Data responsibility in an increasingly digital world: 5 things you need to knowJuly 1, 2022 | By Vicki Hyman
Data analytics could hold the key to solving deep-rooted societal challenges such as poverty and climate change — but only if people have faith that their privacy is being protected.
Consumer trust has been shaken by data breaches and invasive personal data use, and regaining that trust should be among any organization’s top priorities. In a wide-ranging fireside chat hosted by the World Bank’s Data Privacy Office and Mastercard’s Policy Center for the Digital Economy in Washington, D.C. last week, data privacy experts stressed that maintaining the trust of a wary public requires a demonstrable commitment to strong data principles as well as common standards across the globe around privacy, data and emerging technology.
“It’s your data, and increasingly private sector organizations and the public sector institutions have a responsibility to manage an individual’s data with the respect and the care that it merits,” said Rahyab Lari, World Bank director and chief information officer for operations and corporate. “We need to earn people’s trust, and you can’t earn trust without having governance in place.”
Mastercard's Caroline Louveaux, left, and the World Bank's Tami Dokken at a fireside chat about privacy, trust and data governance in Washington, D.C.
Lari opened the discussion for the event, Privacy, Trust and Information Governance in the Digital Age of Accelerated Innovation, featuring Caroline Louveaux, Mastercard’s chief privacy officer, and Tami Dokken, the chief data privacy officer at the World Bank. Here are five key takeaways:
Today's rate of data creation is just the tip of the iceberg. Our personal digital interactions are on the rise. So are newer technologies such as 5G, artificial intelligence and edge computing. These new innovations that couldn’t exist without our data, and their utility is in many cases proportional to the personal data they collect and utilize. “This means that even more data will be collected and created about us in ways we have no idea [about], that we cannot even imagine,” Louveaux said. “It brings some challenges. For example, who is going to control this data in a very decentralized world? How do we protect people against excessive data collection and the misuse of their privacy? And who is going to be liable if things go wrong?”
A patchwork of privacy regulations isn't sustainable. Currently 190 countries have some form of data privacy law, many modeled on the Europe’s groundbreaking General Data Protection Regulation, or GDPR, but reflecting local norms and contexts. More countries are also considering data localization laws, which require data to be stored or processed within a country’s borders, creating additional complexity and raising costs for private companies and potentially reducing innovation, Louveaux said. For Mastercard, such laws restrict the company’s ability to monitor, on a global scale, fraud and cybercrime, which do not respect borders.
There are promising initiatives, she added, including the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System, which created a certification process for companies that comply with internationally-recognized data privacy protections, allowing them to share data within a region. This regional scheme is now being extended to become a Global Forum on Data Flows, open to any country in the world.
Data privacy is not a luxury good. People in developing nations, especially the most vulnerable, deserve strong data privacy protections, both experts said. Many of these countries boast rates of internet, mobiles and social media use well above some developed countries, with as much as 60% of the population under the age of 25, which makes them digital natives poised to become more engaged about data protection.
Dokken cited a study from Kenya and India that proposed different types of loans: one standard offer with privacy features, and another that offered a significant discount in exchange for sharing personal data such as phone numbers and location data for marketing purposes. Overwhelmingly, participants chose more expensive packages that came with built-in privacy protections.
More education is needed — and more people in the data talent pipeline. Both said there is a pivotal need to start educating people on privacy issues in a more comprehensive manner, including employee training and cultivating interest and talent by introducing privacy and data protection principles into school curricula. “The market for superstar privacy and data talent has become incredible competitive, so attracting and retaining this talent is a top priority for us,” Louveaux said.
There is a clear business case for privacy. The concept of “privacy by design” embeds privacy into just about every step of product development, from the top down to the bottom up, Louveaux said. It’s an approach Mastercard regularly uses, paired with its data responsibility principles — people own their own data, they should control it, and they should be able to benefit from it. But a perception exists that privacy by design can slow the product development process and time to market, one audience member said. Asked how to overcome this perceived conflict, Dokken responded: “I love how you said the ‘perceived conflict.’ It doesn’t have to be a conflict.”
Privacy protections are features customers want, Louveaux said, and businesses will succeed by providing them. “A product that has been built with privacy by design is going to be well-received by customers, consumers and is more sustainable. If they did it wrong initially, it’s a recipe for disaster afterwards. So ultimately, end to end, actually they lose if they don’t do it with privacy by design.”