TT07 Personal Data for the Digital Era

Massive leaks are precipitating a global imperative to protect information. While personal data is becoming a security focal point, its value mandates active utilization by broad distribution. Balancing the utilization and protection of personal data has become a prerequisite for economic development.

Unintended Use of Personal Data

Numerous devices are continuously storing traces of data. A tremendous amount of personal data continues to be accumulated in the digital world ranging from name, date of birth, GPS, web view histories and other attributes. Data logs are then transmitted from our devices via the internet to improve and personalize services that companies provide.

Personal data is now extremely valuable and cyberattacks targeting it show no sign of abating. Hundreds of millions of items of personal information have leaked from businesses, including major hotel chains and marketing companies. In excess of 2.2 billion email addresses and passwords have been revealed and published on the dark web. The abusive use and collection of data by companies has also attracted tremendous attention. For example, one social networking service was suspected of sharing unauthorized data with a consulting company that allegedly used it to manipulate public opinion. Both companies have been subjected to heavy criticism. There was another case where a smartphone application, which was distributed without going through the proper review process, collected all types of data from young users. Because of its high value, personal data continues to be targeted for abuse by multiple players.

Global Protection of Personal Data

Large-scale information leaks caused by cyberattackers and undesirable collection and misuse of information by companies have resulted in a global trend to protect information. For example, the General Data Protection Regulation (GDPR) adopted by the European Union (EU) was enforced in May 2018. This regulation grants individuals the right to control their own data and stipulates a variety of rules for companies that hold and use data. To comply with this regulation, companies need to adhere to multiple measures such as a clear consent for the collection and use of data, appropriate measures for security management and data erasure after a request. The EU is also examining ePrivacy Regulation. Privacy protection is becoming active in other regions. In the United States, the State of California passed the California Consumer Privacy Act and is now preparing for its enforcement in 2020. In addition, many Asian countries are working on similar legislation development.

Technological measures for data protection are becoming increasingly important. Ongoing efforts are striving to improve the quality of data protection via multiple approaches including the use of AI and camouflage against attacks on supply chains. Individuals are starting to look for ways to protect their own data. For example, the number of people who use search engines that never track histories is on the rise, increasing by 50% compared to the previous year. Services and functions that meet the demands of users who wish to value privacy, such as DNS that does not record IP addresses and web browsers that emphasize anonymity, will likely also expand in the future.

Data Distribution to Maximize Value

As data protection efforts accelerate, work is also underway to build an environment where proper personal data distribution maximizes its value. For instance, discussions are proceeding toward the establishment of a management and distribution system focusing on individuals instead of data-holding companies. Personal data stores, where individuals manage their own data, are becoming a reality in Europe and other parts of the world. In Japan, a system called the Information Bank is now in its preparatory stage. In this model, an information bank is entrusted with the data of individuals based on an agreement and provides such data to third parties only with approval. After the transaction, the bank pays the individuals a fee and profits result.

It is also essential to be able to easily move the information that each company holds to distribute data to maximize its value. Some IT companies are working on the unification of data exchange formats between services. Although different services may have inconsistent forms and storage methods, conforming to a uniform rule during data movement will likely streamline its distribution and enhance its value.

Technological advancements are widening the range of data distribution. Using anonymization, which processes personal data to disassociate it from the individual, it is possible to automatically extract and anonymize even proper nouns from unstructured data such as text written in a natural language. Using this, even medical documents and meeting minutes are expected to become distributable. In addition, secure computation, which enables the processing of encrypted data without decoding is also enabling the safe use of sensitive data.

Balancing Protection & Distribution

While data distribution is attracting significant attention, excessive sharing of data could cause future conflicts. For instance, some regions of the world are seeing the emergence of a credit score service that calculates the creditworthiness of individual customers based on transaction and behavior histories. However, the ranking of individuals through the use of such data can also be considered a material infringement of privacy or a discriminatory practice. Businesses must find as part of their activities practices that are acceptable to users as the owners of the data.

One way to solve this issue is with on-device AI. The advancement in AI chips that can be mounted on smartphones and on-device learning methods are enabling closed processing within a device. On-device processing does not require data transmission to a cloud, so companies do not view or manage data. As a result, on-device processing is predicted to generate services that are significantly more personalized and secure.

It is equally important to think about what type of data is really necessary. One streaming service does not use personal data such as nationality, gender or age to improve the accuracy of its recommendations. It analyzes user attributes based on viewing histories and hours of use instead, leading to more users and sales. Other companies have started to calculate patterns based on vast amounts of behavioral data for targeting purposes. In the future, new perspectives that defy existing benchmarks and conventions may become the first step in acquiring customer trust and expanding service. When the competing concepts of both protection and distribution of personal data reaches an equilibrium, new innovations will be developed rapidly driving further economic growth.

What are you looking for? search