Shedding some light to the many layers of data privacy concerns in this digital era. What does it mean for individuals, where is what kind of data being shared? What does it mean for enterprises and their customer data? What about data-heavy new trends like machine learning?
Some thoughts about BaseN Platform's own data privacy and security are included as well.
Podcast transcript: Privacy
Hi everybody and welcome to our next podcast concerning privacy. My name is Sonja Pöyry and I'm today speaking with our Country Manager Michael Hartmann to shed some light to the many layers of privacy and concerns we all have in this digital era.
We all hear constantly in the news that our privacy might have been compromised by data leaks or hacks and it is a growing concern among people. Michael, let's hear what insights you can share with our audience.
So, what is actually the meaning of data privacy for a private person and also for an enterprise?
Thank you. This is actually an interesting question because, of course, both meanings differ. In general, we should come from the private aspects of a private person. So, we should come from the private person perspective because this is their general value which we recognize and distinguish. And it is of value that your personal data - meaning data that can be linked to your person - can be used or, potentially, misused and become a foundation of some kind of rating, violating, discrimination, whatever. That these data are at your control and protected, so not everybody and not at any time can reach sensitive information which can be your age, health, religion, or whatever is now concerned.
That the personal data but, recently, also much more data which are kind of clear statistical pointers to the person or are taken by various legislation there - like European one - as private data and in their terms also the corporate companies need to have a concern about the privacy because they typically need, in current digital age, to process the data of their customers to have a relationship with them. So, they become involved in the privacy of their customers and employees and as such they also are subject of the rules which are written and unwritten, and some of them are just a common sense and some of them can be even legally enforced.
Alright, thank you, Michael. And what is the difference between data security and data privacy?
Sometimes this comes mixed but sometimes there can be drawn distinction. Security is more about how easy it is to access or reach the data which you should not normally reach. And the privacy is about how the data touch your real privacy. So, are these data the data which can lead to something which you don't want to share with anyone anytime or are these data just something which is not relevant or disclosing anything which can lead to some kind of advantages or discrimination or which can create this balance between the information which someone knows about you and you know about the other party. I hope that it a little bit explains. The security then is just the way how to enforce that the rules which you would like to have about this data are not breaken and are consistently fulfilled. it can be encryption, for instance, as one of the rules and some other kind of security policies and rules can be deployed to keep the privacy of the data
And can you also describe a bit what are the capabilities of, for example, your telco operator, the CDN provider, social media provider or even your web shop provider - like what is it that you give away just by using them actually?
Well, that's a very wide question. Of course, every industry or application can have its own kind of way how they tackle the privacy problem and how much things you give away. If you work with a telco operator, you definitely need to let yourself known somehow, so they can make invoices. In some cases, they even need to know you as a real person to do legally some kind of interconnections. Otherwise, it cannot be done. They need to check that everything is correct. But this is your kind of customer relationship data. And then they are the data about your calls and communication. These data are also potentially your private data but the telcos, for instance, are typically just neutral carrier or they should be neutral carrier. There should not be a kind of a storing or tempering it or a kind of even looking into these kinds of things. With telco, it's similar with the post office, you normally don't expect that the post is looking into envelopes. Of course, unless there are some kind of a legal orders and court orders which is another chapter. And the same way as this exists in postal office and in justified cases, they can look in the envelopes of certain people. The telecommunication operators are also enforced sometimes to break the privacy of the people who are suspected of some criminal activities. This can happen also to all the others you mentioned, like social media provider or shop provider or anyone, I think. That's pretty normal situation even if this depends also on country by country. Different approach would be in United States, different approach would be in China.
And can you also explain a bit why we are all targeted like this like how do those networks - in particular the CDN networks - how do they work?
A CDN network is a special kind of network to help you to distribute your content so they are built mainly to deliver the content at quality desired. And they try to control it all over the past as much as possible to the farthest extent, and also they would like to ensure the that the protection of the data that they carry, and so that's why large companies are using the CDN's and CDN providers are usually boasting of higher privacy and security for the users.
We can of course for your previous question mention that there are also some providers of services like Google who are offering you a whole suite of services where you store the data with the consent that Google may process them, and that your data can become a product. And this means that they can turn their global potential of just being able to see and work with that data for you, this big potential to create a marketing vehicle where companies can buy from the Google targeting and support services which will, without being too personal to you, still be able to offer you as an end-user or you as a company who would like to address some end-user, they can offer you some kind of a targeted or relevant content services.
So if they are doing the online marketing they are not just aiming to blind, they are just aiming at very specific well-selected audience group so they get better return on the marketing investment. So, this is another kind of area of privacy which I did not mention before when you asked about the various deployments.
Thank you, Michael. That was really interesting and knowing that you have quite deep and long experience in IoT platforms and dealing also with the concerns of privacy, naturally that's depending on the industry application as well, but could you tell something about our platform, for example, about BaseN Platform, like about our responsibility, design, security, designing the privacy, preserving systems?
