Why the Cambridge Analytica data breach is a
turning point for data technology businesses
Every passing day brings new twists in the rapidly unfolding Cambridge Analytica saga. This London-based analytics firm has been accused of misusing the data of tens of millions of Facebook users. The concern is a global one, given news of CA’s role, not only in potentially influencing the Brexit referendum and the 2016 US elections, but also Malaysia’s 2013 elections and the Brazilian election later this year.
And then there is GDPR. Four years in the making and two years in standby, the EU’s General Data Protection Regulation (GDPR) is almost here. In a mere two months, companies looking to mine the personal data of EU residents must meet a host of defined responsibilities and obligations, or else face onerous fines.
It is hard to think of a more perfect storm for the world’s data and analytics community. So, does the CA controversy, coupled with the imminent introduction of GDPR, signal the end of data-driven innovation?
In fact, many commentators point out that it is the opaque use of an individual’s data, rather than the actual mining of this data, that many find objectionable.
Similarly, GDPR makes clear that there are “safe harbours” in which personal data can still be mined, including for meeting contractual agreements and existing laws.
But there are increased restrictions on companies wishing touse this data for a different purpose, eg customer analytics or business intelligence. These restrictions centre around an individual’s right to know when and how their data is being used.
Data-led innovators should not despair. What this doesn’t mean is any let-up on the need for technological advancements. Counter-intuitively, overcoming CA’s pitfalls and complying with GDPR requires more, not less, data management capabilities than is in general use today,
This includes:
- Data visibility to enable all copies of data related to an individual to be located and if required, deleted.
- Data tagging to ensure alignment with the purpose for which the data was collected.
- Single view to ensure no variability in the information collected on an individual across an entire organisation.
- Decision tracking to explain how AI-driven decisions that impact individuals were arrived at.
- Data lineage to demonstrate that the data used to build models are accurate and non-biased.
- Testing and validation of predictive models including using statistically appropriate samples.
- Data audits of the three key types of customer data: volunteered, observed and inferred.
- Robust anonymisation of personal information for the purposes of identifying trends at an aggregate level
Of course, with every challenge comes new opportunities. The optimists among us will point to the fact that the CA saga and GDPR will in future force companies to make their data easier to locate, make available and track. This can only benefit enterprise data scientists and engineers, not just in the EU, but also sets the industry standard globally.
Furthermore, whether or not companies have migrated to big data platforms is no guarantee of their ability to stay on the right side of public opinion and the law. For example, new age tools such as Hive and cloud are well and good, but not without comprehensive end-to-end processes to ensure data is tagged, user activity is monitored, data use is secured and data duplication is limited.
GDPR has raised many fears, including the possibility of being fined up to 4% of a company’s global revenues for violations. But the Cambridge Analytica case has demonstrated that the loss of reputation due to data breaches can have far more damaging outcomes. Its time for businesses to invest in better data technologies, and users to be vigilant when giving consent for use of their data.
CEO’s DESK
Forget networking, THINK ECOSYSTEMS
As many consultants rightly point out, ecosystems are the way of the future. But to my mind, there are three related but separate ecosystems that need to be conquered: digital, technology and business.
Digital ecosystems are those that deliver an integrated digital journey for the user. Here digital players like Ping An have demonstrated the power of a seamless customer engagement, whether its in the orbit of real estate or health or automobiles.
Then there is the technology ecosystem, that is, the disparate technologies that can be consolidated under one roof or platform and offered via a single gateway. This means a coming together of AI, transactional, IoT, blockchain, conversational and even virtual reality development.
And finally is the business ecosystem, perhaps the most difficult, because it involves the forging of new business alliances. This demands not only a need to demonstate mutual benefits, but also a deeper willingness to overcome differences in business cultures and models.
Given these challenges, I can only welcome Percipient’s participation in EY’s global Accelerating Entrepreneurs 2018 program, due to kick off in Amsterdam in April. By bringing together a select group of 30 entrepreneurs from around the globe, together with industry veterans and thought leaders, this program is unique in its ability to propagate the ecosystems as listed above.
Unlike the usual networking opportunities offered by large conferences, I look forward to exploring meaningful collaborations that might yield new needs-based ecosystems. Within the boundaries defined by GDPR and other similar data protection rules, such ecosystems are capable of improving users’ digital journeys and delivering substantial value.
To date, the most successful ecosystems have been built by digital giants the likes of Alibaba and Amazon. But I am convinced that the next wave, though still in its infancy, will take place at more traditional businesses like banks and insurance companies.
There will however be a difference. Rather than build them from scratch, these traditional businesses will be attracted to ready-made ecosystems, ie vendor consortiums organised around specific customer needs. These are truly exciting times.