SINGAPORE (Apr 15): A year and a half ago, Tony Fernandes, CEO of the wildly successful low-cost carrier AirAsia, talked about data as “the new oil”, and revealed plans to use data and machine learning to customise the pricing of air tickets and ancillary services to individuals. “We begin to know what your tolerance level is for a certain ticket to a certain destination,” Fernandes said. Effectively, AirAsia would be able to monetise the information it has gathered from its half a billion customers. “We will charge you differently for baggage,” Fernandes adds.
You may or may not have noticed the difference in your holiday planning, but it would stand to reason that airline tickets and related services, as price-competitive products based on demand and supply, are suited to such “dynamic” pricing.
Yet, there is now growing concern over just how such dynamics are engineered based on the data that is collected, analysed and utilised. To be sure, much of that data may well have been collected legitimately in the process of the exchange of goods, or in the name of potentially improved services. For instance, an internet retailer stores addresses and credit card details to simplify the checkout process. Or, the government tracks commuter and traffic patterns in order to improve a city’s infrastructure.
Businesses have capitalised on this trove of data after getting it practically for free. Mastercard, for instance, made US$3.35 million ($4.5 billion) in FY2018 from “other revenues”, which include the sale of transaction data to retailers. In the US, the credit card company reportedly sold that data to Google, which allowed the search engine to track whether online advertisements led to sales at a physical store. A data monetisation report by US-based firm Transparency Market Research estimates that the data monetisation market is expected to expand to US$708.86 billion by 2025. However, this figure includes both direct and indirect monetisation of data.
But, as we report this week, a seemingly never-ending series of scandals and breaches involving individuals’ data has exposed lax protections and overall corporate irresponsibility. That, in turn, has soured public sentiment, and regulators are turning up the heat on companies by proposing or enacting legislation with strict controls on how an individual’s information is collected and used.
One industry observer tells us that if there is money to be made, it would take laws or “a real pushback from the community” for companies to stop selling data. Indeed, today, it is practically impossible to access a new service or purchase goods online without agreeing to the vendor’s or operator’s privacy policy or terms of service, which invariably lets the company collect your personal data for its use. So, if legislation such as California’s Data Privacy Protection Act, which compels businesses to provide the same level and cost of service to consumers even if they did not provide their personal information, are adopted elsewhere, what would happen then to the companies whose business models centre around collecting and monetising such data?
In any case, poor management of consumer data is already costing the businesses, particularly the major tech companies. Earlier this year, French authorities fined Google €50 million ($76 million) for failing to comply with the EU General Data Protection Regulation — by not providing enough information to users about its data consent policies and not giving them enough control over how their information is used. Under French law, Google could have been fined up to 4% of its global turnover, which was US$136.8 billion in 2018.
Separately, Facebook has been facing down US lawmakers ever since the Cambridge Analytica debacle first exposed how the social networking platform sold the data of millions of profiles. Facebook is also having to invest in various initiatives in order to convince the public of its integrity. And CEO and chairman Mark Zuckerberg has now come out to assert that companies really should not be left to their own devices, and that governments and regulators need to take a bigger role in ensuring the protection of data and the overall integrity of the internet.
One could argue that while companies should be held accountable for the way they handle personal information that has been entrusted to them, individuals should also take responsibility for their own data and be more careful about where and for what purpose it is handed over. In fact, it is a travesty that access to services is being withheld in exchange for data. If everyone in the world should band together and withhold data from companies, where would they be?
Ultimately, it is the idea that data is property, or a commodity, and thus has a monetary value, that has led us here. Sure, companies ought to pay for access to this “digital oil”, but let’s face it: Much of who we are, and what we would like to do, is already being parsed by one data analyst or another.
According to one professor, if one thought of personal data not as a commodity, but rather as an inherent part of human dignity, the conversation about data privacy would be fundamentally different. Indeed, it is hard to separate one’s name and identification number, address or medical history from one’s person. And the mishandling or theft of such information could have dire consequences for one’s life.
Who we are and what we choose to do really should not be anyone else’s business but ours. Unless we choose to make that information public.
This story appears in Issue 877 of The Edge Singapore (week of Apr 15) which is on sale now. Subscribe here
