E6: The New Privacy Conundrum

Episode 6, The New Privacy Conundrum, explores the ways privacy policy may impact 5G marketing and vice-versa.

Data and privacy are so intertwined these days that any in-depth data conversation is inevitably going to end up including the issue of privacy. The previous episode of FIVE looked at the ways marketing data will change with the proliferation of 5G. Episode 6 dives into the flip side of that conversation – Privacy. Episode 6 is a different kind of FIVE. Jake dedicates the entire episode to a one-on-one interview with an expert on the privacy policies of more than 60 countries. The discussion covers a wide range of privacy-centric topics, including new impending U.S. policies, how 5G and AI may spark additional privacy concerns, the potential role of carriers as privacy protectors and how privacy mandates may impact 5G user experiences.

Jake’s FIVE List:

There is a lot of info packed into this episode. After the interview, Jake adds color to five important takeaways regarding 5G and Privacy:

  1. From a privacy standpoint, 5G is a more compelling proposition for consumers and marketers in the U.S., than it is abroad.
  2. Some long-standing privacy policies may apply to advertising data for the first time.
  3. The speed and precision of 5G are likely to lead to additional policy impacts.
  4. Carriers are likely going to play a really important role in the world of privacy.
  5. 5G is new terrain. It won’t take long for creative marketers to spur all kinds of new questions around data categorization and privacy policy.

Special Guest:

Kelly Anderson, VP of Data Protection & Privacy @ Ericsson Emodo. The interview was recorded June 11, 2019


FIVE, The 5G Podcast for Marketers, is presented by the Emodo Institute and Ericsson Emodo.

Host
Jake Moskowitz, Head of the Emodo Institute at Ericsson Emodo

Producers
Robert Haskitt
Adam Kapel
Jake Moskowitz

Original Episode Art
Jeff Boese

Music
Dyaphonic
Small Town Symphonette


Transcript of Episode 6: The New Privacy Conundrum

“One of the challenges around 5G is that it will probably change the classification of a lot of the data that is going through.”

Jake:

Let’s talk 5G.

Welcome to FIVE, the podcast that breaks down 5G for marketers. This is Episode 6: The New Privacy Conundrum. I’m Jake Moskowitz.

Last year with the implementation of GDPR, privacy became one of the most pressing concerns for marketers, not just across Europe, but in the US as well. There are multiple data privacy laws emerging at federal and state levels, and even in some cities. Data and privacy are so intertwined that these days any in-depth data conversation is going to inevitably end up including the issue of privacy.

In the last episode of FIVE, we had the first half of that discussion. We looked at myriad ways marketing data will change with the proliferation of 5G. Today, we’re talking about privacy: how privacy policy may impact 5G marketing and vice versa. This episode is a little bit different than the others. The whole episode is dedicated to a discussion between me, and my guest.

Kelly Anderson is VP Data Protection and Privacy at Emodo, a subsidiary of Ericsson, and the company I work for. Emodo is a global provider of mobile insights and advertising solutions. Kelly is our expert in all matters of privacy and data security, not just in the US. Her expertise spans the privacy laws and policies of over 60 countries and runs the gamut of mobile technology generations, including 5G. So let’s just jump in and talk about what we’re talking about.

Kelly, thank you for joining us.

Kelly:

It’s good to be here, Jake. Thanks.

Jake:

Why don’t you tell us a little bit about your background and how you got to where you are today.

Kelly:

Sure. I’ve worked in telecommunications since 1994. Like you, I started out at AT&T. I started out actually in billing. Being exposed to switch records and what switches recorded and what cell towers recorded actually gave me a love for data. I decided about ten years ago, actually, to go to law school to learn about some of the privacy implications that were coming up. From a regulatory perspective, there was a lot of talk about it. Now, I do regulatory strategy, privacy compliance, privacy by design, process development and data privacy and protection strategy. I was actually involved in industry standards around data. I used to be president of IPDR Organization. Seeing how the regulation has evolved with the availability of data and the networks has just been a real interest and focus for me.

