With expansion of Internet technologies, the amount of digital data generated every day, actually every second of the day, became tremendous. Data is collected through internet services, web sites, applications, mobile devices, vehicles, cameras, smart watches, etc. At first such vast amount of data seemed harmless, it exists “somewhere” but who could connect the data with actual person or how it could even be used? Not long after we witnessed many maltreatments of personal data, among which the greatest scandal emerged in 2018 when a former Cambridge Analytica employee had disclosed the information about data misuse [1].
Internet companies, like social media companies, mobile application providers etc., are based on personal data to provide their services. In the majority of cases user need to give consent for sharing their data, but otherwise they can not use the app or service. Having that in mind it’s questionable whether people are really willingly giving consent, or they just don’t have other choice, which lead to many discussions about ethical principles when collecting the data.
As defining ethical principles wasn’t enough by itself, EU delivered the GDPR (General Data Protection Regulation) [2] which became recognized as law across the EU starting from May 2018.
GDPR defines seven principles that need to be met if the company is working with personal data. Since it is a EU law, it is applicable only across EU member countries, but if some company outside EU works with personal data of EU citizens it needs to be compliant with GDPR. GDPR is considered as “golden standard” for privacy laws, and there are some attempts to deliver similar regulative in other countries as well. There have been many discussions about data protection regulative in the USA, but since the mindset across USA is much different then the one present in the EU, not all member states are interested in giving up the commercial benefits of personal data usage in favor of data privacy. Despite the obstacles, state of California created the CCPA (California Consumer Privacy Act) which gives consumers more control over their personal information which became affective from January 2020 [3].
Regulations such as GDPR and CCPA are relatively new and they emerged from the growing need to protect the individuals who use online services since the technology trends are moving in the direction of having even more services online. But what about good old traditional telecom industry?
Telecommunication industry unlike Internet companies, exist for a long time now and their work is conditioned with strict legal regulations. Telecom companies are obliged to preserve user privacy while providing their services which include personal and location data collection. Therefore, telecom companies are not allowed to share the data they collect with third parties, not even for research purposes. However, there are some measures they can perform to preserve the privacy of the users and data but to exploit the great value their data contains. Recommended measures telecom operator can perform prior to sharing the data are data anonymization and aggregation. Anonymization consists of removing any personal information from the data, such as phone number, name, address and so on. Aggregation can be performed spatially and timely, spatial aggregation implies hiding real location of RBSs by aggregating telecom traffic to regular square grid, time aggregation implies summing traffic intensity between two RBSs or two squares from regular grid during desired interval. An example of this practice for preserving privacy of users by performing aggregations over data is presented in Telecom Italia Big Data Challenge [5].
In complex data intensive world, it is a great challenge for businesses to stay competitive on the market while keeping up with new regulation demands. Nevertheless, as more people today are aware of data privacy issues, businesses can take advantage of the new arising demand for privacy regulation compliance as their strength. There are many ways companies can still use the data they have and preserve high level of privacy for their users.
Sources:
[1] https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
[3] https://oag.ca.gov/privacy/ccpa
[4] Brdar, S., Novović, O., Grujić, N., González–Vélez, H., Truică, C. O., Benkner, S., … & Papadopoulos, A. (2019). Big data processing, analysis and applications in mobile cellular networks. High-Performance Modelling and Simulation for Big Data Applications: Selected Results of the COST Action IC1406 cHiPSet, 163-185. https://library.oapen.org/bitstream/handle/20.500.12657/23334/1006821.pdf?sequence=1#page=176
[5] Barlacchi, G., De Nadai, M., Larcher, R., Casella, A., Chitic, C., Torrisi, G., … & Lepri, B. (2015). A multi-source dataset of urban life in the city of Milan and the Province of Trentino. Scientific data, 2(1), 1-15. https://www.nature.com/articles/sdata201555
