Ever since the first pop up advert, the business model of the internet has been based on surveillance.
The more data a company has about a particular user, the more targeted its advertisement can be, and the more an advertiser will pay to post their ad. This logic has driven a culture of ever more invasive data extraction and retention; from companies implementing real-name policies, to period-tracking apps that store and utilise sensitive information to increase company revenue.
But this asymmetrical model – in which companies have all the power – is coming under increasing scrutiny. For many years, privacy defenders have been highlighting the risks inherent in the advertising model, and have won some significant legislative victories in the last few years. At the same time, regulators are increasingly cracking down on company mismanagement of data, such as through the General Data Protection Regulation (GDPR) in the EU, and the use of adblockers is rapidly growing.
Companies are starting to sit up and take notice. At this year’s Mobile World Congress, there was a lot of talk about ‘Me2B’, which describes a wholesale transformation in the business/customer relationship – a move, in normative terms, from a model where customers (to quote the business consultancy Ctrl-Shift) are “treated as the passive targets of an organisation’s activities”, to one which is about “agency, helping individuals achieve their goals”. In practice, this might mean users being able to choose exactly how much data they share, and with which companies, which would be a radical shift indeed.
But is it really happening? People have been prophesying the imminent dawn of Me2B since 2008, and we remain a resolutely ‘B2C’ world.
Still, there are some recent signs which suggest the idea may be gaining momentum – notably among telecommunications companies. Telefonica recently rolled out its AI-powered digital assistant, Aura, which allows users to decide who can access their aggregated data, while its subsidiary O2 has hinted at new measures to allow customers to control what adverts they see. The significance of these initiatives should not be underestimated; they would have been inconceivable a decade ago, and show how far the debate has moved along.
But is also important to remember that telecommunications companies have different priorities than other parts of the tech sector. After all, their financial model is not based on intrusive advertising, and giving their users more control will not necessarily hurt their bottom line. For media organisations, largely or entirely funded by targeted advertising, Me2B is inevitably going to be a bigger ask. So far, rather than trying to understand the reasons some of their readers might be using adblockers, most have responded by shaming them, begging them to stop, or even blocking them from accessing content. The Guardian’s approach – which both asks users with adblockers to support their journalism in other ways, and clearly defines how their data is used – along with paid ‘ad-light’ options, like the one offered by Forbes, are examples of more nuanced and thoughtful responses to the issue.
At the Mobile World Congress this year, Facebook, another company which depends on advertising revenue, unveiled a new report, ‘A new paradigm shift for personal data’, which attempted to set out some of the principles which would define a “sustainable data sharing environment”. Some of its conclusions – particularly around moving from an implied consent data model, to one based on “choice and control” – are welcome and refreshing, and complement recent improvements in Facebook’s data practices.
In the foreword, Facebook’s data officer criticises what he describes as “the limiting premise” in the current debate around personal data, which assumes that “the desire to innovate with data is generally incompatible with preserving individuals’ rights to privacy and self-determination.” In fact, he argues, there doesn’t have to be a trade off at all – and it is unhelpful to talk about the amount of data companies are getting.
Personally, I think that the notion of a trade off is the only way we can make sense of this debate; and I would argue that it is the framework through which many users already mediate their decisions in the digital environment. Take geolocational data, as just one example. Most users know that sharing it with companies carries a certain level of risk, but they do it anyway, because popular apps like Uber and Google Maps require it, and deliver a useful service in return. Others might judge the risk too high for the benefit offered, and decide not to use these services.
This is the very definition of a ‘trade off’ – but it shouldn’t be cause for despair. In fact, by talking about personal data in terms of a contest between competing priorities, we open the door to a more honest, constructive debate. What are the minimum data requirements for a company to run an effective service? What type – and quantity – of data are users comfortable sharing? Would the implementation of certain policies or safeguards make these red lines negotiable? If Me2B is going to be more than just a marketing buzzword, we can’t avoid asking these questions.