Huda Idrees is founder and CEO of Dot Health.
Too much of the recent debate on data privacy has been a response to data breaches and the sense of mistrust we collectively feel for Facebook and its chief executive Mark Zuckerberg. As the founder and CEO of a company that helps individuals access their personal health information, I view data as a matter of agency.
Individuals need more than mere assurances from government or private enterprise to feel as though their data privacy rights are not at risk of being violated. While the cautionary tales of our data being leaked often takes the spotlight, individual data control has a bigger part to play in making decisions about contributing our own data for better outcomes for everyone.
Data is the currency of the age we live in. It helps us build better businesses, make better decisions, hire better people, predict better treatments and so on. A distinct characteristic of this Information Age is the seemingly never ending litany of data-breach scandals. Whether it’s the Equifax breach that leaked the information of more than 140 million people, or the recent Cambridge Analytica and Facebook scandal that was manifested in U.S. law makers questioning Mr. Zuckerberg for 10 hours, all the stories point to the same result: Buyer beware! Do not share personal information with anyone. Ever. It’s like we’re stuck in an infinite loop of Sandra Bullock’s 1995 film The Net.
The term “personal data” has been used to describe just about everything from your name and phone number to your detailed health record. Since time immemorial, different parties have claimed to steward this data on our behalf. Banks are stewards of our financial information, governments are guardians of our social insurance and tax information and hospitals are keepers of our health histories, to name a few.
With the rise of mass consumerization of digital technologies, we’ve seen companies such as Amazon become knowledge centres of our purchasing patterns, Facebook of our likes, dislikes and relationship statuses and Apple of our technology-usage patterns among others. Personal data has become anything but personal in the hands of more organizations than we can count.
The current climate of data privacy is either too narrowly focused on social networks such as Facebook, or too broadly on government regulations. In our haste to cast blame, we have managed to bury the lede. Data privacy is about control. Not control by the government or private industry giants – but by the owners of the data. The key to data privacy is control by the people.
The EU’s recent General Data Protection Regulation (GDPR), coming into effect at the end of May, is one small step in the right direction. It focuses on consent by the user, ability to revoke said consent and penalties for misuse. It also outlines that organizations must allow users to revoke access to their own data. What GDPR falls short of, however, is specifying how obvious the tools for revoking consent have to be on digital platforms. Anyone who has ever tried to cancel a service knows how difficult it can be. The ease, accessibility and overall experience of privacy controls are key to reclaiming ownership over our own data. To truly address privacy concerns, we must go back to the basics.
The only type of data more sensitive than banking information is personal health data. At my company, Dot Health, we have taken on a big, hairy, unwieldy challenge that positions us squarely at the intersection of data privacy and highly personal information. We are on a mission to make access to personal health data universal, accessible and portable. We accomplish this by giving our customers complete power over their own data: access to it, the ability to share their own data, revoke access to this data and the tools to export it as needed. The team has gone to great lengths to make these user-facing tools clear, available on web and mobile applications and accessible to all of our users. Everything the Dot Health platform does is centered around explicit consent. In other words, regardless of how big or popular or far-reaching Dot Health’s network becomes, without the explicit consent of the individual, our platform has no access to that individual’s personal health information.
Governments, private sector and third parties not only need to be held accountable for the data they collect, store and use, but also for the level of agency they provide people over their own data. Sacrificing privacy for access is a false dilemma. We do not need to give up our right to privacy in exchange for access to better health care, faster delivery, or to stay in touch with friends and family. Similarly, if you want to – for example – share your own cancer-care history to improve someone else’s chances of early detection of the disease, digital tools and networks should give you the agency and tools to do that.
At the end of the day, serving personalized ads to a few billion people is one mundane example of what we can accomplish using data. The ultimate promise of leveraging data is far more powerful. It is a future where data can deliver faster referrals to care providers, recommend more accurate diagnoses, predict better treatment plans and ultimately save human lives.
Every century or so, humanity is handed a tool that has the power to transform our collective future. Voting is one such example. Agency over our own data – be it financial, political, or health data – is the tool of our generation. Individuals must wield their agency. Organizations must honour it. This is the time for all of us, individuals and the collective, to focus on using our powers for good.