The Increasing Complexity of Sourcing High-Accuracy, Sensitive Data
July 28, 2022
The value of leveraging crowdsourced data for a deeper understanding of patterns related to customers’ behaviors, demographics, and lifestyle preferences is now undeniable for companies. It helps them address a multitude of use cases that could not be addressed before, such as smarter site selection, personalized marketing campaigns, targeted offers, and real-time location-based alerts.
We are seeing a myriad of applications and websites that want to collect personal data from users, whether they e-commerce, weather apps, social networks, GPSs, cameras, or prayer apps (special mention to Salaat First for selling their users’ sensitive information to the data broker Predicio without their consent and knowledge).
The location data sector is estimated to be a $12 billion market and includes collectors, aggregators, marketplaces, and location intelligence companies. Each of them brags about the volume and accuracy of the data they have accumulated. However, the collection of these data is not always done in a transparent manner, and sometimes doesn’t respect the confidentiality and privacy of the people involved.
In addition, with the ever-changing data offerings, acquisition methods, and privacy laws (GDPR, Law 25, etc.) as well as the complexity of interpreting the terms and conditions (T&C) of each contract, organizations are finding it harder than ever to navigate and compare datasets in the marketplace. That is why it is in their best interest to deal with a neutral specialist who can provide a sensitive data advisory.
Our Cellphones: A Potential Danger for Our Privacy
It is common knowledge that if you want to use an app or a website, you must consent to its terms and conditions regarding the use of personal data, in particular. But do you know anyone who takes the time to go through the specificities of an end-user agreement, or EULA, no matter how simple? No, I don’t either. Checking a box is much easier and more convenient than reading and understanding pages of small, complicated text. That’s why some people describe clickwrap agreements as “fake” consent; they are far too easy to agree to without proper understanding. Moreover, there are many forms of consent and they do not all have the same legal value.
Once users have given their consent, there is nothing to prevent the applications of their mobile devices to collect personally identifiable information (PII) about them, including where they are and where they’ve been. A study by the French National Commission for Information Technology and Civil Liberties (CITCL) showed that 30% of mobile applications collect location data, sometimes without even needing it to function. Knowing your whereabouts makes sense for a GPS or a weather application, as precise location is the only way to get accurate forecasts and alerts, but a little less for a mobile game like Candy Crush.
Besides, HERE Technologies found that 80% of consumers do not fully trust the services that collect their location data to handle it the proper way. Nearly the same number said that sharing their location made them feel stressed, nervous, or vulnerable.
Yet, some people are willing to share their location with their friends on the Snapchat map, even if the definition of “friends” on social networks is quite broad and sometimes includes only acquaintances. Do you really want your co-worker, high school science partner, or your girlfriend’s cousin to know how you spend your Friday nights?
And What About our Cars?
Our phones shouldn’t be our only concern as today’s smart cars can tell as much about our whereabouts by tracking our movement habits. Indeed, according to the International Data Corporation (IDC), nearly 90% of new vehicles in the United States will have some form of built-in connectivity by 2023, whether it is Wi-Fi or Bluetooth. These attractive additions not only let you listen to Spotify on your way to work and accompany you on unfamiliar roads, but also enable our vehicles to collect and transmit massive amounts of data.
When used appropriately, these data allow drivers to avoid traffic, urban planners to identify routes requiring reconfiguration, insurance companies to identify unsafe driving habits, and fleet owners and manufacturers to detect potential car repairs.
Illegal Data Collection: The New Plague
The main danger is that many forms of collected data can be stored and then sold, without users knowing to whom or why. This could have important consequences on their privacy, as much can be deduced about someone just from their movements:
“Where they live, where they work, who their best friends are, whether they attend a clinic specializing in this or that disease, whether they regularly attend a mosque or a church. Even the restaurant we go to regularly can give an indication of our salary.”
– Pierre Trudel, Law Professor at the University of Montréal
In addition, some companies that collect, classify, exchange, or use personal information are sometimes able to de-anonymize anonymous data, which means they can build complete data from incomplete information. As a user or a customer, you might think that all you have to do is deactivate the location services on your phone, and voila! But this doesn’t address the problem of those who collect data illegally. We can think of the Tim Hortons application, which illegally collected “vast amounts of location data” and knew where its users were at all times.
Companies collecting data without users’ consent face legal risks, such as lawsuits, as was the case with Google, which was sued by the state of Arizona for illegally collecting data on the whereabouts of its users, even after they refused to provide access to their location. The reputation of these companies can also be affected, which is equally true for those buying or using illegally collected data, even if they are unaware of it.
Protecting customers’ location information, such as latitude and longitude, is not only desirable but is also a legal obligation. Thus, companies must be transparent about how they collect and use their data.
Doing Business With a Trusted Advisor
Despite everything, linking datasets to a location is still very important and allows you to accomplish many things but collecting and acquiring geospatial data also comes with confidentiality, privacy, legal, and data integrity considerations. Having high-accuracy and quality data coming from a portfolio of carefully selected partners makes data enrichment and analysis much easier, so you can use information about the real world to gain better business insights in a safe and reliable way.
But in today’s rapidly changing market landscape, providing vendor-agnostic data advisory and sourcing is becoming increasingly complex. For Korem, this means investing in several data-centric areas, including:
- Market and partner watch
- Data comparison and analysis
- Data acquisition methodologies analysis
- ISO 27001 security certification
- Data T&C expertise
- Data privacy regulations analysis
- Personalized Data as a Service (DaaS)
- Data anonymization techniques (data masking)
For example, our contract management offer helps companies understand the specificities of the terms and conditions (T&C) associated with purchased datasets so you can use the data in a compliant manner and avoid any legal surprises.
If you don’t know where to start or don’t have the in-house expertise to make confident data sourcing or integration decisions, Korem can support you from the data selection process in order to avoid the most common pitfalls when shopping for geospatial data, to the data analytics process.