In the run-up to GDPR, the attention of businesses has understandably been focused on issues of data privacy and the rights of the consumer, including the ‘right to be forgotten’. Article 17 of the GDPR, the Right to Erasure or ‘right to be forgotten’, states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay”. For companies that store information on behalf of their customers, it basically means the customer wants to ‘close their account’ and prevent the vendor from maintaining any personal information on file.
As the Internet of Things (IoT) gathers pace, a new area of focus will emerge center stage: ‘data ownership’. As the growing processing power of the latest technology continues to transform data into an ever-more valuable resource, the question of who owns data is becoming an increasingly thorny and complex debate. For example, if you use a fitness app to track your running or cycling workout, such as a Strava, do you believe only you should have control over all data pertaining to your exercise habits and goals?
Today, there is an ever-growing list of use cases in which the issue of data ownership comes into question, and there are several complexities that often make it difficult to reach a conclusive answer. One of the most contentious of these areas is around predictive maintenance in the transportation industry.
The latest advances in IoT and device monitoring allow car, aircraft, train manufacturers, and so on, to monitor various mechanical systems by installing sensors within the machines. Taking this step helps manufacturers minimize downtime by using the sensor to predict likely maintenance cycles; taking the machine offline; scheduling its repair and then quickly getting it back into production.
This reduction in unplanned downtime brings extensive benefits to airlines, trucking, shipping and railway operations, however, it also raises some serious concerns around the issue of which entity owns the data collected by the sensors about each physical asset. For example, an airline may believe they own the data because they purchased and operate the plane. However, the manufacturer of the airplane parts may also feel it has a claim to the data collected about each of those parts because they may have included terms and conditions in their contract with the airline that give them the authority to retain the rights to all information collected from any plane containing their parts.
That becomes an especially thorny issue when parts manufacturers look to use their expertise to get into maintenance services and build a multimillion dollar business. At that point, their claim to ownership of the data becomes critical to their success. In this scenario, challenges arise if their customer (i.e. the airline itself) asserts it has ownership over the data and uses that information to set up its own branded maintenance company. This can lead to a conflict of interests, wherein the airline may start to compete with the service provider by offering a maintenance service to other airlines—serving as a ‘center of excellence’ if you will.
Connected cars is another area rife with data ownership issues. The EU’s eCall directive requires all cars manufactured as of April 2018 be equipped with eCall technology. In the event of a serious accident, eCall technology automatically dials 1-1-2 – Europe’s single emergency number (similar to 9-1-1).
It’s a great example of how digital technology can be applied to help save lives. However, the flip side says, what if your car was always transmitting a continuous stream of data about your location, driving patterns and behavior to the dealership at which the car was bought? What if that data was then shared with third parties including insurance companies? And what if—as a result of having access to that information—your premium was upped by your insurance company because available data indicates you are a high-risk driver? In that example, having the right to ‘turn off’ access to your personal information becomes a lot more compelling, doesn’t it?
To-date, it has mainly been in manufacturing use cases where ‘ownership’ of data has been asserted, however there are a host of other examples where data rights may raise even more complex issues. So, what can consumers do to protect themselves and navigate safely through what is an increasingly complex data ownership landscape? Individuals certainly need to clearly understand the terms and conditions to which they have agreed when dealing with a manufacturer of any device, retailer or healthcare provider. Knowing whether they have ‘ticked the opt-in box’, if you will may have profound implications for both themselves and their data.
GDPR certainly takes some steps in the right direction towards protecting consumer data privacy by banning the use of “pre-ticked, opt-in boxes” as a valid way of gaining an individual’s consent. However, anybody who wants to avoid contentious data ownership issues in the future would be wise to ask themselves when buying a new connected car, Fitbit or smartphone: “Have I checked through all the necessary terms and conditions? What level of information am I really agreeing to share?”
Much of the debate around GDPR thus far has been focused on data security and data privacy. These are key areas of course but as the data-driven age progresses, businesses and consumers alike will come to realize that the complex issue of data ownership is at least as important if not more so than the others. My advice: check your T’s and C’s carefully if you want to keep your personal data secure in the digital age and make sure any vendor with which you do business gives you the option to ‘be erased’ if you so choose.
Ciaran Dynes, SVP of Products, Talend
Ciaran Dynes, the Company’s current Senior Vice President of Product, has been named an executive officer of the Company, effective May 19, 2017. Mr. Dynes joined Talend in January 2011 as Director of Product Management, and was promoted to Vice President of Product in July 2013. Prior to joining the Company, Mr. Dynes worked as a consultant to Sopera GmbH (acquired by Talend in 2010). Previously, Mr. Dynes served as Director for Product Management at Progress Software from 2008-2010, and as Director of Product Management at IONA Technologies (acquired by Progress Software) from 2004-2008. Mr. Dynes holds a B.A. (Mod.) in Computer Science from Trinity College Dublin (Ireland).