The pace of the digital revolution has left a lot of us feeling exposed. Today we are faced with the reality that an average person on an average day generates an enormous amount of data for the whole world to see. We know that in this new environment our security depends on our data, but can’t help asking ourselves: is security worth the cost of our privacy?
Thankfully, we don’t need to choose. The premise of the question is wrong. It reflects the widespread misunderstanding of the relationship between security technologies and personal privacy. In fact, privacy depends on security.
In our modern age of data prevalence, security is the only thing that enables privacy. When security is not built in to the technology, your privacy is only granted at the discretion of whoever has your data. They must choose not to associate you with it. Privacy by choice is a very weak proposition of privacy.
We have another option – privacy by design – but it depends on a more sophisticated understanding of privacy and a deeper trust in technology.
Privacy by design is enabled through anonymous authentication and data security.
For example: a traffic service provider needs to know the speed and position of the car, and whether the data is authentic, i.e. coming from an actual car and not a hacked source. The traffic service provider should be able to perform these tasks without being able to figure out the car owner’s name or even the car model.
Data is not going away. We could decide to ignore it, but society has so quickly grown accustomed to its revolutionary benefits in so many diverse ways that giving it up to protect privacy should sound about like ditching modern medicine to deal with the rising retirement age it has caused. We are all invested in data for the long term – from private citizens to companies and governments – so our success depends not on hiding it but understanding it.
Dissociating identity from data
We create personal data in two ways. The first is volunteered, when you post a picture on a board, store e-mail in the cloud or agree to the terms of an app. The second is collected. This data is automatic, unsolicited and constant – the collective generation of your digital behavior, from a credit card swipe to a speed of a moving car.
It is essentially impossible to stymie this inflow of data. It fuels too much of modern life, and to erase its added value for companies and their customers would be a ridiculous notion. So are we at the mercy of a brave new world where privacy is a thing of the past? Not at all. By dissociating identity from data, security technology protects individual privacy while keeping all the added value of the digital age.
Privacy: a social construct
We first have to accept that privacy is a social phenomenon, with diverse interpretations across communities, countries and cultures. Ideas of appropriateness vary widely, as do people’s expectations of how their data should be used. This complicates concepts of universal ethics in dealing with data, and makes it that much more crucial for governing bodies to craft regulations that carefully consider the relationships at play.
General Data Protection Regulation
The European Parliament’s General Data Protection Regulation (GDPR) is set to take effect within a year, in January 2018. The legislation aims to return to EU citizens control of their own data.
GDPR could create a good subject for legal squabbling that will amount to no more than a restricted form of privacy by choice; and jeopardize the extracted value of data mining that has been a good source of funding free services for consumers e.g Google’s search engine and email.
GDPR is also an opportunity for companies to establish privacy by design with technology solutions that dissociate identity from data, simultaneously ensuring compliance and protecting privacy. Only policies that respect technology’s role in protecting privacy are sustainably oriented to the digitized future.
In order for companies to comply with the new requirements yet remain competitive, they must implement data security solutions with dissociative capacities. NXP is the world leader in secure connectivity solutions and Authentication technology. Having established its expertise in the interdependency of security and privacy over the past 60 years, NXP solutions harness the full power of big data with scalable user associations, guaranteeing compliance and customer confidence no matter the region or regulation. Security is built in.
While it is impossible to say exactly how GDPR’s implementation will go over, the regulation offers a clear platform for companies to call on technology solutions providers like NXP to strengthen their relationship between security and privacy. This is a critical moment, not only for Europe but as the rest of the world watches closely. Let us do away with the misleading question of security or privacy, and invest in the first to ensure the second.