The world economy has undergone profound transformations in shifting businesses from the traditional brick and mortar models to the Internet. As an increasing number of firms begin to join the digital reform wagon, lest they be left behind, this has led to the creation of vast reservoirs of information, or data. Digitisation has brought about several positive changes in the way business is done today, such as increasing efficiency, widening the outreach of companies to customers across geographies, and improving competition by providing a playing field for start-ups. The improvements in quality of data and technologies to harvest them have enabled a culture of data driven decision-making at most organisations today. In this article, however, we discuss the two impediments to this culture, which, if unchecked, could have a potentially major disruptive effect on economies.
The tussle over data protection and privacy
How the human brain responds to stimuli is still a mystery. While we might not have explanations for these idiosyncrasies, detailed data on an individual’s past actions and behaviours has made it possible to create ones’ ‘psychographic profiles’. These profiles shed light on the psychological attributes, personality, opinions, lifestyles, and interests of the individual. This information is valuable because it can be used by companies to target advertisements based on personality traits and nudge people to respond in a certain way.
Internet giants such as Facebook, Google, and Amazon have been amassing such data, in lieu of free services to its customers. This data was initially used to improve target advertising. It started as a simple revenue model, where customers shared their digital footprint (data) in exchange for free services, while the firm generated its revenue from advertising. But with the advances in machine learning and artificial intelligence technologies, the use and value of data has increased manifold. And if not guarded carefully, data can be misused in malicious ways to harm individuals, rival firms, and even countries. As data escalates in value and importance, conflicts over its control and usage are inevitable.
The scandal involving Facebook and Cambridge Analytica pointed to the carelessness with which Facebook handled personal data of millions of users. The latter, a political consulting firm, accessed data of about 87 million Facebook users without their knowledge to tactfully influence public opinion by persuading people of its client’s message (the client here being the campaign for the Trump administration). Although Facebook did not directly sell the data to Cambridge Analytica, it was slapped with a fine of 500,000 GBP for two breaches of the Data Protection Act: for failing to safeguard its users’ information, and for failing to be transparent about how that data was harvested by others.
The intangibility of data makes it difficult to keep track of its usage, since multiple copies can be made and passed on to illegal users. The episode also exposes the vulnerability of individuals who have no control whatsoever on how their personal data can be used. In today’s digital economy, there exist three broad ideologies on data sharing and protection. The European Union approach favours the interest of the individual, who has the absolute right to control her personal data, while the United States have a corporate approach and favour unrestrained trade and access to personal data. The Chinese approach is one of state control data: all businesses in China are required to host their data locally, for the government to link and use. This, however, is a policy internal to China.
The EU’s General Data Protection Regulations (GDPR) law, which came into effect in May 2018, addresses some of the issues facing personal data protection. By strengthening the rights of individuals and increasing liability of the data collating firms, the GDPR forces companies to be more responsible with their customer’s data. This might, however, result in curbing some of the unrestrained profits these tech companies were enjoying so far. Since compliance with the GDPR guidelines is costly and the fear of heavy penalties is real (the law has already triggered a flurry of cases being filed at the data protection agencies of different EU member states), some American news outlets have started denying service in the EU, while others have started offering ad and tracking free services at a premium price. It is also being feared that the GDPR could affect the EU’s trade relations with other countries, as more companies start to become reservoirs of data. Moreover, it could make the dominant players stronger, since it would be easier for a Facebook to gain consent from millions of users than a start-up, which might have to work harder to win the users’ trust in regards to their data. This skirmish between the U.S. and the EU over privacy is only a precursor of confrontations that might arise.
The threat of cyberattacks
The other major concern over the growing dominion of data is the threat of ‘cyberattacks’, which are a form of digital threat that can be exercised by rival nations, criminals, or terrorist groups. These have been on a rise in the recent years. ‘Cyberwar’ is the use of technology to cause economic, physical, or social damage to the targeted entity. It can range from a series of malicious actions such as theft of intellectual property and military secrets, to fake news campaigns and propaganda (such as the terrorisation of Rohingyas in Myanmar, or the meddling with U.S. elections), paralysing of banks, telecommunications, and media (experienced in South Korea), or the damage of power plants, airport transits and business worth millions of dollars (as the one experienced by Ukraine).
The first cyber weapon, ‘Stuxnet’, was used by the U.S. and Israel against Iran to cripple its nuclear programme in 2010, to which Iran retaliated by launching an attack on Saudi Arabia. The damage was massive, resulting in the outage of 35,000 computers in Saudi’s oil company, caught completely unaware.
Unlike traditional wars where the source of the attack is usually known, it is difficult in a cyber attack to accurately identify the attacker. Sophisticated cyberattacks are often routed via small businesses or universities – which don’t have robust cyber security – to reach their real targets. It can be difficult to tell when you are under attack; it often takes years to realise there is an attack to steal intellectual property or national secrets.
In today’s global economy, containing the damage of a cyberattack from spreading or affecting businesses in other regions or countries is a challenge. For instance, companies such as FedEx or Maersk are reeling under huge financial losses due to the cyberattack on Ukraine in June 2017. The malware, named Petya, crippled websites of Ukrainian organisations and spread through internal networks to parts of Europe. There are no conventional methods to respond to such attacks. Since it is difficult to identify their source, cyberattacks can be used to start a conflict between two nations by making an innocent country look like the source of the attack.
Considering the two growing concerns over the digital economy, economics could highlight different trade-offs between data sharing and hiding, technology could help achieve the desired state of equilibrium that is in the best interest of the data subjects, while regulatory intervention and society could push the market to adopt those technologies. Economists are trying to approach the problem of cyber security by figuring out the economic incentives of the organisations and people involved, both on the side of the attacker and the defender. It thus remains to be seen how equilibrium solutions emerge from the interplay of economics, technology, and regulation framing.
by Arpita Pattanaik