Do Data Analytics Require New Privacy Laws?

In an Aug. 21 column in Wired, consultant Theo Priestley suggested that, while “Big Data” can be used to improve services and infrastructure, organizations often end up using data platforms to hoover up personal information for ads or marketing (or even more nefarious ends). By way of example, he pointed to two projects: one in which London’s recycling bins were outfitted with digital screens that connected to nearby mobile devices without the owners’ permission (which he considered bad, as that device data was used by advertisers), and another in which the Senseable City Lab—associated with MIT—tracked the flow of trash throughout cities.

How did that latter project work? With transmitters attached to thousands of pieces of trash, to better see how the latter progressed through a city’s waste-management system. Each of these “trash tags” utilized GSM cellular technology that triangulates location based on any nearby cell towers. While that’s not quite as accurate as GPS, it meant the project could pick up tag signals from inside trash bags and buildings. The hardware also included motion sensors and hibernation technology, which let the tags “sleep” while inert for long periods of time, and “wake” once moved to a new location.

The project did its best to distribute the tags evenly among different types of trash (subdividing by “component materials, type of technology, object size and product functionality,” according to its Website), and in a way that would preserve the electronics from water and physical impacts. The project eventually expanded to several thousand tags.

Priestly considers that a “good” use of tagging and analytics. “But these two use cases, both about trash, highlight a massive divide in how big data and analytics is being applied,” he wrote. “It seems that there are only pockets of real-world and intelligent use of these technologies being applied whereas it’s all too easy and convenient to harvest information for ‘personalized advertising’ purposes.”

Indeed, it would have been all too easy for the Senseable City Lab to program the tags to transmit more granular—and perhaps even personal—information about the trash itself. That’s not to say that much of the aggregated data would have been useful from an advertising, marketing, or even surveillance standpoint—but the infrastructure was certainly in place to do something along those lines.

The U.K. has a Data Protection Act designed to prevent the processing of personal data, with certain notable exception. That act was passed in 1998, long before some of the current controversies over privacy and security in many countries around the world—and well before the current generation of advanced data-analytics platforms, which are capable of storing and analyzing vast datasets of personal information. (The recent controversies over the National Security Agency’s collection of phone metadata and emails, sparked by whistleblower Edward Snowden’s leaks of top-secret information to The Guardian, have served to bring that conversation even more to the fore.) As analytics platforms become more sophisticated, and sensors proliferate throughout our physical world, it’s worth asking if the current legislation in place is enough to protect data that needs protecting.


Image: Africa Studio