Data privacy: Gotta catch ‘em all

Michael Bishop, Regional Counsel, APAC, Commvault

Michael Bishop 
Pokémon Go is all the rage at the moment. Many gamers in Asean – Brunei, Cambodia, Laos, Malaysia, the Philippines, Singapore, Thailand and Vietnam – can already be seen catching the Pokémon characters when the app launched in the region recently. Despite some commentators expressing concerns about the privacy implications of the app and others like it, the game is estimated to have been downloaded over 100 million times worldwide. However, there continue to be wide-ranging concerns over the manner the app is said to gain access to users’ private data.

While the app has used the disruptive nature of Augmented Reality to drive a further paradigm shift in how we use and interact with technology, it has also raised broader privacy concerns over the type and volume of information collected by the app. As a lawyer and technophile, I am both excited by the possibilities of Augmented Reality and concerned over these wider privacy implications.

The personal data and information collected by the app is a critical, strategic business asset and a rich source of innovation and value. Companies that best manage that asset while enriching customer experience, do so through a holistic data management policy. That policy should offer a meaningful data privacy experience through informed consent and collection, rigorous data security measures that prevent unauthorised access, and compliance with applicable laws and regulations.

At the heart of privacy laws are the issues of control over your personal information and personal choice. However, with this app and other game-based apps, the take-it-or-leave-it nature of the terms and conditions means they are generally only seen as an obstacle to playing the game because there are no other options.

Some commentators feel it may reflect an increasing trend that users are becoming unconcerned or apathetic about sharing their personal information. When launched, the app’s terms allow access to the Google accounts of all iOS users, which include emails and private photos. Are users really apathetic about their private mails and photos being accessible or is the likelier conclusion that users are simply not taking the time to read the terms and understand the consequences?

Whichever conclusion is drawn, a key driver in any data management policy (particularly when collecting personal data) is whether sufficient security measures have been put in place to protect personal data, and the susceptibility of personal information to cyber-attacks. We have already seen hacking groups like OurMine carry out DDoS attacks on Niantic’s servers, causing significant downtime for Pokémon Go users. Another group, PoodleCorp, is threatening to carry out a DDoS attack some time this month. These groups claim they want to highlight system weaknesses and teach the makers how to protect their servers. Regardless, attacks are becoming more prevalent and sophisticated, and companies can struggle to roll back reputational damage suffered from high-profile data breaches.

The world is changing at a rapid rate – as is the way we interact with the world around us and each other. Technology, such as Augmented Reality, helps to accelerate these new world paradigm shifts in how we use and interact with technology while simultaneously creating new forms of social networking that connect real and digital worlds.

However, rapid acceleration and adoption of new technologies will inevitably give rise to further privacy issues as more and more personal data is collected and shared. Users will likely demand more privacy options, more meaningful experiences and greater data security.

This drive will not only come from increased interaction with consumer applications like Pokémon Go – but increased legislative focus on the way companies hold, use and manage that data. For organisations tasked with management of personal data (whether provided consensually through consumer applications, or by necessity in the case of medical/employment/financial information at work) which is pretty much everyone’s - now is the time to look at data management policies and make sure your business can scale and align with continuing technology shifts. The right policies will allow your business to exploit new technology-driven opportunities and maximise data assets without compromising user experience or data security.