The boom in internet-enabled mobile phones, apps and other
high-tech gadgets in recent decades has led to an explosion of personal data
that firms now harvest, process and sell.
The Bank for International Settlements (BIS) paper published
on Thursday said while most countries already have some laws around data use,
most individuals still were not aware of what was at stake, or their rights
over their data.
Authorities should therefore adopt new data governance
systems to "level the playing field between data subjects and data
controllers," the paper said.
They should require firms to get clearer consent to collect
data, better explain how it was being used and make it easier to be accessed by
those from whom it was harvested.
"When data are shared between data providers and data
users, the data governance system should specify which data are requested for
sharing, how long they will be retained by data users, and who will process
them," the paper said.
The BIS's role as hub for top central banks underscores just
how broad-based the clamour for stricter data rules now spreads.
Current controls differ widely. While the European Union's
General Data Protection Regulation (GDPR), which took effect in 2018, is
generally seen as the most comprehensive, it is still seen as having issues.
Other parts of the world are far less advanced. The United
States, for example, where most Big Tech firms are based, still has no
overarching consumer privacy laws, instead relying on a patchwork of state and
sector rules.
The paper said data subjects also lose out because their
information often becomes locked in firms' silos or platforms after using an
app, website or service.
In turn, the companies can then combine that data with other
attributes such as income and education to derive insights and predictions,
thus creating "derived data" often seen as more valuable.
Young and less well-off people also tend to be denied loans
due to a lack of previous credit history, whereas if they had full access to
their online data, that could be used instead.
"The young take time to accumulate tangible collateral
and the poor may never acquire sufficient collateral," the paper said.
"These low-margin, high-risk consumers are uneconomical to reach in the
traditional system without access to digital datasharing."
It added any new governance system should meet the following
five standards.
- purpose limitation - ensure that the purpose for which data is being shared is described in clear and specific terms.
- data minimisation - share only as much data as is strictly necessary.
- retention restriction - ensure that data is not shared for longer than required.
- use limitation - ensure that data is used only for the purpose for which it was shared.
- operational resilience - ensure that data is secure. © Reuters
0 comments:
Post a Comment