And by guys I mean the folks (myself included) invested in a future that is analytics-powered and socially-enabled, a future that is heavily reliant on people’s willingness to share information.
Why my call to action now? Well thanks to Prism privacy is currently top of mind, but there is also another reason. I firmly believe that if we don’t get our act together and start designing privacy into the fabric of what we are building, we are going to completely undermine the industry that we are trying to build for ourselves.
Over the last few months I’ve been buried in privacy design work which has frankly been fascinating and head-wrecking at the same time. Its involved numerous legal reviews for compliance of corporate and in-country laws, several iterations of my privacy model, and finally design & redesign of the architecture in order to support the model. It’s been excruciatingly painful and yet wonderfully enlightening as it forced me to change the way I think about privacy.
From a product development perspective I see privacy through two competing lenses:
How to maximize the value of the Data & Analytics
It’s important that whatever we do we ensure that we maximize the value of the data we are consuming; both for owner of the data (the person) and the customer of the solution (the company). We don’t want to design a privacy model that makes the analytics useless as that defeats the purpose and limits (for everyone) the value that can be realized from the data. Anonymization is one example of an extreme approach to privacy that is frequently the privacy advocate’s first instinct. In my opinion its a brute force approach that only serves to devalue the data and impact the value of the analysis. In some cases — maybe aggregate-level analysis, such as demand sensing or market segmentation, or analytics which may be sensitive, like organizational sentiment, anonymization is the correct level of privacy. However in other scenarios its completely inappropriate, such as with personalization or recommendations. In this case you need to know the individual in order to apply the results of the analysis. There is no “one size fits all” and several approaches need to be applied in most application scenarios. Privacy doesn’t need a sledgehammer, it needs a scalpel.
How to design Privacy Controls & Transparency that inspires Confidence & Trust in our users
With user information, the issue isn’t privacy as an absolute as much as it is control, ownership, and transparency. I might be willing to share certain information with some organizations and not others; maybe I am happy to share my medical records with my healthcare provider and my eating habits with my local grocery store, but not vice versa. So when we think about privacy we need to think about it more at the level of the individual choosing which portions of their profile (or network) they are willing to share with whom.
However, there is another dimension to this “sharing” that is absolutely critical. Not only do we need privacy at the level of “who am I happy to share information with?”, but also at the level of “what type of analytics am I happy for them to apply to my data?”. I may be happy enough for my favorite retailer to use the data to provide discounts on the products I buy, but not to predict the products I MIGHT buy or to make INFERENCES about my health (as per the example of Target inappropriately predicting one of it’s customers was pregnant). So privacy control is about both DATA and ANALYTICS.
Now why has the industry made such little progress on implementing privacy controls thus far? That’s a complex answer, but if I was to give it a crack I would say:
- Technical Complexity: Privacy infrastructure & controls are complex to implement and have the potential to add significantly to your development, maintenance, and deployment costs. Privacy controls will definitely have some analytics performance implication and hence likely require additional infrastructure to mitigate.
- Business Complexity: To implement proper privacy controls and ensure that they comply to local standards, you need to collaborate across disciplines (legal, technical, business).
- Skills: The majority of innovation in this space is being driven by small young energetic startups; and thank God for them because they’ve given us enterprise folks a well needed kick in the backside. However while they are hugely innovative they don’t, for the most part, have experience of building solutions for the privacy obsessed enterprise space and hence are less likely to dig into this area unless forced to by the market.
- Market Demand: Users are still very complacent about privacy and aren’t demanding such controls from their solution providers. And lets face it, there is nothing sexy about adding privacy into your product which means there isn’t a huge appetite for investing limited development resources on implementing complex privacy controls which definitely doesn’t have the same pazazz as pretty much any other feature you could add. And as long as the general public seem complacent about privacy and happy enough to share data without ever knowing with whom its going to be shared and what they are going to do with it, solution developers aren’t going to invest in privacy.
But is this a time-bomb waiting to explode? [my perspective on that question from early last year; Is Privacy the Software Industry's SOPA?] Are people eventually going to start to demand controls? And if they do what the heck are solution providers going to do? Retrospectively building a privacy model into your solution is extremely difficult, particularly if you are talking about granular levels of control and not the sledgehammer approach.
So designing for privacy is not fun… but we all have to just suck-it-in and start building our solutions with privacy first in mind.