People reap tremendous value and convenience when participating in the digital economy, but each time they do they put their privacy and personal security at risk since people’s identities and personal information power a sizable portion of the digital economy. And not just the digital economy, our identity and personal information is giving birth to the personal information economy[1], and once this economy matures market opportunities and rules will be vastly different.

The Digital Economy Tradeoff

When participating in the digital economy, people are knowingly or unknowing accepting a tradeoff -- value and convenience for privacy and security.

When we leave ourselves open to all the digital economy has to offer we can seamlessly move throughout the halls of the physical and digital world. We can search and find what we need online and offline with pinpoint, personalized, accuracy. Ads, often, are relevant to our profile, our behavior, and our latest actions. We receive offers, discounts, and breeze by digital barriers with browser-based saved user credentials, single sign-on experiences, and contactless payments at the point of sale. We blissfully share with our friends, with commercial partners, and unlock those happy coincidences, even when we’re standing in aisle five at the grocery store or at gas pump #3. Did you know that seventy-five percent of the top 20 US retailers report using proximity marketing, which not only can enhance physical in-store engagement but is a vital part of driving online, relevant, personalized experience (aka retargeting)? Well, it is, and this is an example of your personal information being put to work.

Remember, however, we need to focus on the complete picture of what it means to participate in the digital economy and not just look at the rosy upside. Being wholly open to the digital economy comes with risk[2]; there can be as many dangers as there are benefits as you navigate your digitally-enhanced life. Left unprotected the hapless digital citizen may be exposed to unwanted digital surveillance, malware, and reinforced perceptions within their echo-chamber. Their personal information may be misused, their reputation may be tarnished, accounts hacked, value and money purloined, credit tattered, identity stolen, and they may experience emotional distress and countless other nuisances.

You may ask, however, what's the big deal anyway? These risks seem overinflated, aren't they? Who wants all my information? Do they really need my information and why? The answer to these questions are quite clear, actually. Both scrupulous and unscrupulous market actors want your personal information as they are seeking power, money, and influence. Legitimate actors, digital retailers for instance, see massive business opportunity by leveraging your personal information. Globally eCommerce is expected to generate $4.8 trillion by 2021.[3] Good actors, like retailers, want to leverage your personal information to get to know you better, to improve their ability to serve you, and ultimately to attract your share of wallet (aka improve customer loyalty). They want your personal information because they know that a better, personalized, physical and digital customer experience can exponentially increase their revenue.[4] On the other hand, bad actors have a lot to gain as well. The Center for Strategic and International Studies (CSIS) and McAfee report that cybercriminals are costing the world about $600 billion a year, both regarding what they take and what we need to spend to protect ourselves.[5]

Let's not kid ourselves, as much as we want value and convenience, protecting ourselves is important. In 2014, according to U.S. Department of Justice, U.S. victims of personal information fraud lost an average of $7,761, a number I’d expect is much higher today and will be higher in the future, not just in the U.S. but around the world[6]. And money lost is just part of the calculus of dealing with this one aspect of cybercrime, i.e. the misuse of personal information and identity theft. According to SANS Institute, as reported by IdentityForce, “identity theft recovery takes an average of 6 months or more and 100 to 200 hours worth of work”.[7]

People are now awakening to these facts. News reports on data breaches, perceived and real organizational misuse of personal data, security flaws in popular software and hardware services, the litany of revised and new regulations, and unwelcome personal experience and related harms from identity theft and fraud, have put people on edge. In fact, when asked, people are reporting increased organizational distrust, concern for their privacy and security, and a desire for more control over their identity and personal information (you can reach out to me and I can share countless reports with you to support these points).

The Privacy Paradox

Remember: When you’re engaging in the digital economy “it is a dog eat dog world out there, and you don’t want to be caught wearing milk bone underwear.”

For many, the privacy and security for value and convenience tradeoff that we are all making is increasingly becoming a challenging one to accept. And yet, even with an increased understanding of the risks, we are exposed to by participating in the digital economy we all continue to do so. Researcher refers to this behavioral tradeoff we're making, putting value and convenience ahead of privacy and security, as the Privacy Paradox.[8] Simply put, the Privacy Paradox states that even though we desire security and privacy we’ll readily give them up for value and convenience.

So, what is the digital citizen to do? Shall we simply maintain an unhealthy sense of apathy and forge ahead, which appears to be the case for many people[9]; or, can we do something and have both the benefits of the digital economy and control, sovereignty, over our personal information and privacy.

The Four Nobel Truths of Digital Sovereignty

The Buddha gave us the answer 2,500 years ago in his first lesson, “The Four Noble Truths,” a lesson on the path to enlightenment. In this lesson, the Buddha teaches us that,

1. life challenging, is suffering, everything is impermanent, ungraspable, and not knowable
2. suffering is caused by attachment to desires
3. suffering can be overcome
4. suffering can be overcome by following the eightfold path

There is much to be gleaned from the Buddha’s teaching. People have been studying the Four Noble Truths for thousands of years, but for me, the most important takeaway from this teaching is not the specifics of the lesson and the countless interpretations of it but the framework for problem-solving it provides. The above framework can be used to address the vast majority of life’s challenges, including how to protect one’s self and achieve digital enlightenment, i.e., digital sovereignty, that is, authority over the digital and digital-physical self.

