Towards digital health: Big Data and GDPR, the great opportunity

Users need to know what use is being made of their personal data

Big Data and GDPR, the great opportunity Big Data and GDPR, the great opportunity

Many years have passed since I worked at Andersen Consulting. Simply hearing “Andersen Consulting” instead of “Accenture” takes me back more than 20 years, towards the end of the last century when we connected to InfoVia rather than the internet.

I was lucky enough to work on an interesting project there called the Robinson List Service. For those that don't know about it, it was a platform that you signed up to if you did not wish to receive direct marketing or telemarketing calls.

Back then, I'm talking about the mid-nineties, the concept of privacy was very different from what it is today. People were very sensitive about their “personal information”, mobile phone data were jealously guarded and sharing photos of ourselves was something that belonged to science fiction. The years have passed and most people upload their personal photos onto LinkedIn (if not Facebook) without a second thought. And only 20 years have gone by!

A explosion of Data with the Internet of Things, especially in Health

Curiously, when we talk about “personal information” these days, basic contact information (name, address, telephone number) seems very limited indeed. In a world in which we are connected beings who are “always on”, personal information enters the realm of everything our mobile phone is capable of registering: our location, what we are doing, who we are sharing with and, up to a point, what mood we are in. And in just a short time, thanks to the Internet of Things, this volume of connected data will go through the roof, enabling useful and very reliable services to be provided. Reliable in the sense that when you get home after a hard day's work, the temperature will be correct because the heating will have come on at exactly the right time, neither too early or too late, according to the time you leave work by car and, of course, taking into account the actual duration of the journey through applying real-time traffic information. Or reliability in the sense that the important Amazon package you are waiting for arrives just 30 minutes after getting back from your early morning jog, so that you are not caught out in the shower when the doorbell rings. And all this without having to consciously configure or program anything because you, your house and your car are all connected and these “logistics” decisions are taken on our behalf by artificial intelligence systems.

And obviously the world of health forms part of all this. You will receive a call from the nurse to remind you that you still haven't taken your tablet, demonstrated by the result of your urine analysis (carried out in real time every time you go to the bathroom) and that your blood pressure (measured by wearables or insideables) is reacting accordingly. And it is particularly important that you take the tablet due to  your prior medical history and genetics, all collected together in your medical records. And all this, I repeat, without us having to consciously configure or program anything. All power to convenience!

Transparency and Control in the hands of the user

Useful services, reliability and convenience, yes. Yes - but all this also means that your life leaves a digital trail. Some machine somewhere knows how long you spend in the shower, what water temperature you prefer, if your jogging route is 5 km or 10 km long and the frequency, quantity and quality of your urine. And this is a big challenge for data privacy and confidentiality on the most intimate of levels.

The big technology companies are very aware of this, in that the major part of their income derives from the intelligent use of data to enable them to mount ever more personalized advertising campaigns. Their approach to tackling this challenge lies in how they manage two very powerful levers: Transparency and Control. Transparency means that, at any time, users can easily find out what kind of information is being shared with the company and what the company is using it for. And Control means that, at any time, users can easily decide to withdraw the relevant authorizations and stop the company from sharing some or all of their information. As an example, Google are magnificent at interpreting these levers, clearly illustrated in the “My account” section associated with all of its user products (Gmail, Drive, etc.), where the user has complete access to the Transparency and Control levers.

The great opportunity for the GDPR

Interestingly, the explosion in the use of Big Data has not coincided with an increase in people's awareness about their personal data: who is it shared with, what for and what to they do with them? All of us have agreed to acceptance clauses that are pages and pages long without really reading the content, simply because we can't be bothered and there is no other option if your want to use the service. Things have only started to change because of the bad use made of personal data by some companies. In this respect, the current implementation of the famous GDPR is very timely. This is the new European regulation on data protection, which deals in a clear and unambiguous way with the two levers we mentioned earlier, Transparency and Control. We don't know if the GDPR will fulfill its objectives, but it has already achieved two very important things.

Firstly, that companies are finally aware of the quantity of data that they are storing, most which are useless as they are not used for anything. This represents a big headache for many companies to the point of being a real drama, as they are faced with the decision of having to throw away enormous amounts of user and customer data that, in many cases, represent a great many years and many hundreds and thousands of euros to put together. In fact, many companies are currently engaged in analyzing how to rationalize their data strategy, deciding on what information they will continue to ask users for from now on and for what purpose.

And the second important thing that the GDPR has achieved is that users are becoming aware of just how many companies hold their data, as all of them are currently sending the relevant information so that they can continue to use them. And I'm sure that before reading one of those messages along the lines of “... and if you do not click on this button we very much regret that we will no longer be able to send you our information”, many of us feel the inward satisfaction of thinking “good riddance!”.

I honestly believe that this could represent a turning point, meaning that, from now on, companies and users will be much more aware of what we do with personal data and the power they represent. And that we use them in a rational, informed and effective way for our benefit.

It will be particularly beneficial for those companies that understand that using Big Data is critical for their business processes, and that data represents the blood that feeds Customer Experience, Product Design and Operational Efficiency. It is the great opportunity provided by the GDPR!

*About the author:
Pedro Díaz Yuste is Director of Digital Health at MAPFRE, responsible for launching a new Digital Health initiative within MAPFRE. Pedro previously spent four years as Business Director in the finance sector of Google Spain, helping Spanish banking and insurance companies take advantage of Google's digital business development opportunities. Prior to that, Pedro was the Internet Director of Sanitas, heading up the company's digital transformation. Pedro also spent part of his career at Yellow Pages, where he was responsible for launching the company's telephone information services, 11888 in Spain and 1288 in Italy, before later becoming Director of Online Marketing. Pedro graduated as a senior telecommunications engineer from the technical university UPM and went through the Management Development Program at the IESE business school.