Privacy Protection or Data Value: Can We Have Both?

Barker, Ken

doi:10.1007/978-3-319-27057-9_1

Privacy Protection or Data Value: Can We Have Both?

Ken Barker¹⁵

Conference paper
First Online: 25 November 2015

1844 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9498))

Abstract

Efforts to derive maximum value from data have led to an expectation that this is “just the cost of living in the modern world.” Ultimately this form of data exploitation will not be sustainable either due to customer dissatisfaction or government intervention to ensure private information is treated with the same level of protection that we currently find in paper-based systems. Legal, technical, and moral boundaries need to be placed on how personal information is used and how it can be combined to create inferences that are often highly accurate but not guaranteed to be correct. Agrawal’s initial call-to-arms in 2002 has generated a large volume of work but the analytics and privacy communities are not truly communicating with the goal of providing high utility from the data collected but in such a way that it does not violate the intended purpose for which it was initially collected [2]. This paper describes the current state of the art and makes a call to open a true dialog between these two communities. Ultimately, this may be the only way current analytics will be allowed to continue without severe government intervention and/or without severe actions on behalf of the people from whom the data is being collected and analyzed by either refusing to work with exploitative corporations or litigation to address the harms arising from the current practices.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

1.
There are societally and individually acceptable deviations from this high standard such as informing an insurance company about the costs of the service so the physician can be paid. However, this is done with the explicit informed consent of the patient and there is an expectation that this information will be kept private and will not be used for any other purpose.
2.
One-to-One marketing “... means being willing and able to change your behaviour toward an individual customer based on what the customer tells you and what else you know about that customer.” [8].
3.
This is often the argument made by those who believe that “nothing is private” any longer and we should just accept this as a reality. However, the argument is self-evidently specious since the argument’s proponents are often quite protective of some aspects of themselves as discussed earlier.
4.
It is unclear if this permission is collected in a completely non-coercive way. A patient might feel that by failing to sign such a document they may not receive the best possible care. Clearly this would not be the case but the perception may be a critical factor in providing such permission and this would likely be considered coercive in some way by a reasonable person. However, and much more likely, the patient is simply overwhelmed with the amount of documents required as they seek treatment so they may simply sign the documents presented to them with due consideration as they seek care.
5.
This quote is often paraphrased as “knowledge is power” but Sir Francis Bacon is actually speaking of the limits of God and that “knowledge” is in fact only a part of God’s power. It also suggests that it must be weighed against other aspects of power including, in this case, Godly judgement.
6.
Preferences are used here when discussing the desires of an individual with respect to data about them.
7.
We set aside legal issues associated with maintaining records of sales transaction to meet requirements such as tax regulations or service agreements. It would be easy to argue that this falls within the scope of the user’s purpose anyway but we are instead concerned with the “permanent” storage of this data for unspecified or other purposes that are common practice today.
8.
Many claim that credit card information is not maintained without specific permission but recent leaks have included credit card information in addition to all information required to identify an individual.
9.
A much harder problem that we can turn to later.
10.
The intended purpose is not defined by the company’s desire to acquire as much information as possible and leverage it for maximum utility. Intended purpose is defined by an agreement between a well-informed user and the clearly stated intentions of the corporation. If the corporation desires to change their intention, this is done by returning to the user to get an updated agreement.
11.
The “attack” here is a bit of a misnomer in that the analyst is probably only doing their job and not intending to attack or unethically compromise the users privacy. However, from the user’s perspective, if they have not consented to participating in a particular kind of analysis, they will see the analyst job as an attack on their privacy.
12.
In the following we will use the terms “provider” and “collector” to represent more abstractly the concept of a user and organization, respectively.
13.
The normal database operations, such as paging algorithms, may actually access some of the private data but since it is not seen at this level as a part of the modified query, it is not returned. There are associated exposures from paging in data that is not a part of the query per se because it is exposed in memory but this is not relevant to our simplified attack model.

References

The privacy act of 1974 (September 26, 2003 1974). http://www.archives.gov/about/laws/privacy-act-1974.html
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB 2002: Proceedings of the 28th International Conference on Very Large Databases, vol. 28, pp. 143–154. VLDB Endowment, Hong Kong (2002)
Google Scholar
Bacon, F.: Religious Meditations, Of Heresies (1597)
Google Scholar
Bennett, C.: Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Cornell University Press, Ithaca (1992)
Google Scholar
Duhigg, C.: How companies learn your secrets. New York Times Mag. (2012)
Google Scholar
Gudivada, V., Baeza-Yates, R., Raghavan, V.: Big data: promises and problems. Computer 48(3), 20–23 (2015)
Article Google Scholar
Mayer-Schonberger, V.: Delete: The Virtue of Forgetting in the Digital Age. Princeton University Press, Princeton (2011)
Google Scholar
Peppers, D., Rogers, M., Dorf, B.: Is your company ready for one-to-one marketing? Harvard Bus. Rev. 77, 151–160 (1999)
Google Scholar
Zhu, X., Davidson, I.: Knowledge Discovery and Data Mining: Challenges and Realities. Information Science Reference. IGI Global, Hershey (2007)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Calgary, Calgary, AB, Canada
Ken Barker

Authors

Ken Barker
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ken Barker .

Editor information

Editors and Affiliations

University of Delhi, Delhi, India
Naveen Kumar
University of Delhi, Delhi, India
Vasudha Bhatnagar

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Barker, K. (2015). Privacy Protection or Data Value: Can We Have Both?. In: Kumar, N., Bhatnagar, V. (eds) Big Data Analytics. BDA 2015. Lecture Notes in Computer Science(), vol 9498. Springer, Cham. https://doi.org/10.1007/978-3-319-27057-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-319-27057-9_1
Published: 25 November 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27056-2
Online ISBN: 978-3-319-27057-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics