A large part of the issue with the Cambridge Analytica scandal was that the Facebook data obtained by the company didn’t just come from those who clicked through to the survey, but also their Facebook friends. That, says a WSJ report, is a growing issue.
The Cambridge Analytica scandal—where 270,000 people who downloaded an app led to a data breach for 87 million Facebook users—is the first large-scale example of the importance of maintaining “group privacy,” says Yves-Alexandre de Montjoye, head of the computational privacy group at Imperial College London.
In a hypothetical example, Prof. de Montjoye’s group reported that if just 1% of cellphones in London were compromised with malware, an attacker would be able to continuously track the location of more than half the city’s population …
Paradoxically, it suggests, the best way to protect the privacy of personal data may be to have all of it retained centrally, in encrypted form, with companies only being granted indirect access.
The Max Planck Institute’s Dr. Francis co-founded a company, Aircloak, to develop software to protect data. Diffix, as it’s called, sits between a database and its owners, allowing them to make specific queries but never revealing the whole database. It should allow firms like banks to protect user data internally, in a way that makes them compliant with sweeping new privacy rules under Europe’s General Data Protection Regulation, according to Dr. Francis and Sebastian Probst Eide, Aircloak’s chief technical officer […]
The idea of a centralized repository (a.k.a. personal-data store), which marketers would have to seek permission to access, has been proposed before. But these projects—which depend on some companies having our data, and others not—haven’t taken off, since gathering and using our data is both legal and lucrative […]
With GDPR, Europe has an opening for such a service, and if any of the privacy regulations proposed in the U.S. gain traction, conditions could ripen here as well.
This could be an opening for Apple, Amazon or some new entrant to become a personal-data custodian.
The theory is that one highly-protected database could be safer than having our personal data scattered throughout thousands of different databases.
The question is who could be trusted to be the central repository for personal data? The piece suggests that governments, Google, Amazon and Apple could all be candidates.
What’s your view? Do you think the ‘shared privacy’ theory is viable? And if so, who would you most trust with your data? Please take our poll and share your thoughts in the comments.