In contrast here, this data likely came from an insurance company, which got access to the data from their claims. They don't inherently care about these people, because they're all seen as "costs" to the balance sheet profits for the year. Sending their data out for "AI" to try and learn how to predict which claims can be rejected is a rational thing to do, in their eyes, whatever the cost (to those concerned and their data), since it might help improve their bottom line by rejecting claims faster.
At least there's a cynical take on this. They have no inherent interest in protecting this data, absent external pressures or legislation that imposes penalties.
It strikes me the real issue is the lack of negative inventive for people and businesses who screw up with data. If you build something physical that falls down and hurts people, your investor money ends up paying compensation. In tech though, the goal seems to be to make the revenues without ever touching the responsibility.
The story over the weekend of Amazon trying to avoid being deemed liable as a seller for goods they ship, (often) deliver, warehouse, market, dispatch and receive seems to sum this up. A race to the bottom when it comes to protections - Amazon effectively is a shop selling goods from others, as it all happens on their terms. We see similar in physical retail where the manufacturer or reseller has a retention of title over goods in the store, and that doesn't affect the store being responsible. It seems like the "being responsible for what you build" is very much lacking in tech companies, due to lack of external regulation to achieve it. Same here in this case.
We've tried this for a while (companies using customers data) and I see a strong case for governments to start protecting users more strongly, because the current way this is being treated isn't working (medical data needs to be handled with greatest care everywhere else, why not here?).
The user already pays for the insurance (or hardware or service in other cases), so the data collected should only be used for those purposes, e.g., handling the claim and not building AI models without the necessary care. The customer should have the right to sell their own data to a company they see fit to take care of it appropriately and that compensates them for it.
The problem is with ownership I think. I'm not German so I'm really only speaking from what I've seen online (mostly here), but my understanding is that for Germans in particular (maybe EU writ large), you own data about you regardless of how it is collected or who has custody of it. In the US, it seems like the data about people is owned by whoever creates that data (in this case, an insurance company), so they are free to do with that data whatever they like provided it doesn't violate some other non-data-specific law.
At least there's a cynical take on this. They have no inherent interest in protecting this data, absent external pressures or legislation that imposes penalties.
It strikes me the real issue is the lack of negative inventive for people and businesses who screw up with data. If you build something physical that falls down and hurts people, your investor money ends up paying compensation. In tech though, the goal seems to be to make the revenues without ever touching the responsibility.
The story over the weekend of Amazon trying to avoid being deemed liable as a seller for goods they ship, (often) deliver, warehouse, market, dispatch and receive seems to sum this up. A race to the bottom when it comes to protections - Amazon effectively is a shop selling goods from others, as it all happens on their terms. We see similar in physical retail where the manufacturer or reseller has a retention of title over goods in the store, and that doesn't affect the store being responsible. It seems like the "being responsible for what you build" is very much lacking in tech companies, due to lack of external regulation to achieve it. Same here in this case.