Jake:

FCC versus FTC. One of the theories we’ve been working under is that 5G will lead a greater percentage of important data to flow through cellular networks, whereas historically they might have been flowing through Bluetooth or WiFi, for example. The carrier is regulated by a different entity than app publishers, for example.

Kelly:

That’s right.

Jake:

Can you walk me through why that matters?

Kelly:

The FCC handles information around common carriers: the cellular networks, in some cases the ISP is calling is done, the traditional phone companies. That’s with the FCC, so common carriers that actually carry traffic. That’s really important because there are different privacy rules that are put in by the FCC than are put in by the FTC.

On the FTC side, there’s the 2012 FTC Act, which is a set of guidelines. It’s primarily based on an opt-out framework, which means it’s a notice and consent. A user or a consumer in the US needs to have a notification or disclosure to understand what is happening to their data, and they need to be able to have a choice on what happens with it.

On the FCC side, there is something called CPNI, which stands for Customer Proprietary Network Information. On CPNI, CPNI data cannot be released without the explicit consent of users.

If you don’t opt out, or if the user doesn’t do anything – they read the disclosure, they do nothing else, they don’t read the disclosure, you can assume consent. That is mostly what the guidelines around the FTC are. On the FCC side, around CPNI, a lot of the data components, especially like location, have to get a user or a consumer consent to be able to use that data. Both of them are personal data within the constructs of the law and how personal data is defined, or PII data here in the US, but they’re regulated very differently based on where they’re collected from.

Jake:

Is the definition of personal data the same insofar as it relates to FCC and FTC? Is there one definition that covers both, or do both define it in their own way?

Kelly:

It’s similar. On a federal level, the personal data definitions between the FCC and the FTC are similar. They go down to the identification of a person, and there are specific attributes that identify the person. Personal data in the US is more known as PII, or Personally Identifying Information.

Jake:

So all else equal, the same data point flowing through the servers of a publisher are going to have lighter privacy restrictions than the same data point flowing through a cellular network.

Kelly:

That would be correct.

Jake:

That begs the question about the data that goes to an app. Let’s say I have a Fit Bit today and it runs by Bluetooth to the app, and then in the future I’ve a Fit Bit and it runs by 5G, there’s a whole other layer there. Is there any difference, the fact that the data is running through a cellular network instead of Bluetooth or an inside-the-home WiFi network?

Kelly:

Yeah, I think that’s going to be a big factor. Wearables, I think, are going to be one of the big benefactors of 5G. I think you’re right. Instead of doing Bluetooth, which has its limitations around how far you can be away from the Bluetooth source and what kind of data and what kind of real-time analytics you can actually get back from that data. Being able to have 5G where real-time analytics is a really valid concept now, it will actually be very good use case for bio-metric data. But bio-metric data in and of itself is an issue. I think this is one of the challenges around 5G is that it will probably change the classification of a lot of the data that is going through.

Absolutely, the app provider is going to be able to get the data off, but they’re going to have to change some of the regulations that they are compliant with today. Today, where some of the data may be very anonymized, and they have a way in the US to make that data anonymized on the application, because there are some limited capabilities around Bluetooth, they’ll be able to get some instantaneous feedback about how you’re doing, maybe how you’re heart’s doing, or a diabetic pump, or something like that. That’s real bio-metric data that may become subject to things like HIPPA laws, which maybe before it hasn’t, because it wasn’t that kind of complete picture of what somebody actually is medical doing.

There might be a lot of interesting information about that, too, where some of the data may be classified as personal data, or even some non-personal data, depending on how they anonymized it, where that data will become sensitive personal data, which actually has different regulation.

Jake:

Because the power of 5G is so much greater than other methods of getting between a device and an app, that higher level of precision about data is getting through to the app and therefore it might qualify for a higher stringency of privacy regulation?

Kelly:

Yeah, because bio-metric data has a lot of that sensitivity around that sensitive data. I think it just doesn’t have to do with the granularity of data, but they’re going to be doing it real time. Giving real-time feedback on maybe what one of your wearables say, and it may be the Fit Bit kind of application where it’s your heart rate or something, or it may be something like a diabetic pump or a hydrocortizone pump, or something like that for people with adrenal insufficiency. That is real medical data that will be given just instantaneous feedback loop to be able to get analytics real-time to let medical professionals or yourself know how you’re doing and what you have to do from here around some real medical diagnoses, diseases and concerns like that.

