Security and privacy are two prevailing concerns most people have about technology. At any given lunch meeting or even standing around with drinks at a cocktail party, it is not uncommon to hear people talking about the Equifax breach or the looming concerns about what Facebook or Google are “doing with my data.”
Along with the excitement about what technology can do for us is a not so latent fear of being hacked and an equally present concern about compromised privacy. It is no surprise that the growing concerns about privacy are leading people to call for regulations to curtail this move towards unfettered use of private data.
In fact, in the European Union, the move toward regulation has been solidifying for some time, resulting in the General Data Protection Regulation (GDPR), which goes into effect in May 2018. These regulations are seen as the first and perhaps most comprehensive approach to ensuring personal information is protected. It is largely viewed as a clarion call for organizations to anonymize data or face astoundingly large fines. In fact, the fines can be 4% of a company’s annual revenue. That means a company like GlaxoSmithKline, with annual revenues in 2016 of $37.09 billion could potentially be shelling out $1.48 billion in fines. If that doesn’t get your attention, what will? So, the companies based in Europe, as well as those doing business in Europe, understand they cannot be driving analytics using personal information where they don’t have express permissions to use that information. Among other things, that means potentially mountains of data collected in the past that may become illegal. And therein lays the dilemma.
But let’s set that aside for the moment.
In the world of the internet of things, more and more people and organizations are beginning to understand that the real value in IoT is a function of the underlying data and the insight that can be gained from the analysis of that data. By definition, this suggests that the richer and cleaner the data set, the greater opportunity for insight and better resulting actions. So, instead of using an IoT-enabled device and the data from that device being used primarily by the device provider, enterprises and their CIOs and chief data officers want in on the action. They are beginning to demand ownership and control of the IoT data from all devices so they can look at data from device A in the context of devices B, C, D and so on.
Furthermore, companies are combining this information with data from their enterprise systems, such as ERP, point of sale, crew scheduling and others, and then augmenting it further with external data, like weather data, demographic data, as well as more and more data coming from a range of public IoT devices and data shared from increasingly IoT-instrumented partnerships. This data is cleansed and enriched, then propagated to a variety of constituents in what is being referred to as a first receiver architecture, designed to get the right data to the right constituent in the right way at the right time. In essence, this separates the creation of the data from the consumption of the data to the utility value of the data, thus maximizing use. Everybody wins, right?
Now go back to the GDPR regulations.
What happens when 50% of that data is contextually delinked and minimized? This poses a serious limitation. Then, when you consider the combination of data sets as described above, the minimization is compounded, thus the use is reduced substantially.
But the idea that you have to either delink and minimize your data or circumvent compliance at the risk of extreme penalties is a false choice. As with almost any large market opportunity, challenges that surface drive innovation, in some cases through radical breakthroughs by a specific technology and in others via the combination of existing technologies applied in new and innovative ways.
There is a team in Poland headed by University of Warsaw Professor Dominik Slezak doing some incredible work using statistical metadata for high-value approximation over massive amounts of underlying data that has great potential, both for investigative analytics as well as machine learning against those huge data sets, but in a fraction of the time. Further, if one looks forward, it would appear to be a capability, when coupled with other technologies that protect privacy, that can yield equivalent insights to otherwise “illegal data” that does not comply with the emerging regulations.
Another perhaps even more specific example is a new company called Anonos. (Full disclosure: I am an occasional advisor to Anonos.) Most of the privacy companies aimed at GDPR accomplish anonymization — and therefore compliance — by permanently delinking significant context. But the GDPR regulations have certain safe haven exceptions deemed acceptable that can, in fact, allow for greater flexibility, but requiring accommodations that many of the pure play anonomyzation offerings lack. Anonos is an example of a market response to a big problem, and there certainly will be others. Either the GDPR regulations will fail to go into effect (which that won’t happen) or the market will respond with more innovation to fill the gaps. And other countries around the world are sure to follow.
Now back to IoT.
The wall is created when organizations don’t take the time to understand the goals, in this case being maximum use of data, and simply rely on a path of least resistance. But whether it is taking on the issue of data primacy or data privacy, the wall — and its implied limitations — can become an opportunity with a little innovation and thoughtful planning. And since so many organizations will indeed take a path of least resistance, the magnitude of the opportunity for those getting it right is all the greater.
Many believe IoT will ultimately dwarf all other technology waves in terms of importance and especially in terms of scale. Most also agree that the real value of IoT lies in the use gained from the underlying data. While data scientists are becoming amongst the most important people in the equation, it really doesn’t take a data scientist to figure out that an enterprise taking a thoughtful approach to data, be it for security, privacy or primacy, makes all the sense in the world. It is the opportunity.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.