Apple has prioritised privacy lately, and a major component of the news involved data privacy. It’s exciting to see that data privacy is getting headlines. The new “app privacy report” feature was unveiled at the firm’s annual developers’ conference, WWDC. In case you missed it, Apple have put a real effort into privacy with new customer-protecting features for iCloud, Mail, Siri. They are effectively pre-empty privacy concerns before they happen, and diversity and inclusion plays a role in understanding people’s concerns and finding a way forward.
What’s the news from Apple? Apple are sensing and responding to unmet needs in the market with a level of clarity and action few others are. Audio processing is moving to be on-device only, meaning that voice commands to Apple’s smart assistant Siri will not be uploaded to central servers. Competitors such as the Amazon Echo do this by default. Also, Apple Mail hides the IP address of the device it is accessed on so that senders of marketing emails cannot track where an email is sent and whether it is read. Safari will prevent any third parties from accessing a user’s IP address to block tracking. iCloud subscribers will have the option to route Safari traffic through two internet relays, similar to a VPN, to hide your identity; and the “hide my email” feature, first unveiled in 2019, will be extended to hide email addresses when used to sign up to a number of online services. Apple are leading here, and data privacy in the world of AI is going to become increasingly important.
AI services are increasingly used to augment people management. In the UK, the TUC released a report entitled Technology Managing People – The Worker Experience, raising concerns about privacy in the workplace. Microsoft seem not have read the room properly, releasing a ‘Productivity Score’ in M365 at the same time as the TUC report. Effectively, this created a workplace surveillance service which provides insights into employee behaviour, raising privacy concerns worldwide. As originally rolled out, Productivity Score turned Microsoft 365 into a “full-fledged workplace surveillance tool,” wrote Wolfie Christl of the independent Cracked Labs digital research institute in Vienna, Austria. “Employers/managers can analyze employee activities at the individual level, for example, the number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc.”
The theory is that the rich get access to technology first. That’s not true; the poor are subjected to technology first. In these examples, one could see that employer / employee transactions will also include data transactions, an imbalance of power. The myth of ‘data democratization’ assumes that everyone has the same control and accessibility but not everyone enjoys the same access to data as everyone else. The Apple perspective shows some redressing of that data power.
How do we resolve it? This is where diversity and inclusion comes in. Microsoft ideated, designed, developed, tested and deployed this Productivity Score solution and it seemed to go through without question. Why didn’t someone somewhere say ‘hey, people might not like it?’. If the response goes something like ‘you don’t agree because you don’t understand, here’s a list of great features’, then it’s a completely tone-deaf way of dealing with diverse perspectives. There’s some polarisation how tech organisations are dealing with issues of navigating data privacy with transparency and Apple are leading the way. Diversity, inclusion and equality are crucial to understanding people’s concerns and finidng a way forward. Apple are trying to pre-empt these concerns and the ‘Data Privacy Day’ of Apple News is very welcome. According to their website, “We believe privacy is a fundamental human right, and our teams work every day to embed it in everything we make.” – Craig Federighi, Apple’s senior vice president of Software Engineering.
Diversity and inclusion can easily be mistaken for a marketing tool that is useful if it agrees with the party line. As we see from the Timnit Gebru situation over at Google, there has to be a safe space for people to dissent. There is a connection between diversity and inclusion, and data privacy. There are different perspectives and organizations cannot just railroad over them. Diversity and Inclusion involve listening and safe spaces. Data diversity examples can include protected characteristics. Under the Equality Act, there are nine protected characteristics: age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, and sex. So, there is a lot of room for misunderstandings, but the way forward is diversity, inclusion and equality along with transparency.
In addition, there are differences in terms of how this data is processed by different countries For example, in the United Kingdom, some uses of sensitive data is allowed in the employment context if used for workplace accommodations. LGBTQ data is subject to additional protections in the employment context. Consent is regarded as as possible if it is for a positive opportunity in the employee’s interest and some types of sensitive data may
be collected – but only if done anonymously. Hence, you can see why some of the original implementation of Microsoft’s Productivity Score engendered a backlash in the UK. So you can perhaps see why the Productivity Score started to raise concerns until it pivoted to aggregated data. It’s clearly a complex issue, so here are some thoughts to get started.
Deciding on a way forward
The organization needs to set goals in line with the objectives that they want to accomplish in line with the customers and business teams. This will help proactively guide advice and risk position to support better decision making. Listening is crucial to help understand different perspectives – for example, can an employee really consent to provide their data willingly?
Here is a list of questions to help you to get started.
• Leadership: Who are the key leaders to involve (e.g., CDO)? Who are the decision-makers? Stakeholder buy-in and alignment with company culture and values: have the right stakeholders from across the company be part of the initiative and the conversation
• Responsibility: What teams, departments, or business units are responsible for
implementing? What about ongoing management?
• Legal Issues: who owns these issues? Roles and responsibilities need to be clearly defined.
• Data: What data elements are you actually collecting? Does the organization already have it or is it newly collected? What updates are needed to existing applicant and/or employee
privacy policies, if any? What can – and can’t – we do with the diversity data.
• Communication: How is the paradox between employee opt-in managed? What is the organization telling applicants and workers about the program? Who is responsible for communicating the messaging and taking feedback? There is a need to document processes to help ensure clarity.
• Reach: If it is a global enterprise, how do you reconcile global or local specific approaches? Is it the same approach across all countries? Do you collect more data in certain countries and less in others (e.g., U.S. v. EU) and what does that mean for employee data held in more than one country if the employee works in a company defined territory, such as MEA or EMEA?
• Transparency: Be transparent with your applicants and workforce about what data you are collecting and for what purposes. Avoid surprises, since they are often not welcome and could destroy trust
Who is responsible for implementing privacy solutions?
Similar to the Gartner approach for business intelligence, a cross-team approach is helpful in supporting diversity and inclusion as part of a wider data privacy discussion. The Privacy Controls for MIcrosoft can be found here, and note that this data is visible to IT administrators; I’d argue that data privacy is for the business teams rather than the IT team, and the CDO and Data Protection Officers need to be involved so they can keep an eye on it. To view the entire Productivity Score, you need be one of the following admin roles which tend to sit in IT, but only two roles are assigned to the business: Reports Reader and Usage Summary Reports.
To summarise, there is a lot to think about but the time to start is now. Apple are bring these conversations to people where they are, and the concerns will also be played out in the workplace. Tech companies will need to think about diversity and inclusion as more than a marketing tool to sell their products via marketing in disguise. It’s crucial to include everyone on this journey.