We often hear — as in The Economist — that data is the oil of the 21st Century. This claim is confirmed by the share values of Google and Facebook who, along with Apple, Amazon and Microsoft (the famous GAFAM), are the 5 companies with the best performing shares in the world.
As a result, several brands would also like to gather data and imitate the giants of the Internet era, with little chance of success. In addition to the fact that competing with Google and Facebook is difficult for CAC40 companies, we should ask the question of whether it’s even desirable.
I say this based on three indicators:
- There are two categories of companies: those that get hacked, and those that don’t yet know they’ve been hacked. This isn’t a joke, cyberattacks affect nearly all companies. When this results in user data leaks (and this can be spectacular, as Yahoo demonstrated), clients lose trust in the brand, and this is a significant loss to make up.
- Clients find that too much of their personal data is collected. Several studies since the famous Tradeoff fallacy conducted by the University of Pennsylvania, or the French “Intrusion Indicator” by Publicis-ETO, have demonstrated this.
- The third indicator follows from the first two: the European Commission has implemented the General Data Protection Regulation (GDPR). In the GDPR, several rules are imposed on companies in terms of data: privacy by design, nominating a Data Protection Officer, impact studies combined with heavy penalties should a company fail to comply with the regulations (up to 4% of the company’s annual global turnover, or 20 million euros).
These three indicators lead us to question whether personal data isn’t more of a burden than an advantage.
However, providing services based on personal data remains essential if a company wants to provide customers with personalized services and compete with the Google and Facebook platforms.
Some think they need to become data-predators in order to compete. Others think the battle has already been lost, so it would be better to simply submit to these platforms by using their services and becoming dependent on these services.
There is however an alternative to these two responses, and it is based on the principle of “data-DMZ”, DMZ meaning “De-Militarized Zone”.
The Data DMZ
Metaphorically, the data de-militarized zone is a zone where data can be used without being stored. Companies may have access to data subject to one condition…that they cannot make a copy of this data for themselves. How is this possible? In order to understand, we need a paradigm shift. At the moment, with the approach of the GAFAM companies, data is centralized in a few huge silos around algorithms:
The new approach allows every individual to have his or her own little island of personal data, within which it is possible to enable algorithms and applications to operate:
The specificity of this approach is that each island is a DMZ, a zone where the algorithm can access data without being able to send a copy externally. The Cozy platform, using this approach, provides mechanisms that make it possible to ensure that external copies are not made by monitoring the outgoing data (I will go into more detail in a future post).
This is the approach that Cozy makes possible: a personal space where brands can interact with personal data, but are unable to obtain this data. A type of neutral space where brands are not a threat to personal data. In a sense, a de-militarized zone, where weapons (data collection) are outlawed, somewhat like the saloons of the Wild West era where all weapons had to be left at the door.
This approach enables companies that are not digital experts to provide personalized services and therefore counter the dominance of the digital era giants, while at the same time returning control of personal data to individuals. Everyone wins: individuals as well as companies. The only losers here are the Internet giants!