Well, we of course as a platform provider and provider who is here for a very long time, and it's collecting its experience from the maturity of the market, we really care a lot about doing the responsible platform design. So, the customers are not only having something which is mission-critical so they can rely and build their services on and not having a toy but some experimental product. But have something which is industry-grade and already more stable than other systems that they use otherwise from the market because we should be the foundation. That foundation usually should be stronger than anything else but also aside of the resiliency we also need to be reliable and secure and with that kind of security, also, we take care if we are the one who designs the application. Of course, if the user designs his own application needs it’s mainly his own kind of responsibility to create the design that preserves the privacy but we try to think about that from the inception already almost 20 years ago, we are thinking carefully about responsible designs. So I think we can draw the power from that kind of maturity, and in privacy we care a lot and if the customer is doing the design themselves, we would encourage him to think about responsible design and design something which is privacy preserving rather than privacy deteriorating.
Interesting, for instance, in terms of privacy is artificial intelligence recent days or machine learning because the companies face challenges in that because on one hand the privacy, how the European legislation sees that, is that you collect about the people or about anything which is related to people, the minimum necessary set of the information. While the machine learning and artificial intelligence needs for the training as much information as possible. So, there is of course an interesting area of kind of negotiating with the people and with the market what kind of is still necessary, and if it's possible to train on something which you don't know exactly how it is necessary for the resolution. Because that's the feature of the learning. You learn a lot of samples and you don't know exactly why this specific sample was necessary. But for GDPR legislation, for instance, it is necessary that you could argue why you have used this information. So, you should kind of do the deep thinking about how far you should go and what is your agreement with your kind of customers and users about the level of the kind of extent of the data are used and what people are happy with. Of course, doing the platform or if you are doing some kind of services it’s always relevant to look what kind of resources are you using. It's different if you use your own hardware and you can rely on that, or if you rely on some kind of a third-party services, then if you use third-party services, you may start to think about who owns the data. Is it you who own the data or other customer who owns the data? Which gives you high privacy. Or is it your supplier who owns the data and you are just kind of a right to store the data there and use them as well as they can use it for marketing purposes and whatever else.
This is also another story. And also, as I said already it's relevant on which market you are. I see BaseN as a European company and with that it means that we can rely on the new legislation or customer and/or users also can rely on European legislation - which is the GDPR now from 2018. This draws already on the foundations of EU data protection directives which are from 1995. So, I believe that if you are a European company or work with a European company you also can be sure that many of the principles of the privacy and responsible design are already part of the products being sold on European market compared to some others like in China or even America which quite differs in approach to the personal data privacy.
So, since you were speaking about the different markets and since BaseN is also a global provider, can you elaborate a bit on who actually owns the data? Because we do have customers in the US, naturally, as well, and also within the EU - basically globally, so can you elaborate a bit on this?
The data is in our case owned by the customer. We own the platform technology, we own the hardware, and we are ready to offer two models: one model is hosted platform in data centers which are in our case also in two redundant locations, so there is always a kind of backup solution working side by side, is the normal solution or, actually, there are two full power solutions which are mutually kind of backupping each other which create the extreme resilience and reliability of us. And in these, we have them typically for the European market in European location but the data still are owned by the customer. And for American market which you mentioned, we have a data center on that market so if there are some high-level preferences from telcos or sensitive industries, of course we can accommodate that they are in their home country and they don't cross the borders. Otherwise, the ownership can be also solved the way that you build a little instance of your own platform. We have some large telco customers that also have their own platform and their own premises in two independent locations - also again for this kind of reliability - and they as well own the data and even they own that on their kind of grounds so it's even more kind of a security and privacy..but the principle is the same. The customer, in our case, owns the data. There's only one exception where we own the data and it's with the platform which is monitoring our platforms so it's kind of a surveillance and quality monitoring we do ourselves, with the same system as the customers have for the health of their systems.
Wow, thank you, Michael. That was indeed very insightful. So do you think you could, for our listeners, just summarize in a couple of words again what we discussed quite deeply now. So, what is it that we as a platform provider do to ensure the privacy of our customers and also, naturally, even though it is more about privacy, but what about the security of our data?
Yes, Sonja, I think that we need to say first of all that we focus on reliability in the design and this reliability should include also the security. So, the platform is done the way that how we design it, it should stay working and it should stay protected and secure. We also design the way that it preserves the privacy, meaning that we encourage and want the customers that they own their own data. And during the process it depends on the maturity of the customers but in most of the cases we advise the customers the designs, and also give them insights because of our long experience on the markets to do responsible and correct designs. Then also, our platform is extremely flexible by design. We don't have time to spend too much on explaining why we are unique in flexibility, but the result is important that even if the customer finds out later on that there are some small things he would like to improve in terms of privacy, it's not an extremely difficult project. It can be done. It can be fine-tuned, and it can be managed.
And the meaning of the privacy for the corporate customers and corporations which is the main market we are focusing on, then it is definitely a extreme reliability and security that creates a foundation for trust in the systems and which means not only the services work but are also sustainable because if the privacy of customers is compromised then the operators the larger they are the more they are responsible to larger numbers of the of the customers they can get into unpleasant situations. so yeah, it's extremely important.
So, thank you Michael. I was just wondering, for our listeners, could you summarize one more time what is important if you want to start designing your own digital twin and use an IoT platform?
To return to the main topic of our discussion, privacy. It's very important to take care about that to be successful. But you also have to think about the whole spectrum of important ingredients of what a sustainable and successful product should be. So, aside of the privacy which is key to keep and the security, you also have to retain your scalability, flexibility, and extreme resilience.
Alright, thank you Michael. I think now it's time to wrap up. Thank you very much for your insights that you shared with us and then we hope that you will tune in next week for the next podcast.