Interview with Dr. Gilad Rosner
Dr. Rosner is privacy and information policy researcher, founder of the IoT Privacy Forum and member of the UK Cabinet Office Privacy and Consumer Advisory Group.
“Innovation in customer experience is bound to be anchored in transparency and trust since this is the key to building lasting relationships”
Dr. Gilad Rosner
Omar Valdez-de-Leon: First, a little bit about you and your work
Dr. Gilad Rosner: I am a privacy and information policy researcher. My work encompasses privacy by design, national policy, digital identity and the interplay between governments, commercial markets and standards. I’m motivated by the responsible use of personal data and its use in new business and technology domains, particularly in an international context.
In addition to my specialisms, I have 20 years of industry experience in IT and digital media. I’ve worked with automation, robotics, audiovisual encoding, front- and back-office IT, supply chains and operations. I’ve held management and consultant roles. Prior to becoming a researcher, I helped design and manufacture the Emmy award-winning robotic video migration system, SAMMA.
Omar Valdez-de-Leon: From your experience, how can businesses balance innovation and customer privacy at times when data is regarded as ‘the new oil’?
Dr. Gilad Rosner: I think data as ‘the new oil’ is not an accurate description. Oil is a resource that is extracted and is finite. Data, although it can be extracted, is not finite. Data can be combined and used over and over again. This makes it different. What is required is that instead of seeing data through an extraction lens, businesses dealing with customer data should see it as an exchange, whereby users share their data with businesses in exchange for value, in a transparent and respectful manner. That is, businesses as custodians of their customers’ data.
And this kind of approach is not necessarily at odds with innovation. Innovation can be done with data security and privacy by design. Indeed, innovation in customer experience is bound to be anchored in transparency and trust since this is the key to building lasting relationships.
Having said all this, we are still far from reaching a point whereby data is treated fully transparently by players in the digital domain. This is where regulations like GDPR come into place. GDPR will force businesses to do innovation differently, in a way that embeds European values. And this is not a bad thing. In fact, those businesses that get there early have the chance to take the lead with digital products and services that embed privacy and use trust as a differentiator.
Omar Valdez-de-Leon: Many businesses are looking at the internet-of-things (IoT) as a way to transform their products. In a very practical sense, what would be your advice in dealing with data protection and privacy to foster customer trust?
Dr. Gilad Rosner: The IoT is a great opportunity for businesses, but it raises some challenges related to data privacy and customer trust. What I would recommend is that businesses start with these three actions:
- Define a data privacy policy – one that focuses on maximum transparency. It is advisable for businesses to try to stay ahead of regulations, do more that the minimum required to maximise customer trust and simply be ready for any changes in customer expectations of data privacy as well as evolving regulations.
- Set up a data privacy office – this can be a person or a team whose job is to make sure any product or services that makes use of customer data is compliant with the business data protection policy as well as any relevant regulations, e.g. GDPR.
- Set up and perform data privacy risk assessments – the key is to fully understand and mitigate risks related to how data is collected, used, shared and maintained, arising from new product or service launches.
“GDPR will force businesses to do innovation differently, in a way that embeds European values”
Omar Valdez-de-Leon: What would be an example of a company that has got it right?
Dr. Gilad Rosner: In terms of engineering design, Hello Barbie (by Mattel) gets things right in the following ways: you need to press a button for Barbie to start listening – this is an unambiguous indicator of when the device is monitoring a child – this compared against using a wake word, for example, where devices can hear what it thinks is the wake word and start recording when in fact the wake word was not uttered. And, we know that children’s speech recorded by Barbie and sent to Mattel’s partner’s servers (ToyTalk) are encrypted at all stages. Strong encryption, especially in the case of children’s data, is essential. There are other problems with Hello Barbie, such as nudging parents to share their children’s utterances on social media platforms, but from a hardware and platform design perspective, they get it right.
Omar Valdez-de-Leon: You experience covers both sides of the Atlantic, what would you say are the key things European businesses should look out for when it comes to data protection and privacy when commercialising their products or services in the US?
Dr. Gilad Rosner: Transparency is important in the US market. Which is not that different to Europe. Of course regulation is less stringent as compared to what Europe is trying to accomplish with GDPR but customer trust is still key. You can see this in the case of Apple which is using its data privacy policies as a differentiator. What I would recommend is to apply the same principles as you would in Europe. Use GDPR compliance as a strength, differentiating your offering. Having said that, it is impossible to say that data privacy is a real deal breaker for consumers; at least today. But as data is better understood by consumers, strong privacy policies may well become a differentiator.
“What I would recommend is to apply the same principles as you would in Europe. Use GDPR compliance as a strength, differentiating your offering”
About Dr. Gilad Rosner:
Dr. Gilad Rosner is a privacy and information policy researcher and the founder of the non-profit Internet of Things Privacy Forum, whose mission is to produce research, guidance, and best practices to help industry and government reduce privacy risk and innovate responsibly in the domain of connected devices.
Gilad’s broader work focuses on the IoT, identity management, US & EU privacy and data protection regimes, and online trust. His research has been used by the UK House of Commons Science and Technology Committee report on the Responsible Use of Data and he is a featured expert on O’Reilly and the BBC. Gilad is an internationally invited speaker, and has given talks at industry conferences, universities, and government agencies, including the US National Institute of Standards and Technology. Gilad has a 20-year career in IT, having worked with identity management technology, digital media, automation and telecommunications. Prior to becoming a researcher, he helped design, prototype and manufacture the world’s only robotic video migration system, known as SAMMA, which won an Emmy award for technical and engineering excellence in 2011.
Gilad is a member of the UK Cabinet Office Privacy and Consumer Advisory Group, which provides independent analysis on Government digital initiatives, and is a member of the the IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. He is a Visiting Scholar at the Information School at UC Berkeley, a Visiting Researcher at the Horizon Digital Economy Research Institute, and has consulted on trust issues for the UK government’s identity assurance programme, Verify.gov. Gilad was a policy advisor to Wisconsin State Representative Melissa Sargent, and he contributed directly to legislation on law enforcement access to location data, access to digital assets upon death, and the collection of student biometrics.