The Next Data Frontier

The privacy challenge

Have you also experienced that feeling of disappointment after discovering that a social media platform, marketplace, or financial application has secretly been collecting your personal data? Or worse, perhaps you found out that they were selling your data to third parties behind your back.

If so, you are not alone. Millions of consumers in Vietnam and countries around the world have suffered from similar frustrating experiences.

Our human right to privacy should not end at the limits of the physical realm; most of our day-to-day activity nowadays takes place online, while we’re commuting to work, sitting behind a desk, or relaxing at home.

In Vietnam, there is currently no unified and comprehensive law on personal data protection, unlike the European Union’s General Data Protection Regulation (GDPR). Instead, the relevant regulations are fragmented across 50 separate laws on diverse subject matters, hindering interpretability and consistency (see, in particular, the Law on Information Security: Law №86/2015/QH13 and the Law on Information Technology: Law №67/2006/QH11).

Under the current position, companies are required to obtain consumers’ consent before storing or transferring their personal data. In addition, consumers have the right to request that their personal data be deleted, save where retaining records is required for regulatory purposes.

This regime is not effective in practice, as regulators cannot monitor online activity at large. Further, data management activities often take place in private, opaque servers. Consumers can simply not trust that data processors will play by the rules.

The Cambridge Analytica scandal is the most prominent, but not last, in a series of privacy breaches that have been unmasked by the media. The scandal showcased how personal data can be exploited to match propaganda to unsuspecting users’ personal interests.

In fact, there are fears of electoral outcomes being “decided” through such targeted efforts.

Against this backdrop, it is apparent that consumers lack control over their personal data: they don’t know who has known what and for how long. In this environment, the right to privacy is merely illusory.

The identity challenge

A wealth of data is generated daily through our online footprint. This data can carry useful information about our identity, our preferences, and even our relationship to other persons.

Many companies are keen to aggregate user data to influence in-platform choices and advertising. This discrimination can be positive, for example, if a user is willing to receive tailored recommendations about products that satisfy their preferences. However, discrimination also be negative if platforms adopt a prejudicial treatment towards users from certain geographies or communities.

Since end-users have no control over these data points, they are unable to take control of the aggregation process across platforms to build a “digital passport”, or e-identity. This is a missed opportunity, as having a digital passport would open the door to a world of value-creation opportunities.

For example, a digital passport would be particularly useful in economies where many citizens do not possess state-issued IDs. The lack of identifiability complicates government and humanitarian action when faced with a national crisis or global catastrophe, such as the COVID-19 pandemic.

Further, the “unbanked” are typically a subset of the “unidentified”, relegated to conducting economic activity within the informal sector and with little prospect of sparking economic growth. A digital passport would drastically improve this situation. For instance, transactional histories in e-commerce sites and social media indicators can carry valuable information about a person’s creditworthiness.

The monetization challenge

Since consumers cannot control access to personal data, they are also unable to monetize this. Instead, all compensation flows to the companies that collect the data and sell it to third parties.

The prevailing model is far from consumer-centric. What we need is a fair system that requires consumers to explicitly consent to the collection and transfer of their data, as opposed to having this consent buried in a sea of terms and conditions. Let’s be frank, we are all used to scrolling to the bottom, clicking “accept”, and just hoping that we haven’t agreed to sell our soul to the devil.

Importantly, consumers should also receive a reward for granting this consent, in recognition of the valuable nature of their personal data. This requires greater transparency as to the uses and income streams arising from companies’ collection of personal data.

But this change of approach need not be bad for companies either. With an appropriate monetization system in place, companies would be able to share previously siloed customer data with one another, always with the explicit authority of consumers.

We can picture a realm of interconnected data roads, with tolls to be paid to customers for moving their data across these roads, from one company to another.

The next frontier

The move towards consumer sovereignty that this article has been advocating will not happen overnight. It requires collective industry and governmental efforts to improve on the status quo.

On the government side, a draft decree has been presented by the Ministry of Public Security to move towards a GDPR-like regime. The decree remains in skeletal form, and the timing of further developments has been put into question by disruption caused by the pandemic.

Credify is working on a range of consumer-centric data solutions, including a passport application (idX) and a monetization system for inter-company data sharing (serviceX).

If you are passionate about these issues, you can also play your role in advocating change by participating in public consultations and engaging with industry initiatives. Change will not only benefit you by ensuring that your fundamental human rights are respected, but it would also open the door for new value-creation opportunities.

About the Author

Alfonso Delgado Rius is a Senior Research Advisor for Credify and a PhD student at Imperial College London, where he conducts research at the intersection of law, economics and computer science. He is an advisor to several regulatory bodies, investment funds and start-ups working in the emerging technologies space. Alfonso obtained an MSc in Law and Finance from the University of Oxford and graduated with a distinction.