The boom in internet-enabled mobile phones, apps and other
high-tech gadgets in recent decades has led to an explosion of
personal data.
The boom in internet-enabled mobile phones, apps and other
high-tech gadgets in recent decades has led to an explosion of
personal data.
A paper published by the world’s
main central bank umbrella group, the BIS, has called for
individuals and firms to be given more control over the data
collected on them by social media and other Big Tech firms and
banks.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The boom in internet-enabled mobile phones, apps and other
high-tech gadgets in recent decades has led to an explosion of
personal data that firms now harvest, process and sell.
The Bank for International Settlements (BIS) paper published
on Thursday said while most countries already have some laws
around data use, most individuals still were not aware of what
was at stake, or their rights over their data.
Authorities should therefore adopt new data governance
systems to “level the playing field between data subjects and
data controllers,” the paper said.
They should require firms to get clearer consent to collect
data, better explain how it was being used and make it easier to
be accessed by those from whom it was harvested.
“When data are shared between data providers and data users,
the data governance system should specify which data are
requested for sharing, how long they will be retained by data
users, and who will process them,” the paper said.
The BIS’s role as hub for top central banks underscores just
how broad-based the clamour for stricter data rules now spreads.
Current controls differ widely. While the European Union’s
General Data Protection Regulation (GDPR), which took effect in
2018, is generally seen as the most comprehensive, it is still
seen as having issues.
Other parts of the world are far less advanced. The United
States, for example, where most Big Tech firms are based, still
has no overarching consumer privacy laws, instead relying on a
patchwork of state and sector rules.
The paper said data subjects also lose out because their
information often becomes locked in firms’ silos or platforms
after using an app, website or service.
In turn, the companies can then combine that data with other
attributes such as income and education to derive insights and
predictions, thus creating “derived data” often seen as more
valuable.
Young and less well-off people also tend to be denied loans
due to a lack of previous credit history, whereas if they had
full access to their online data, that could be used instead.
“The young take time to accumulate tangible collateral and
the poor may never acquire sufficient collateral,” the paper
said. “These low-margin, high-risk consumers are uneconomical to
reach in the traditional system without access to digital
datasharing.”
It added any new governance system should meet the following standards.
purpose limitation – ensure that the purpose for which
data is being shared is described in clear and specific terms.
data minimisation – share only as much data as is
strictly necessary.
retention restriction – ensure that data is not shared
for longer than required.
use limitation – ensure that data is used only for the
purpose for which it was shared.
operational resilience – ensure that data is secure.
link