The word insurance does not contain the word “sure” for nothing. Protecting our customers’ sensitive data is an absolute must for us, ERGO CDO Mark Klein writes in this newest blog post here on //next: "Data protection is a credence good." That is one side of the coin. The other is that, almost every week without fail, Mark sees digital managers in the office complaining about the excessive restrictions associated with data protection. "I unfailingly give them the same answer: our European GDPR is not just an export success story, but also an accelerator. It creates the sort of acceptance that the digitalisation process so urgently requires. In my view, the area requiring attention is a different one entirely: many of us take a romanticised view of data. And that is a real problem in terms of Germany’s status as a location."
If I enter the word “data” in Google, the machine displays the terms “data science”, “data scientist” and also “salary” under frequently used links. If I try the German term, “Daten”, then the top hits include terms such as “data protection”, “data protection officer” and “Data Protection Regulation”. It is perhaps not the best comparison, because Germans also use the English term “data scientist” as opposed to a literal translation, “Datenwissenschaftler”. Any yet nevertheless, my research shows that there is certainly no love lost between Germans and the concept of data. Rather, the very word tends to put people on the defensive.
Using networked data, on the other hand, is something we are happy to accept without giving the matter too much thought. Google Maps, for example, is popular with drivers because it is best at predicting when we are likely to arrive at our destination. The algorithm’s precise knowledge of each and every traffic jam is owed to the fact that it is constantly tracking the position of thousands of people driving in front of me via GPS. Data makes our lives easier! And when, as will soon be the case, networked vehicles tell us exactly where the weather is good, where road conditions are poor and where the outdoor swimming pool might not be too crowded, then we’ll be happy to make use of that information.
Data is often hyped as the “new gold”, one of the most valuable resources we have at our disposal. At the same time, it is precisely this sort of analogy that is misleading. Data is not precious in its own right, like a sort of treasure that needs to be guarded. Possession of, or control over, data alone does not confer any advantage or immediate gain. Data only becomes valuable when we all start using it.
In the context of a company like ERGO, that means that it is not only data protectors and data engineers that should be dealing with data, but rather each and every one of us, from archivists to underwriters. Data only becomes an asset when it is not left to go stale on a server as “dark data”. This is a question of mindset for each and every one of us: we should see data as an opportunity (and a risk) and be better placed to weigh up the pros and cons.
Let’s start liking data a bit more instead of always thinking, at the back of our minds, that we are “surrendering” something when we disclose it. Let’s also start to look at the added value for us and others.
A good example of the shared use of data with no rivalries involved involves “Transport for London” (TfL), which operates the UK capital’s public transport network. In 2015, TfL started to open up its data records to enable access to millions of pieces of transport-related information, updated in real time and enriched to include data taken from accident statistics and on air quality. Once the data was made available, according to a report by Deloitte, more than 13,000 developers had registered as interface users by 2017. Over 600 apps developed by them use the data provided, with 20 of them having been downloaded more than one million times.
Some of them are used by estate agents to calculate the value of their properties, while other data is being used in academic research. And when it comes to route planning, competitors like Google, Citymapper and Mapway are all using the TfL databases free of charge. So what was the point of it all for the London Tube? It’s simple: all of the apps displayed it as an alternative form of transport, allowing passengers to plan their journeys precisely and making the Tube more attractive. TfL put the value of the additional trips booked on London’s public transport system in 2017 at 20 million pounds. It also calculated additional revenue and savings of 130 million pounds a year.
Between 2018 and 2021, the sharing of this data was still subject to “supervision” under the EU GDPR. The current successor regime introduced after Brexit is also based largely on the GDPR. This shows what can be achieved not in spite of a state-of-the-art Data Protection Regulation, but rather precisely because of it.
In Germany, by contrast, the GDPR is often interpreted somewhat differently, dictated by the primacy of data protection. In the form originally intended, the COVID-19 alert app, with its centralised data storage, would not have breached the General Data Protection Regulation (GDPR) at all. But the data protection standards for the app were set so high that it was of virtually no practical use in terms of combating the pandemic.
The app only informs its users that they might have been in contact with high-risk individuals after the event. In a sort of overeagerness to bend to imagined objections, any features that could have put potential members of the data protection police off at a later date were removed from the app. Its creators were determined to do whatever they could to ensure that the use of the app would not prove to be a failure.
The EU General Data Protection Regulation, which dates back to 2016, serves to protect natural persons when personal data is processed. While it is often criticised as being stringent and rigid, it is often merely a fig leaf for preventing innovation and becomes an end in itself, so to speak. When interpreted correctly, a progressive digital strategy can be achieved under the auspices of the GDPR.
So why the knee-jerk reactions among Germans when it comes to data? As someone interested in history and as a subscriber to several history podcasts, I’d like to provide a bit of historical context based solely on my own interpretation.
When a major census was announced for April 1983, the announcement triggered years of protests and riots throughout Germany. Hundreds of thousands of people protested against this form of screening and full registration and called upon their fellow citizens to boycott the census. The slogan was “Don’t let them capture you”. And the sceptical question: What will happen to my data after the census?
It was a year before George Orwell’s nightmare vision “1984”. Census officers armed with questionnaires evidently sparked diffuse fears of “transparent citizens” in a dystopian police state. It was all in keeping with a good old German tradition – suspicions when it comes to disclosing data.
The wave of protests ultimately gave birth to data protection and key regulations on the disclosure of sensitive information. The constitutional complaints brought in the 1980s resulted in the German Census Act being quashed by the country’s Constitutional Court in Karlsruhe and, at the same time, created a new fundamental right when the need for new regulations arose – the right to self-determination when it comes to information.
So the government can only ask the things it urgently needs to know but cannot find out what each individual citizen’s reply is. This creates a statutory separation between statistical and personal data. The census was postponed – subject to the new requirements – until 1987 and the protests continued, but ultimately only two percent of Germans refused to provide the information requested. And the censuses conducted in 2011 and 2022 no longer sparked any riots.
What we are left with is something akin to phantom-limb pain when it comes to making our data available. It might well be our agonising experience of two totalitarian systems that has turned us into such fans of anonymity – something that remains true to this day.
According to a YouGov study, 71 percent of Germans “feel that they have lost control of how their own data is used on the Internet”. And 71 percent also think “that the information they receive on how their data is used on the Internet is virtually impossible to understand.”
This sort of socialisation means that we are all too likely to opt for absolute security. And conversely, we are less likely to support anyone who is in favour of being more open. I’d like to see us adopt more of an “it depends” approach that weighs up the pros and cons involved more openly. This is something we can only achieve if we entrust our data not just to the professionals, i.e. to data protectors on the one hand and data engineers on the other. This requires everyone to have the right data mindset. As far as ERGO is concerned, this means getting all employees more closely involved.
At the Digital Summit of the Federal Government held in December 2022, a comprehensible national data strategy was a major issue. Key aspects include a legal entitlement to open data and straightforward, clear and coherent regulations for data handling. Sensitive personal information, such as that pertaining to our customers, has to be kept safe. At the same time, measures must be taken to ensure that companies putting money into data can generate a return on investment. If we can manage to allow for legally watertight data exchange, this will open up opportunities for more research and development, transformed and new business models and more innovation. We need to move away from pursuing data protection as an end in itself and towards shared, safe use.
Our ERGO AI Factory is currently receiving awards for its security architecture while ensuring high levels of flexibility in the public cloud at the same time. From day one, the idea was to create a platform that would enable secure data exchange and processing. At the moment, this is just the concept – but we are ready to work on the basis of the new mindset.