and potentially set the stage for a federal regulation.

But if regulations like CCPA and GDPR are adopted more widely, it could also force a fundamental shift in the value exchange between users and advertisers.

Controlling advertising content
Despite regulations like GDPR and CCPA, digital advertising is likely not going away within our lifetime. However, Warren predicts greater transparency into how ads are being targeted, and what the value exchange really is.

Currently, it’s extremely opaque to the user as to what they’re actually receiving in exchange for their data being collected and used. With users in more control, companies likely won’t get permission to access the totality of data available today.

“Now will the ad targeting be as good? Maybe not,” Gus says. “But companies can do contextual advertising as opposed to behavioral. If I go to ESPN’s website, for example, that can tell advertisers a lot about me without them knowing more specifics.”

Moreover, he adds, “there’s another approach, where users pay a service to make all their digital experiences ad-free, which then pays publishers for the content you’re consuming.”

There’s also a sub-segment of the population — around 19 percent — that would actually pay subscription fees in exchange for a more private, less cluttered digital experience. To that end, Samsung NEXT invested in Scroll, a company that provides publishers with this exact type of monetization model.

Advertising isn’t the only part of the user experience that increased data privacy could impact. In fact, more consumer control may actually lead to improved user experiences in many apps and websites.

Improving the digital experience
Internet companies large and small currently collect and store data in a centralized, siloed fashion. Under regulations like GDPR and CCPA, individuals will have the right to a copy of any data stored by third parties and can share that selectively with other services to improve the user experience.

“Could it be that GDPR is actually good for personalization?,” asks Balazs Fejes, an executive at digital marketing firm EPAM. “With GDPR’s explicit consumer consent and unprecedented transparency around shared data, marketers can now unlock true one-to-one personalization.”

Warren adds that once users grant permission to share data with certain services, companies can pull data out of other platforms on a daily basis to help personalize their user experiences.

“What they use is an edge processing device or personal data cloud that’s completely encrypted,” he explains. “Then you’re able to build a more rich profile of that person that’s under more of a ‘privacy by design’ model.”

Companies then have the opportunity to offer even more personalization than they currently do.

“While data protection by design and default – or ‘privacy by design’ – isn’t a new concept, the GDPR makes it a legal requirement,” explains Andrew Clearwater, director of privacy at software security firm OneTrust. “This means that these organizations need to bake privacy and data protection into their processing activities, products and services, and business practices.”

The “Wild West” days of unfettered personal data collection appear to be nearing an end, with GDPR and CCPA being just the start returning data ownership to individuals. That doesn’t mean there’s not a “win-win” for both consumers and corporations.

Startups like Scroll are providing publishers with new ways of monetization without invading privacy, a much welcome shift as consumers increasingly want to be treated like customers and not just a data set to be bought and sold.


Learn more about trends in digital healthcare by watching the End of the Beginning video series.

Related Stories