Jake:

When you talk about real-time nature of providing real-time feedback, it reminds me that 5G will bring about more of a shift from deterministic data to AI. Today, the marketing industry has been trained for years to think of deterministic as better than probabilistic. But in the marketing industry, that word is being misused in that what we call deterministic just means I as an entity didn’t change it from its source. Today, the whole ad ecosystem is built up from these big deterministic data sets on centralized servers potentially thousands of miles away. But in a 5G world, if it’s really immediate and automatic, you really don’t have that much time to check against the centralized server. Also, data inputs in AI models will be way better because there will be way more wearables and sensors out on the market that are feeding in real-time data.

Kelly:

That’s right.

Jake:

My question is a couple things. Number one, is that what you’re talking about; moving to real-time feedback and real-time decision-making? What are the privacy implications of comparing a world where you store up deterministic data: you check in against it, matching deterministically, versus a world where you’re making the best decisions you can with the data you have at the moment?

Kelly:

Yeah, absolutely. It’s sort of like today, if you’re in the market for a car and you do a lot of research around the car, you end up with that auto segment. Then you buy a car and you still get the ads for six months. That happens today, right. So this instantaneous AI information actually is better in this case. This probabilistic model where someone spent 90 minutes in a dealership, and then drove off, where other times they had spent 20 minutes or 25 minutes. Could you say they bought a car doing the 90 minutes, so we’re going to give them ads for a couple of days and then stop. They’re not shopping for an auto. Not many people buy two cars in a week.

I absolutely agree. I think some of the privacy considerations with real-time data is just what you said earlier, that is really getting down to what somebody is doing, where they’re at, what they’re doing.

Sometimes in privacy, there are certain identifiers that may be considered personal data, or PII, and you’re like, “Well, you can’t really tell who the person is or what they’re doing because the data is aggregated historically.” But it’s still considered personal data even though it is really difficult to find out who that is. When you’re talking about instantaneous data coming through and a feedback loop of what they should do next coming back, you’re talking about really knowing what somebody is doing and maybe even being able to more accurately identify them, especially considering the location implications of 5G.

Jake:

If on one hand I’m collecting a lot of information over a long period of time about a specific device ID or ad ID, that, to me, feels like I could argue more of a privacy infringement than just making do with the best I’ve got at the time, even if the inputs are more specific or precise. In the new world, I don’t check it up against the ad ID. It doesn’t help me. Knowing what the ad ID doesn’t tell me anything. Each data point is more precise but you’re not aggregating it up to learn about any individual; you’re just making the best decision you can on the fly.

Kelly:

If somebody has a wearable, and they have a one-month graph of what they’ve done and they pull up that month, all of that data had to be indexed to some kind of single identifier to bring up a one-month history. Even if those analytics come in real time and maybe they don’t store it, it’s still had to somehow route to a single index to be able to aggregate those events out.

Persistent identifiers, there are examples of it that the FTC has given us, but there has not been a lot of details around it except like fixed IP address. If what you’re talking about is true, especially on a wearable, I think that would very much have the potential of being a persistent identifier or classified one. But if we’re talking about medical data, we could be talking about a patient account number, that could be rolled up. Especially if it’s a medical professional that had given them a wearable to track it, that clearly fits under the entire HIPPA. The data that is given is used to treat something.

Jake:

I know we’re going deep on this, but I think it’s an important point. What if the identifier is only used to match multiple inputs to the same person.

Kelly:

That may be considered anonymized or pseudo-anonymized data. If there is one identifier that all the events from a certain individual relate to, that could be considered a persistent identifier.

Jake:

With more data running through carrier pipes, is the carrier going to be the ultimate collector, maybe even the keeper, of customer data?

Kelly:

What I think about when I look at network data is termination points, end points, IP addresses that were captured, cell towers that were passed, the events that were tied together maybe on multiple cell towers, what the connected journey was for that users. That’s what I think about on the network data. When I think about the application level data, I think of actually what the user did on the app, or what results the app got out of what the user did, more of that business-level data.

