Data is Risky Business: The Next Normal

Taking Stock

A year ago, organisations of all sizes around the world were catapulted into a cycle of digital and data transformation that saw many industries achieve in a matter of weeks in what would otherwise have taken many years to achieve. Small businesses pivoted to doing business online in a way that they might have never considered previously. Educators, whether they were schools, universities, or private training providers suddenly found that online channels were the only ones available to them.

Governments and Public Health authorities the world over became, with some exceptions, data focused in their approach to the pandemic. Whether it was counting tests, clinical admissions, rates of recovery, or vaccine effectiveness, data was key. Exposure notification apps developed in various countries (and Ireland lead the way in this to a degree) have apparently helped to reduce Covid infections.

And, as for the recovery period and reopening of society, Dr Mike Ryan of the WHO is adamant that governments should focus on “data not dates.” Deming’s maxim is eerily relevant: “In God we trust. Everyone else must bring data.”

In addition, our social lives also moved to an online mode. I’ve hosted rolling multi-hour birthday parties for friends and family on video conferencing platforms. Gyms and sports clubs have moved classes to an online mode (my Aikido dojo has been running online classes since last September). And I’ve attended and hosted countless online social meetups with various groups, maintaining connections with friends and family around the world.

Almost overnight, in the developed world at least, huge chunks of our economic, political, and social activity has switched to being technology-enabled and data-centric. What happens in the next twelve months will be crucial to the type of society we will inhabit as we shape the ‘next normal.’

Data is a Social Disease

The history of data and information is inextricably linked to the history of society. Whether we are looking at oral traditions of knowledge transfer through stories, or the emergence of written records a few thousand years ago, the development of social groups and societies has required information and data to be recorded to help educate, provide for, and govern those social groups.

Indeed, many of the tools and techniques of data analysis we use today have emerged from the study of illnesses and disease outbreaks in social groups. From John Snow’s famous cholera map that revealed clusters around a pump in London, to Florence Nightingale’s use of statistical data analysis to support infection control in the hospitals she oversaw, it is fair to say that data management and analytics and public health have grown up together as society has evolved.

But bad data is to society’s understanding of things what that Broadstreet pump was to London’s cholera epidemic in the 1850s. And, as the means of producing and publishing data have become more ‘user friendly’ through advances in information technology, it is even easier for misinformation to spread around the globe before truth has put its boots on, to paraphrase Winston Churchill.

Therefore, it was good to see organisations like the Kennedy School’s Ash Centre for Democratic Governance and Innovation publishing best practices for Covid-19 visualisation. However, we have also seen questionable data practices from public bodies around the world, such as the State of Georgia which published graphs with date sequences arranged so that graphs showed a declining curve which did not reflect reality. We have also seen data analysts subjected to challenge and arrest where their pursuit of objectivity in reporting of data clashed with political desires to present a positive narrative.

Add to this the significant increase in data that is being generated about us all over the past year through our use of online tools to stay connected to our workplace, our family, and our community and we see that our data footprint will have grown. But with that comes the temptation for employers to engage in invasive monitoring of connected workers. And, inevitably, the data about our social connections and interactions provides a virtual (pun intended) smorgasbord for digital marketers and ad tech businesses.

And, amid this, we are seeing some light at the end of the Covid-19 tunnel with the emergence of a range of viable vaccines, which is sparking discussion about tools such as digital vaccine passports. This represents another incremental step in the creation of a digital twin of our real-world selves. But it risks being done in haste with no clear vision of the problem that these technologies are intended to solve. There is also very little discussion of the social impacts arising from how governments or businesses might choose to implement these technologies and the impacts that might have on social freedoms and social interactions as we move into the ‘next normal.’ This is now the subject of an independent evidence review by the Ada Lovelace Institute in the UK.

After all, we have seen other technology panaceas that were promoted through the pandemic quietly fall by the wayside. For example, thermal scanners were initially promoted by some as a key public health control. But the World Health Organisation and other public health bodies quickly dismissed this. Back in June of last year, my company published a research paper on the topic that called out many of the key issues and risks of such technologies in an infection control context.

The Non-Covid Data Re-Evolution

Of course, life has continued during the pandemic and we have seen continued development in the world of data. The data side of our social lives has been of a particular interest with the news breaking earlier this year of Facebook’s change to its terms and conditions for WhatsApp to allow data to be shared with Facebook for advertising. This affects all WhatsApp users outside the EU and is a take it or leave WhatsApp deal. This has resulted in people migrating en masse to other platforms.

What Facebook wants is the social metadata that is created when we chat and interact through their platforms. People should not be surprised by this. Facebook makes no secret of its data-driven business model. That social interaction metadata gives them a significant insight into the lives of others.

