Big Data, privacy and security
Under the European Union’s umbrella research and innovation program Horizon 2020, Madrid hosted the European Data-Protection and Privacy Congress, organized by the Internet User’s Association. Within this congress GMV shared its view of data use and exploitation in the transformation of companies and the generation of new opportunities, showing how the General Data Protection Regulation (GDPR) is likely to affect businesses and highlighting the main innovation features to be involved in the provision of these services in the near future.
Carlos Sahuquillo, IT Security Consultant at GMV Secure e-Solutions, took part in a discussion panel to deal with all these issues, together with Mari Carmen Aguilar, Head of Awareness-Raising, Auditing and Compliance in the Information-Security Department of the infrastructure and services operating company Ferrovial; Pablo Seguí Luque, Head of Big Data, Modeling and Customer Insights at Meliá Hotels and Jorge Tello, Partner of Savana, Founder and Technical Director of the healthcare sector.
The Spanish Data-Protection Agency (Agencia Española de Protección de Datos) and the Spanish Information-Security Association (Asociación Española para el Fomento de la Seguridad de la Información) have published a Code of Good Practice for data protection in Big Data projects, meant to serve as a practical benchmark for advising organizations currently carrying out projects of this type or planning to do so. Data use can benefit society in many ways, always providing it is tackled ethically and with complete abidance by all the rules that watch out for the common good.
Legislation to safeguard data privacy and pre-empt any “illegitimate” or unethical abuse provides Europe’s citizens with a level of security not matched elsewhere. Unfortunately this does not completely prevent cyber misdemeanors and identify theft. In the words of Carlos Sahuquillo, “the sheer amount of information to hand today is overwhelming and there are hence millions of identities now open to peril. In 2014 alone, on a worldwide level, nearly 600 million people fell victim to cybercrime”. For this very reason organizations “have to have contingency plans ready to protect their data and hence their businesses”.
The GMV specialist, in a general consensus with the rest of the speakers, pointed out that, while the Spanish Data Protection Law and the European Regulation are bound to play a positive role, “their constraints might also spell a loss of business opportunities for many European companies in competition with American giants trading under more lenient legislation”.
When weighing up the pros and cons of companies’ use and exploitation of the vast amounts of data to hand, Sahuquillo also chimed in with the general outlook in claiming that “the benefits that Big Data might bring to society offset the concomitant risks”. He added “just as millions of us are assuming risks when using accounts of Gmail, Facebook… it is also obvious that this is more than offset by the gains we reap from making our data available to these companies”. When our organizations “become capable of getting across to their clients the benefits they might glean from the responsible use and mining of the anonymized data, a great step forward will have been taken”. Indeed, “Gmail accounts are the most coveted by data pickpockets but, even so, who doesn’t willingly hand over his or her data in return for having this account?".
The security expert wound up by advocating the widespread use of vast volumes of data, albeit “introducing concepts such as risk management in data repositories to analyze it and draw up contingency plans” thereby ensuring “that data-mining companies manage to obtain the user’s informed consent and that this user knows exactly what purpose it is to be used for”. This will be no easy matter.