With the sweeping data privacy regulations coming into force from 25 May, general data protection regulation (GDPR) has put the focus on building products with data privacy at the core of it. While businesses and tech companies continue to mull how the letter of law will apply to their current business practices, another important question has come to the fore: How can data privacy be built into current products?
According to an O’Reilly report, data security is built while architecting and building data platforms. GDPR attempts to standardise the way IT companies handle data and accountable in the way they collect and process data, it would also hold businesses accountable for data breaches occurring through third-party service providers. While GDPR is ushering in a new era of digital privacy and security, it also brings in many advantages and opportunities for businesses to give more control to users over their data.
AIM Daily XO
Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Apple Shows How Real-Time Data Gathered For Improving User Experience Is Anonymised
For example, Apple shared how it improves user experience with a differential privacy framework without compromising on user data. In a post titled Learning with Privacy at Scale, the company that values privacy, revealed that the system is designed to be opt-in and transparent. “No data is recorded or transmitted before the user explicitly chooses to report usage information. Data is privatised on the user’s device using event-level differential privacy in the local model where an event might be, for example, a user typing an emoji. Additionally, we restrict the number of transmitted privatised events per use case,” the post noted.
Download our Mobile App
- Additionally, the transmission to the server occurs over an encrypted channel once per day, wherein one cannot identify which device it was coming from.
- The records arrive on a restricted-access server where IP identifiers are discarded
- At this point, Apple team cannot find out if an emoji record and a Safari web domain record came from the same user.
- The records are processed to compute statistics which are then shared internally with the relevant teams at Apple.
Google’s Federated Learning Model Protects User Privacy
Google’s Federated Learning Model released last year was pitched as a standard machine learning approach centralising the training data on one machine or in a datacenter. Google had also built a secure and robust cloud infrastructures for processing this data — but the catch here is Federated Learning enables mobile phones to learn a shared prediction model, thereby keeping all the training data on device, ruling out the need to store data in the cloud. While it brought model training to mobile devices, with Mobile Vision API it also safeguards data privacy by decentralising data storage in the cloud. So, through the Federated Learning model, users can leverage a machine learning model within the device itself without sending any data to the cloud.
In The Age Of Privacy, Decentralisation Can Usher In Privacy By Design
Blockchain, one of the new decentralised technologies not only enables privacy but can also drive adoption of data protection into current digital systems. It has the potential to build data privacy into the core of digital systems, allow more digital transparency and inclusion in the systems. In the backdrop of the changing security and privacy landscape, blockchain has emerged as the best choice for data accountability and provenance tracking.
How Can Companies Build Privacy Into Digital Systems?
- Companies will have to invest in building a technically strong privacy ecosystem. A report by San Francisco headquartered Intercom, a customer platform company suggests laying down developer guidelines to facilitate future collaborations and integrations.
- Another way to stay clear of the law is by setting up contractual assurances with vendors and third-party players to ensure compliance is met. Intercom report also suggest regularly auditing third-party service providers to meet regulatory requirements.
- Companies should put in places best practices for tracking and reducing access to data which is not required, observes the report.
- Leading web companies Google, Twitter, Facebook and LinkedIn are now allowing users to update any data and enabling more customer controls over data sharing to make more informed decisions.