But the new kid on the block in the social network space in 2021 is Clubhouse. This app launched with an air of exclusivity. You can only get on it if you are invited by others. Once you sign up, it ingests your contact list to help you find people you know who are on the platform, ranking them based on how many connections they have on the platform (that social metadata again). This includes non-users. So, if your contact details are in the contact list of a person who is using Clubhouse, that app is ranking your popularity based on how many times your data appears in the contact lists it is uploading.

Of course, these models of faux-exclusivity and harvesting of contact lists are not new. They were used by Facebook (originally limited to a small audience) and WhatsApp (which invited people to upload their contact lists to identify people who were on the platform. And, in each previous iteration they have resulted in regulatory action where they infringed on data privacy and data protection rights. But Clubhouse is aiming to raise $1 billion in investment with an approach to data, data protection, and data security that is discredited and downright dangerous. Oh, and it’s illegal in the EU and probably a number of US States as well.

Society’s Tipping Point

So, a year into our pandemic-accelerated data evolution we are at a tipping point as a society. The value and importance of good quality data for critical decision making in society has been made painfully clear. The importance of acting on warnings about long term risks that could have devastating consequences is also clear (epidemiologists have been warning for years about the risks of global pandemics). Crucially, the importance of trust in data and the trustworthiness of data management practices has been laid out before us unambiguously.

The implementation of Covid exposure notification technologies on smartphones highlighted data privacy concerns which had to be addressed in a timely and effective manner to ensure an appropriately balanced solution. Countries that did this well will reap a benefit for the future in terms of the learnings from those projects. Countries that didn’t will inherit a legacy of mistrust in public or private sector data innovation. A similar fate will doubtless befall vaccine passport or vaccine certification applications unless the social dimension of data is considered.

Beyond the pandemic, we are also at a tipping point as a society in terms of wider use of and innovation with data. Globally, the pace of data protection and data privacy laws continues. Even in laggard nations, such as the United States, there is a wave of legislation, with California being Patient Zero and Virginia being the latest to succumb to this legislative plague (as some adtech and bigtech vendors might term it).

The fact that we are seeing increased regulatory enforcement globally and successful litigation for data protection/data privacy breaches in the US in recent weeks also signals a key shift.

The sight of consumers ‘voting with their feet’ and leaving WhatsApp for other platforms in the past few months is further evidence that our understanding of the power and value of the data about us is increasing and the assumptions that consumers are OK with intrusions into their private space don’t hold up when people are aware of other options. The position of Facebook/WhatsApp that you either agree to their terms or leave their platform will likely see user numbers drop further.

The arrival of Clubhouse and the rapid scrutiny of its practices this year echoes the experience of Zoom in 2020, with one key difference: Zoom responded and took action to address the problems. Thus far, Clubhouse is not showing any such self-awareness. They continue to pursue their planned investment even when experts the world over are flagging that that particular Clubhouse is on fire, has termites, and is built on weak foundations.

The Challenge To Come

The challenge to come is simple. In the same way as Clubhouse doesn’t appear to have learned the lessons of Facebook, WhatsApp, or Zoom, there is a key risk that governments and well-meaning public authorities will fail to learn the lessons of trust in data and trustworthy data that we have seen in the past year.

Data is a social disease, but the introduction of new data technologies or capabilities in an organisation or in a community is as much of a social experiment and social change project as it is a technology project. And society is no longer blindly trusting of technology as a panacea. In an environment where there is mistrust and utter bullshit conspiracy garbage to be overcome as well, the parameters of that social change are even more complex.

As we begin to move into the ‘next normal,’ it is even more imperative that data management professionals take time to consider what the society we want to contribute to will be. We are on the cusp of a potentially monumental shift in the capabilities of our societies. The future is here. We all now must ensure it is evenly distributed.

Share this post

Daragh O Brien

Daragh O Brien

Daragh is the Founder and Managing Director of Castlebridge, a leading Information Governance, Privacy, and Strategy consultancy based in Ireland. He has a degree in Business & Legal Studies from University College Dublin, and is a Fellow of the Irish Computer Society. Prior to founding Castlebridge, Daragh worked for over a decade for a leading Irish telecommunications company in roles as diverse as Call Centre operations, Single View of Customer Programme management, and Regulatory Compliance and Governance. He a regular presenter and trainer at conferences in the UK and worldwide. Apart from his consulting and education work, Daragh is also Data Privacy Officer for DAMA International, a faculty member at the Law Society of Ireland, and a contributing research partner to the Adapt Centre in Trinity College Dublin. He lives in Wexford in the South East of Ireland and can be reached at daragh@castlebridge.ie or on twitter: @daraghobrien. In 2016, he was ranked by Onalytica as the 24th most influential person on Twitter in Information Security (including Data Governance and Data Privacy).

scroll to top
We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept