Petabytes of data are collected and stored: personal data is no longer safe on the web. Neither data encryption nor cloud storage are effective enough to protect against the threat of theft, piracy or the risk of damage. In the era of big data, expansive data collection provides a tremendous commercial opportunity but also a clear risk: it is increasingly challenging to control and manage this data efficiently. Each big piracy or data loss scandal undermines little by little the confidence of everyday Internet users.
The resulting lack of trust affects all top web players: commercial websites, social networks, access providers… The misuse of personal data by certain firms is a key reason. The lack of data protection is another cause and may be more serious in the long term. Besides major hacks, one-off individual thefts are increasing too. In a recent report, McAfee experts sounded a clear warning: 17% of Internet users have already been victim of identity theft in the digital world.
Pirated data or data illegally exploited
Whether stored on company web servers or on the cloud, data is always subject to corruption, loss or theft by hackers looking for personal information. Data encryption is still rare, and despite the development of new authentication and access methods (such as social login), many security breaches still remain. In June 2015, the US Office of Personnel Management reported that cloud data belonging to 19 million US federal employees and job candidates would have been hacked.
In addition, most companies exploit the personal data of their website visitors and clients. In many case, these clients are not even aware that their personal data are being used and sold. However, laws exist to protect personal data and their owners. This is precisely the objective of the French Data Protection and Freedom of Information Law (Loi Informatique et Liberté) and of a European directive declaring that companies may manage users’ personal data only after receiving those users’ consent. The owner must be able to access his or her collected data and decline consent to their use (Directive of the European Parliament and of the Council: 95/46/CE — 24 October, 1995).
Aftermath: the erosion of consumers’ confidence
Companies may lose far more than just the legal and financial risk of a data breach: over time, breaches erode consumer confidence and could decrease both data fidelity and the consumption of products and services on the Internet. In fact, we notice an increasingly strong reluctance for web users to exchange their personal data online, even if it means not completing an intended purchase: 21% refuse to deliver their data, compared to 5% in 2009. In addition, 3 of every 5 web users consider it risky to surf on the web (The 2015 French confidence barometer in the digital environment, ACSEL-CDC).
Web users are concerned about the use of their data: 82% say that they have few options to control the way that their data are used. For 78%, service providers have too much information on their habits and preferences. And only 20% of web users trust social networks regarding their personal data protection. (Study from Orange, Future of Digital Trust, 2014)
Protect data and restore confidence.
Is it any wonder that web users no longer accept the storage, use and exchange of their personal data without consent? How can any of us maintain confidence as a web user when we know that each conversation on social networks, each purchase or each page visited could be transformed into data that is recorded and stored, sold, bought or stolen?
The system needs confidence to keep working. Web users’ confidence will not be restored without security. The first thing a company does is to be transparent, by clearly declaring the aim of their data collection. Companies must also prove that this data is secure. But as we can see, this is not the current situation!
So, how can companies guarantee the security of their visitors’ and clients’ personal data while continuing to take advantage of the business opportunity they offer? Simply put, by not storing these data, whether on their web servers or elsewhere! This is an important step in regaining web users’ confidence.
This solution exists with MatchUpBox
After three years of research and a year of development, MatchUpBox is developing range of services using PikcioChain, the first blockchain network dedicated to personal data.
With MatchUpBox, personal data and the data necessary to execute a service (for example, searching for insurance) is not delivered on Internet: rather it remains encrypted on the user’s computer. On the service providers’ side, criteria (here, insurances prices) are codified locally by the MatchUpBox application.
The application links the data of users and service providers anonymously and with encryption. As a result, the user can select an insurance company without exchanging his or her personal data; and the insurance company earns a client based on trust.
More than a secure storage system of data, MatchUpBox is a trusted network, with a rating system (confidence index) for both individuals and companies that generates more commitment and more exchange between users and companies on Internet.