By: Esteban Múnera
December 2017
The Big Data Challenge
Data privacy was once viewed primarily as a narrow legal niche, mainly relevant for a handful of industry segments, with very little impact on most lawyers and most companies. Today, particularly in the past few years, data privacy and security have become regular front page news with the need for substantial attention in virtually every company. Behind the scenes, regulators vie for jurisdiction on enforcement issues, and legislators at all levels attempt to balance between personal interests and the potential gains for society from data. As a result, you cannot run a meaningful company without an effective information security program. By the same token, you cannot benefit appropriately from the information available to you without understanding how privacy laws and regulations impact big data and overall data analysis.
The big data challenge involves both private enterprise and government seeking greater insights into people’s behaviors and sentiments which may aid product and process discovery, productivity, and policymaking. This post will provide a primary overview of the legal considerations of data privacy. U.S. and international privacy regulations aside, all lawyers must advise their respective clients on potential data privacy threats and beneficial utilizations. As the example below illustrates, this line between privacy and utilizations is not always clear and constantly changing.
Case Study: Strava
In 2009, Strava, launched their site, and opened a virtual community for athletes. “The Social Network for Athletes”, is a website and mobile app used to track athletic activity via satellite navigation and compete virtually against other users (e.g., King of the Mountain segment challenges, or “KOMs”). There are a number of features available which include the ability to search the database for routes, athletes, and local challenges. Athletes can “follow” each other and activities are automatically grouped together when they occur at the same time and place (for example, taking part in an organized marathon/sportive or group run/ride). In addition, athletes can give “Kudos” (similar to a Facebook Like) and comment on each other’s activities, and upload photos to activities.
This year, Strava celebrated a major milestone: the one-billionth activity shared to their social network for athletes. As a rapidly growing social network for athletes, Strava saw one million new users every 40 days, and athletes share a staggering average of 1,382,138 activities per day. Athletes on Strava have covered 12,967,788,011 miles—the equivalent of 54,281 trips to the moon! And if you thought Instagram was the only player in the social network space, the platform also sees a whopping 17 million feed views per day, 55 million comments and kudos each week, and 2.2 million photos uploaded per week.[1]
The Business = Data
Although Strava offers a premium subscription business, most users are “weekend-warriors” who opt for the free service option. Premium subscription according to Strava is for “the athlete who squeezes every drop out of their sport” through advanced data analytics.[2] Unsurprisingly, these premium perks prove to be superfluous and financially prohibitive for the majority of its consumer base.
In addition, unlike online music providers, Strava is completely add-free for both premium and non-premium users. Strava’s new CEO, James Quarles, explained that ads are not where he is steering Strava’s business line. He believes that for ads a certain kind of scale and user expectation is needed. He should know - Quarles brings to Strava invaluable experience as most recently the VP of Instagram Business and previously Regional Director of Facebook in Europe, the Middle East and Africa.
So how does Strava make money? As the Quarles explained, it has a “metro business” (Strava Metro) which aggregates and anonymizes commute data to sell back to a city’s department of transportation so they can better plan pedestrian bicycle routes in cities. Although it may see like Strava Metro is a broad departure from its primary service, this invaluable data has the potential to inform every respective athlete’s city on questions of infrastructure. It is the most powerful example of advocacy and awareness. In the long run, pun intended, the tracked data will lead to new bike paths, bike lanes, and improved infrastructure
So, as with any social network – as the community grows, the types of business and data abstractions will grow. But with the good, comes the bad.
Location-Based Dangers – The Strava Run Map and FlyBy
As a lifelong runner, I’ve become adept at predicting the best times, routes, and strategies to jog in cities while avoiding street impediments. From circumventing stops at traffic lights to seeking quiet streets, I have adopted behaviors that may put my personal safety at risk. To make matters worse, Strava may broadcast the route of my daily runs, including the starting location (i.e., my home address). Furthermore, the new Strava Flybys feature allows you to see your run/ride, plus the run/ride of anyone else you ran/rode with, or who crossed your path. So even if you were on the same road for just a couple of minutes, you can then view where the other athlete went.
To help combat privacy threats, Strava allows its users to customize the information he or she shares to satisfy the balance between being social and being private that feels right to the user. The issue is that many users still do not understand how public their activities on the site are. There is a misconception that since this a platform for athletes, there are no bad actors using the information available to them. This is simply not true.
For Flybys, athletes can specifically opt-out of being part of Flybys features by selecting the appropriate option under their privacy settings area. f they do this their activity is not included in any Flyby replays. Again, the issue is that many users do not know about this function or its opt-out option. The Flybys feature is not part of the main platform, instead it is only available via a link on individual activity pages.
Creative Solutions
Privacy controls should not be an issue an active user, such as myself, should have to Google. Like the modern trend in writing and displaying legal terms and conditions, privacy control options should be presented at the inception of a new account in a clear and plain manner. These options should include direct implications of a user’s choice. For example, choosing a private account setting control does not necessarily exclude your activities from public segment and challenge leaderboards.
Recently, Strava has responded to feedback from its community with a new feature, Beacon. This service provides Premium members the ability to turn on Beacon before an activity, which allows up to three safety contacts are able to see their location on a map in real- time. The problem, however, is that the majority users are not Premium members. Creative solutions like Beacon, or some non-premium variety, need to be uniformly applied for all its users. Personal and data security is a threat to all – no matter the athletic ability.
[1] https://blog.strava.com/2016-stats/
[2] https://www.strava.com/premium