MAY 22, 2022
Sorry, blockchains aren’t going to fix the internet’s privacy problem
OCT 06, 2021
It has become an article of faith across the blockchain industry that there is enormous latent demand by users who are poised to take back control of their personal data. Aggregators, search engines and social media companies have done an amazing job of harvesting that data, pulling it all together into enormous data sets and then monetizing the information.
Paul Brody is EY’s global blockchain leader and a CoinDesk columnist
Time and again, consumers find out that what they thought to be anonymous and aggregated data sharing isn’t nearly as private as they think it is. Even if the intentions are good, the results often are not: Your phone may not be individually attached to your name in large data sets, but it is still possible to cross-reference your activities and your main locations with information about jobs and health care, and other data sources. The result is the ability to pick out a single person from one of these vast data sets and even infer some of their personal activities and priorities.
For as long as marketing companies have been aggregating data, a smaller group of consumers has been pushing back, and a determined set of entrepreneurs has been trying to build businesses that allow consumers to directly control and monetize their personal information. While I believe that the tools and the law are increasingly on the side of consumers who want to protect their privacy and are diligent about it, I believe there’s little chance that a new wave of blockchain-businesses will genuinely enable individual monetization.
Recently, a number of blockchain-based companies have sprung up with the vision of helping people take control of their data. They get an enthusiastic reception at conferences and from venture capitalists. As someone who cares deeply about my privacy, I wish I thought they stood a better chance of success, but they face many obstacles on the road ahead.
Perhaps the biggest obstacle I see for personal-data monetization businesses is that your personal information just isn’t worth that much on its own. Data aggregation businesses run on a principle that’s sometimes referred to as the “river of pennies.” Each individual user or asset has nearly zero value, but multiply the number of users by millions and suddenly you have something that looks valuable. That doesn’t work in the reverse, however. Companies are far more focused and disciplined in the pursuit of millions of dollars in ad or data revenue than one consumer trying to make $25 a year.
But why isn’t your data worth that much? Very simply, the world is awash in your information, and you’re not the only source of that information. The truth is that you leak information constantly in a digital ecosystem. It’s not just that the phone company knows where you are, so do social networks and your payment and airline apps. Even your takeout provider knows who you are. I counted more than 50 apps on my smartphone alone that track location. You can go and remove their location privileges, but chances are that you haven’t and you won’t.
Just think about it: Fifty companies are trying to aggregate and sell my location data. In a competitive market with an infinite supply of my location information and multiple sellers, the market-clearing price is effectively zero. The people who really make money are those who can aggregate millions of users, not because their location information is valuable, but because the aggregation is valuable.
The focus that millions in profits brings to data aggregators causes them to deploy a wide range of tools, many of which fall into the category of “dark patterns”: stealthy tricks that make doing the right thing difficult. Last week, I stayed at a hotel that required me to authenticate for Wi-Fi daily. Every day, I had to uncheck the default box that subscribed me to their marketing emails. It was infuriating. Avoiding this data collection is hard work. It’s mentally taxing.
Finally, it’s important to remember that your personal information does have value in the marketplace. It’s the original form of a micropayment. It’s buying your weather forecast, news summary and spoken turn-by-turn directions. Without these micropayments, we would need to actually pay for these services on an individual basis – and while the cost of getting a weather forecast might be less than a penny, the cost of managing that transaction is high, especially if you have to do so as a conscious choice.
All which brings me to a painful conclusion: The ship has sailed on data privacy and monetization. While there is real demand for more privacy and some consumers are likely to pay for that as a differentiator with some products, I fear it is likely to remain a luxury experience. Nor are fears of this path new: John Hegel sounded the alarm on the battle for personal information in a prescient article in 1997. However, between the low value of our own data and the path-dependency we have been on for more than 20 years, it’s hard to see how this will change anytime soon.
Although I’m pessimistic about the chances for a revolution in personal privacy for legacy ecosystems like social media, I am positive about two areas where we can make a difference. The first is properly anonymizing data sets. Encryption and the mathematics of privacy could make the privacy of a single individual much more impenetrable. That could restore a level of privacy without preventing the aggregation of data. It’s one thing to be presented with appropriate advertising, it’s another thing to be individually targeted. The difference is small but significant.
In blockchain and decentralized finance (DeFi), we have a decentralized industry based on building business around user stakes and ownership, not advertising-driven metrics like engagement. In this ecosystem, a zero-knowledge proof showing you have verified identity without breaking privacy has a good chance of taking hold. Compliance, security and privacy. All in one. That’s a future worth working toward.
The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.