I think you’re correct as far as a validation source being more of the carrier because the carrier is more of a neutral network, where it’s allowing access to multiple apps. A user may be using multiple apps at the same time, or very close together. They may have a maps application open and they minimize that and then start looking at their Slack, and then close that and then look at a different app, like Weather.com. There may be multiple apps that are done simultaneously, and each one of those publishers is going to capture data that is specific to their apps to get a picture of what the user’s doing.

On the network side of it, we’re just talking about the connectivity that made it all happen. Say a location is sent across on an app, that location may or may not be accurate based on what point that location was captures. It may be that the app didn’t update. That happens to me on maps all the time. It doesn’t know where I am. It may give a different result than what it is. On the network side, that device to that cell ID is, what they say, “good as gospel.” That’s a pretty defined term of where that user was, where the app may not be the most accurate picture of where the user was, because that’s more of a network detail. What cell were you on, where did you get connected, versus the application which is more concerned about the business data they’re getting based on what that application does.

Jake:

To clarify, the carrier has access to network level data, which doesn’t include what specifically was going on in the app, but would include that the app was being used at that time.

Kelly:

That’s correct.

Jake:

Do you see this network-level data becoming more valuable in the future if folks might use 5G for their broadband at home, or if peripheral devices like Apple Watches and Fit Bits and sensors of the future that might be in your car or in your clothes are running through the 5G network? Can you envision this network-level data the carriers have access to being more central to the industry, more important, more highly visible?

Kelly:

I think yeah, it’s going to be really important because it’s going to be more of an accurate picture of where the user went and what they did. It will just not include a lot of the business-level, like if I looked at five different locations on a Weather.com app. It’s not going to include every location that I looked up. But it would be accurate of where I was when I was on it, where Weather.com may not have the most accurate location.

I do think it will be important, especially when we talk about location, not just for where you are, but the cell you’re being served off of, especially in a 5G world where you may move cell to cell very seamlessly. Because we’re not driving large distances anymore, we’re just walking across the street where we may have connected to one main tower and where you also may have a lot of small cell towers.

Jake:

Let’s talk about the carrier as a connector. Users have three or four devices today, maybe. What if in the future they have 30 devices? Is the carrier the only way to link those together? That’s where I’m going with this. Today, they’re linked together through probabilistic modeling methods. For probabilistic modeling is not going to work in a 30-device world.

Kelly:

That would be an interesting device graph, right?

Jake:

Will the carrier be the linking entity for all these different devices? Is that information itself highly valuable, and what would regulations look like for that kind of data? That’s what I’m trying to get at.

Kelly:

Are we talking about one or many carriers? If you have multiple apps and you’re going through multiple small cell towers, they may not all be serviced by the same wireless operator. You may have AT&T, and T-Mobile and MetroPCS, whoever it may be. You may be talking about multiple carriers to string together that picture. The device map would be really interesting because you would have to find a common cookie or something that would be able to tie them together.

One of the advantages is being able to have this always on internet that’s really fast regardless of where you’re standing. But where you’re standing may not be served by your carrier, or they may not be the fastest connection where you’re standing, or they may not have the presence that some other carriers have in that area. You would have to picture that together. If a device like some kind of Fit Bit or wearable is tuned to one carrier, you might be losing the benefit of 5G, right?

Jake:

Right, because it’s got to go through one network to get to the server of Fit Bit, and then it’s got to go through the backbone to get to the other carrier.

Kelly:

It really changes the value, right?

Jake:

We’ve spoken before about the likelihood that 5G will lead to a lot more and potentially more valuable data running through carrier pipes than has existed before. Which begs the question: do you consider carriers to be better or worse stewards of consumer privacy than app publishers, for example?

Kelly:

I would say that carriers overall are definitely better stewards, just because they’ve had regulations very earlier – the Telecommunications Act of 1996. CPNI was part of that Telecommunications Act way back, early for privacy law. They’ve been a very regulated industry. They’ve gotten used to adapting to those regulatory frameworks. We do talk about privacy now, but telecommunications have had privacy for a really long time.

