“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Kelly Anderson, vice president of data protection and privacy at Ericsson Emodo.
Just as 5G is coming into view on the horizon, there’s a trainload of new privacy regulations and initiatives gaining steam from the other direction. The timing of both may be coincidental, but it’s also consequential. The two seem to be on the same track, heading straight toward each other.
5G left the station late last year, and now it’s picking up some real speed. 5G phones are being sold in stores. 5G operators are running national ad campaigns. Early adopters are jumping on board, and it won’t be long before forward-looking marketers seek to take advantage of new 5G opportunities.
For consumers, 5G’s highly anticipated speed and low latency could enable new experiences and spark an explosion of connected devices. 5G networks, technologies and devices also may provide security protections against identity, device, content and data compromises from end-to-end.
For marketers, 5G holds great potential for improving data models and enabling more personalized communications. In the 5G future, data will be collected by a growing number of devices in the home, business locations, public gathering spots and on streets and highways – not to mention consumer phones and wearables.
Will privacy challenges derail these 5G opportunities?
The privacy dimension
That rumble in the distance is the roar of consumer advocacy.
Since the GDPR was implemented in Europe last year, US organizations and legislators have forcefully pushed for greater privacy protections for consumer data. That momentum will affect the massive amounts of data that flows from 5G devices and device-laden networks.
Wearable devices are expected to become especially prominent in the 5G era. 5G will foster new business models for real-time analysis and diagnosis. Many wearables today are enabled through Bluetooth. With 5G, however, we will see more wearable devices connect directly to mobile networks, which will likely lead to the 5G network carrying significantly more sensitive information than 4G networks today.
In a 5G world, apps and carriers will have access to more personal health data, such as 5G-connected wearables that measure heart rates during exercise. Medical data, created by an app or wearable, that is transmitted directly within 5G networks may pose a privacy problem.
More smart medical devices means more medical data in more hands. That expansion will open the door to growing concerns about medical identity theft, invasion of health privacy and medical data management. The healthcare industry was the target of 41% of data breaches in 2018, according to a recent Beazley Breach report.
In the United States, the phenomenon of health-based wearables and applications is on the rise, yet the privacy standards for device-born medical data is lagging. Many wearables and newer medical application services are not covered by HIPAA privacy regulations. A bill introduced into the Senate committee just a few weeks ago may change that. The bill would expand current HIPAA compliance to include medical information obtained from wearables and health-based applications, and it would require a committee to study the cyber security and data protection risks that could accompany these services.
The privacy legislation outlook
Medical data is just one example of the sort of personal data that will flow through 5G.
Last year, after California passed the California Consumer Protection Act (CCPA), more than 15 other states and regional localities began debating legislation of similar initiatives. The CCPA requires data collectors to clearly reveal to consumers what personal data is being collected and whether it’s sold, disclosed and to whom. It also enables consumers to access their personal data collected and halt its sale to other companies. Although it goes further than current federal regulations, it does not address the area of data protection or require explicit consent – one of the key requirements for processing personal data under GDPR.
The CCPA only applies to data collected in California. Legislation in other states will only pertain to those states. This presents operational challenges for marketers, publishers and ad tech companies that will have to comply with differing state laws.
However, US cities are also proposing municipal privacy regulations. San Francisco’s Privacy First policy, for example, requires that individuals must be able to move and organize in the city “without being tracked or located in a manner that subjects them to unconsented collection of their personal information.”
If advertising businesses are required to build in the separation of records by geographic area, compliance will be even more challenging.
Evolving definition of data
More granular location and other data may change the way the data is defined.
Today, data that cannot precisely locate an individual or device – currently the case with mobile tower coordinates – is not considered precise location data. So, for example, cell tower location data can be used without explicit consent.
With the greater proximity and volume of 5G antennas and devices, the cell tower coordinates may generate data that’s so timely and precise – purportedly within one meter – that it can be narrowed down to a particular individual, in some use cases. That kind of precision may affect how and when carriers and app providers get the consent required to collect and process location data.
For many privacy initiatives and plans, the destination is still unclear. What is clear, however, is that 5G is rolling out across the country right now. At the same time, new privacy concerns are increasingly difficult to ignore.
For marketers to fully benefit from 5G, they need to know the exact dimensions of the privacy forces that are gaining steam ahead. Some forward-thinking marketers will certainly dive in early. Their creative efforts will help define the course of both 5G and privacy as the two draw closer.
Follow Ericsson Emodo (@emodoinc) and AdExchanger (@adexchanger) on Twitter.