First, let’s translate the Four Noble Truths above into a more general problem-solving framework, to solve a problem you must,

1. become aware; be mindful of your challenges/problems and have the strength to define them
2. identify root-cause(s), search out the root cause(s) of your challenges/problems
3. believe and accept solutions are at hand; believe, recognize, that you can find a solution to your challenges/problems, and that you can devise a plan/solution
4. execute and follow the path, execute your plan, your solution, and continue to practice and refine its merits

Therefore, using this framework, the Four Noble Truths of Digital Sovereignty, we can work toward achieving digital sovereignty by,

1. the digital tradeoff influences our wellbeing and peace of mind (aka suffering)
2. the root-cause of the digital tradeoff is our apathy, an unwillingness to proactively take into our own hands the management of our digital sovereignty
3. the digital tradeoff can be overcome by believing and accepting that we don’t need to make the value vs. privacy tradeoff, that we can give-up our apathy and be, delightfully, digitally-physically safe and secure and protect ourselves from both downside risks and the loss of upside opportunity
4. the digital tradeoff can be overcome by following the Five-fold Path to Digital Sovereignty - 1) awareness & behavior, 2) insurance, 3) professional services and support, 4) industry & government regulations, 5) technology & services (reactive & pro-active).

To be clear the forces of the digital economy reign today, but those of the personal information economy are starting to form and take root (more on this later). It is time for us all to prepare and become aware, adopt new behaviors, and incorporate new tools and services in our lives (next week, I’ll write about the Five-fold Path to Digital Sovereignty).

We should stive to achieve The Identity Nexus.

The Identity Nexus is a conceptual model referring to the use of identity and personal information among individuals (aka data subjects), public and private institutions, collectively the society at large.

Society experiences The Identity Nexus when the management of identity and personal information among the three groups is considered to be in a state of equilibrium, which is quantifiably validated when the identity & personal information value equation is balanced. The equation is considered balanced when all parties experience an appropriate level of opportunity and risk. The equation is considered to be out of balance when one ore more parties experiences excessive benefit, or they are burdened with unreasonable risk or expense in relation to others. To achieve The Identity Nexus, for it to reach a state of equilibrium, individuals, public, and private organizations must work together and align five key strategic pillars: technology, economic, legal/regulatory, moral/cultural, and political.

CITATIONS

[1] Data is giving rise to a new economy - Fuel of the future. (2017, May 6). Economist, Online Edition. Retrieved from https://www.economist.com/briefing/2017/05/06/data-is-giving-rise-to-a-new-economy

[2] Solove, D. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3), 447–559. Retrieved from https://www.law.upenn.edu/journals/lawreview/articles/volume154/issue3/Solove154U.Pa.L.Rev.477(2006).pdf

[3] eMarketer. (n.d.). Retail e-commerce sales worldwide from 2014 to 2021 (in billion U.S. dollars). In Statista - The Statistics Portal. Retrieved June 21, 2018, from https://www-statista-com.nuls.idm.oclc.org/statistics/379046/worldwide-retail-e-commerce-sales/.

[4] Thompson, B. (2017, January 27). Here’s Proof from Forrester that CX Drives Revenue. And 3 Cautions That It May Not. Retrieved June 21, 2018, from http://customerthink.com/heres-proof-from-forrester-that-cx-drives-revenue-and-3-cautions-that-it-may-not/

[5] McAfee, & Center for Strategic and International Studies. (n.d.). Economic Impact of Cybercrime— No Slowing Down. Retrieved June 21, 2018, from https://www.mcafee.com/enterprise/en-us/solutions/lp/economics-cybercrime.html

[6] Harrell, E. (2017). Victims of Identity Theft, 2014 (pp. 1–26). Washington, DC: U.S. Department of Justice. Retrieved from https://www.bjs.gov/content/pub/pdf/vit14.pdf

[7] Keylor, B. (2018, February 6). How Much Time Does Identity Theft Recovery Take? [IdentityForce®]. Retrieved June 21, 2018, from https://www.identityforce.com/blog/how-much-time-does-identity-theft-recovery-take

[8] Athey, S., Catalini, C., & Tucker, C. E. (2017, June). The Digital Privacy Paradox: Small Money, Small Costs, Small Talk. Retrieved June 21, 2018, from https://ssrn.com/abstract=2984665

[9] Stafford, T. (2005). Consumer Apathy and the Emerging Revenue Model of the Internet: The Economic Case for Spyware. ResearchGate. Retrieved from https://www.researchgate.net/publication/242368720_Consumer_Apathy_and_the_Emerging_Revenue_Model_of_the_Internet_The_Economic_Case_for_Spyware