Within 24 hrs of my last article, I have read about Facebook scrapping its secret tete-a-tete with hospitals to access patient data, anonymised I'm sure. Except the years I've worked in both list marketing and health insurance inform me that this data is very easy to personalise. In fact, the more data collected by any one entity, the less anonymous your individual profile becomes.
Let's add to that the quiet storm brewing at Google as its engineers rebel against the company's participation in Project Maven, an attempt to assist the US Department of Defense in the development of image recognition AI for drones. Over 3,000 engineers in the company are very afraid that any technology that emerges for this can be easily co-opted to allow drones to shoot on sight.
Are we having fun yet?
Again, we in the Caribbean cannot say that, "these matters don't concern us," as many Caribbean people travel to hospitals in Miami and Texas for treatment. Also consider our citizens whose due process and human rights may be completely circumvented by these developments.
I would like to say blockchain technology could be a privacy solution, but poor programming will get you every time; a timely reminder that there is no short road to good tech implementation; often there's no smooth road at all.
So how do we maintain the balance between the insights gained from data mining and AI versus the privacy concerns? The financial services industry, of which insurance companies are a key component, have become data brokers under international tax, Anti-Money Laundering (AML) and Know Your Customer (KYC) legislation. We freely give even more data to the Great Cloud of Public Validation a.k.a. social media.
The European Union's General Data Protection Regulation (GDPR) is reflective of these concerns, focusing on the right to privacy, right to be forgotten, right to control personal data with a default to not sharing with 3rd parties and stern reporting requirements for breaches, with commensurate punishments for such data losses. The USA's Clarifying Lawful Overseas Use of Data (CLOUD) act, for all its possible faults, may be the beginning of a clear framework for law enforcement bodies to access data hosted in servers worldwide.
However, legislation will always lag behind technology. What needs to be strengthened in all these large companies are the ethics and compliance committees of their boards. Internal audit and compliance teams need to be included in project planning and empowered to red-line potential infringements of user dignity and data. Most importantly, users need to remember that they have the right to complain, sue, demand redress and, ultimately, boycott any company that misuses our data; IT experts globally must remind people of this fact.
If nothing else, 2018 has proven that many tech companies need to remember how to regulate themselves in the face of profits. We, the users must remind them.