By Rupert D.E. Brown, CTO Evidology Systems

Data content, governance and security have been very much to the fore across international media over the past few weeks with many of the “usual suspects” featuring in the headlines.

None of the incidents raise any particularly new issues, but their continuing occurrence suggests there is little progress in addressing root cause problems. It also begs the question, do we really understand these problems.

Perhaps the most contentious is the notion of “privacy” i.e. what data belongs to a person or a regulated organisation that may always remain private to them except when required as evidence in a criminal trial.

The release of the “Pandora papers” in the week commencing 4th October, once again challenges the boundary between what financial matters can remain private to very wealthy individuals, particularly those who are perceived to pay very little tax. These papers also raise the issue of the efficacy of current statute law, regulation and judicial processes.  In both the “Pandora” and previous “Panama” cases the insight that has been gained has been largely down to whistle-blowers rather than any legislative action.

Every time there is a new significant fine attributed to GDPR national broadcasters, press and social media gasp at the scale of the headline numbers, but nobody ever does the detailed journalistic investigation into the final amount that was actually paid or the time it took to pay it.

Facebook continues to be the most significant “bete noir” of regulators on both sides of the Atlantic, particularly with the recent US Congressional hearings into the leak of its research findings that suggested that it knows its algorithms cause significant mental harm and social unrest. Facebook’s recent outage at the start of October also shows how fragile even the largest internet platforms can be when performing technology upgrades.  It is probable that Facebook’s loss of ad revenue and collapse in market capitalisation due to those incidents is far more than the fines potentially levied against it by the EU.

Conversely It is interesting to note that Microsoft, a former victim of US Antitrust legislation, has recently released a significant set of data governance tooling named “Purview” that works not only on its own Azure platform, but also data intensive systems (e.g. SAP) hosted on premise and in Amazon Web Services. It is almost certain that Microsoft is not just delivering another software product, but also preparing its defences and those of its customers by building large labyrinthine data intensive cloud systems.

But what of the regulators?  The EU clearly believe that US internet platforms are their sworn enemy given recent rulings and fines against Google and Facebook – both of these cases are worth closer scrutiny, however as the focus has shifted from technology-based data breaches to “insidious” advertising tactics,  they can find no significant security issues to pin on the companies.

The EU’s recent announcement about seeking to force phone charger and plug standardisation also needs to be treated with some scepticism, and may be a populist move to deflect attention away from its lack of success in using GDPR against major US tech companies.

Meanwhile the UK has recently replaced its Information Commissioner as well as the Cabinet Minister responsible for the government department it reports into. It will probably take some time for any significant change of policy direction to filter through, as there are many other post-Covid and Brexit priorities higher up its political agenda.

So, what is common about all of the previous threads? – what they highlight is a “fear” of the risk that data, that is not understood or controlled, can present – whether it is individuals wishing to hide their true wealth or faceless corporations manipulating social online interactions and garnering advertising revenue as a result.

As well as this fear of “content” and “mode of use”, there is then the larger underlying problem of hacking, ransomware and many push payment scams made easier by the piecemeal incremental development of the internet since its inception. Data interchange mechanisms such as Blockchain and Cryptoassets such as Bitcoin and Non-Fungible Tokens (NFTs) have been heralded as the “solution”, but now they too seem to have found a nemesis given the large amounts of server farm electricity needed to operate them.

The upshot of all of this is that it is time for a change of mindset, national regulators need to focus on data as a national asset and making it more accurate and efficiently utilized between public and private entities, rather than trying to cast foreign corporations as wholly malign forces.   Better national technology skills as well as smarter diplomacy on all sides is needed. Blunt political interference to create “National Champions” via subsidy or outright nationalisation has not worked on either side of the English Channel, though as the fortunes of ICL and Bull attested many years ago.

Ironically China serves as an object lesson to the rest of the world in the way it has managed to embrace technology and upskill its manufacturing base, even if it has involved significant intellectual property chicanery.  South Korea, Israel and Taiwan are probably the standout nations who have a similar mindset driven in each case by a much stronger sense of national purpose and fear of larger neighbours.

As the UK now seems to be learning post-Brexit about the risks in its physical supply chains, it and the western world also need to focus on digital supply chain challenges. Sadly, however it appears that most nations and political groups lack both the relevant organisational structures and staff of sufficient calibre to tackle this largely opaque problem.