John Henry Clippinger, Research Scientist at MIT

Big Data & privacy - Video interview


Big Data, privacy and the smartphone: who controls the information and data we collect in our mobile phones?
We spoke about this with John Clippinger, research scientist at the MIT Media Lab's Human Dynamics Group and founder of the non-profit organization IDcubed. 


1.  How important are personal data in the context of Big Data?

In one sense personal data is the most important kind of Big Data because it is the most sensitive, predictive, intimate, and valuable kind of data. Big Data is not just about the quantity of data being processed - but about the quality, value and intimacy of that data. Everyone - companies - enterprises and other - wants personal data a part of their Big Data analytics.

2.  Mobile phones and big data. Our mobile devices collect a huge amount of personal data: information on purchasing experiences, geo-referenced data, images and conversations.  But who actually owns the data? What advantages and risks are there for users?

The question of real property rights over personal data is a complex one. In many cases in U.S. and EU people have a right to have a copy of their data and the expectation that it would be used in a permitted manner that respects an individual's right to privacy and dignity. The question is really about what are the duties of a third party in using data about me - not whether they necessarily own it or not.  There is data about myself that other's originate and control - such as my credit scores which I do not own but I have a right to access and correct. I do not have a right to deny its collection or use even if I believe it is a biased and incorrect predictor of my credit worthiness - which is true of many credit scoring methods.  Likewise, in the U.S. ,amazingly through FERBA regulations, parents have very limited rights of access and use over school data about their own children. Similarly, in the U.S. patients have limited access and use rights to health and treatment care information about themselves.  There are significant risks for users because they do not know how this data are being used about them - whether the data are complete or accurate - and what services are being denied them. In many cases, the data are incomplete and inaccurate, hence creating an inaccurate picture of the individual resulting in the denial of appropriate services or offerings. As the data becomes more comprehensive and the analytics more powerful, the risks and abuses will become more severe and profoundly consequential.

3.  Up to which point is it legitimate for companies and bureaucracies to exploit the personal data of users/citizens? What is the maximum level of depth and analysis?

I think the exploitation of personal data is only legitimate, if it is done with informed consent, without coercion - implicit or direct - and for which there are limited potential harms and fair economic exchange value; this does not describe Google or FaceBook.

4. What are the most critical aspects to address, today, in order to guarantee transparency by companies that process data?

I think we need to completely rethink our privacy policies and practices. They are artifacts of the 1970s and 80s and do not reflect the reality of today's data immersion & data driven and sensor based economies.     
Transparency and notification and consent are not adequate. We need to use technologies to express and enforce privacy policies that also enable the permitted flow and value creation out of data. There needs to be auditing enforcement and the rapid self-correction of data policies.

5. After the NSA scandals, an awareness of the importance of more careful handling of personal data has changed the attitude of major players on the Web (Google, Microsoft, etc.)? In what way?

There has been some changes such as more encryption and better authentication processes.  American cloud and SAS vendors are especially sensitive to all the "back doors" that NSA, CIA, FBI, and    DEA have put into seemingly secure vendors products - routers - firewalls, flash drives,  cell towers, monitors, sensors, etc. etc., for instance, has lost major banking customers due to the revelations and there is an industry wide movement to get cloud vendors located outside the US and the immediate reach of NSA. The simple point is that the architecture of the Internet is a dated design and provides inadequate, resiliency,  privacy and security protections. We are in for a major overhaul.

6. Given your standing within the World Economic Forum on these issues, can you give some more virtuous examples of personal data handling?

There are new start up companies such as that are positioning themselves as for the protection of individual - personal data. Their business model is based on providing privacy protecting services. In a different way, this is true of Microsoft - after being one of the bad guys in this space with Passport - is now one of the more responsible and thoughtful large corporate citizens. This cannot be said of FaceBook or Google.

7. How does the concept of privacy vary in the world? Are there any differences between Europe and the USA?

There are significant differences between the EU and U.S. regarding personal data - as in the EU the protection of personal data is a basic human right grounded in personal dignity whereas in the U.S. it is treated in economic terms with limited government oversight and involvement.  Moreover in the EU , there is a much stronger role for the government as the guaranteer and enforcer of privacy rights - though by U.S. standards the EU government have far too much concentration of powers in the issuance of identity cards and in the oversight of privacy regulations. Whereas in the U.S there is minuscule trust in governments and a belated trust in companies - the reverse is true in the EU. That said, there is a move towards a harmonization of data privacy policies through the U.S. consumer data bill of rights and the EU Protectorate's Directive on personal data protection. Clearly, China has a different view than either U.S and EU - giving enormous surveillance powers to the government and control through the "Great Firewall of China".  Turkey recently based legislation that gives the government great surveillance and censorship powers over to the Internet to close down "insulting" sites. The point to be noted is that the powers of not only States to have massive surveillance powers - but companies like Google is growing.  The surveillance powers of companies and  states are growing and are effectivelu unchecked as regulators and legislators simply cannot keep up.