App providers have NOT had regulation for a long time. They used to be basically unregulated. Now they’re trying to conform to the regulation that is coming down the pipe, and it’s very new to them. They’re having to go out and get data protection officers and chief privacy officers to be able to comply with regulation. I think you’ll find that [carriers] are better stewards because they’re just better at it because they’ve built their entire infrastructure around that.

Jake:

Even from my own personal experience, because I worked at AT&T for eight years. I remember, I looked at deals to use AT&T data and I had to turn them all down because the talk internally was it just was not worth it.

Kelly:

CPNI.

Jake:

Because you have way more to lose.

Kelly:

That’s right. And they have a big relationship with that user and expanding on that relationship has been part of their business model for a long time.

Jake:

We’ve talked about more devices connecting to 5G. Devices that today might use Bluetooth or WiFi might use 5G in the future. What does that mean for security? If a device is connecting to 5G that might have been connecting to your home WiFi router previously, are you sacrificing security on that changeover.

Kelly:

I can see where that would be a challenge if we were eliminating that router layer and going right to that wireless network. You would still have to have authentication and home encryption and home network rules that you need to conduct those services within, not just your device, but your families devices like you do today. I also think there’s a lot of vulnerabilities in some of the network function virtualization that’s going to have to happen to be able to accommodate some of those securities or the software-defined networks that may be produced by 5G. I feel like there’s a lot more components that have to fit together when you’re taking away that localized stop-gate.

Jake:

On average, a lot of devices will be smaller and lighter and simply than on 4G because of that latency enabling the computing power to be removed from the device and put into the cloud. VR headsets for example, or even phones might last a lot longer because they don’t have to do as much of the computing on the device itself. We talked about, there will also be way more devices than there are today. What are the impacts of that on security?

Kelly:

With cloud, there are certainly security standards that are required for cloud providers, because we’re talking about removing that layer from the device to a cloud-based application. What can bad actors do and what kind of access can they get? What kind of authentication is there? If we’re talking about wide-scale devices all being carried in the cloud, we’ve seen a lot of data breaches in the last couple of years in the cloud with enterprises that use cloud technologies. You’re probably heard the saying that your security strategy is only good for about fifteen minutes because someone will figure out how to get beyond that.

All of the traffic is encrypted; that’s one thing that changed in 4G and 5G. All of the traffic will be encrypted where, necessarily, on 2G and 3G it was not all encrypted. Data was infrequently encrypted then. The encryption things are better, but we’re talking about access to the various applications and the cloud services. There’s just a lot of entry points there, where you have to have that authentication and that handshake to be able to have a secure connection. Because you’re going to have so many devices uploading and keeping very key data in the cloud, think about the number of points of failure you could be potentially have with those scenarios and those extraneous variables. It could get out of control really quickly.

Jake:

  1. A) There’s more personal data. B) It’s a more disperse network with more points of potential failure. These are some of the things to be concerned about in a 5G world.

Kelly:

Privacy and security live in the same house, they are just not the same person.

Security, we’re talking about the encryption and the authentication standards. What authentication keys you use and what encryption keys you use and being able to hash data. That’s what we’re talking about with security. The problem is, there’s data in motion and there’s data at rest. You have data in motion that’s encrypted that doesn’t necessarily keep safe the data at rest. If security is breached and a whole lot of readable data, or data that’s downloaded that isn’t readable but someone figures out the key to some level of encryption that they have. Or they figure out the patterns that we used to encrypt that data.

Where privacy comes into play, it’s like, what do I personally want told about myself to the user. It’s more about who I am and what I want to do.

Security is about, once I give you that permission to collect this or you have to collect this because I signed up for this service, are you going to ensure that my data is not going to get where it’s not supposed to be.

Jake:

The nature of connections in a 5G world create issues both on a privacy front and on a security front.

Kelly:

Yeah. So a security breach is a privacy breach.

Jake:

Because Europe and the US have different privacy frameworks in place, how will 5G impact the two regions differently because of those frameworks?

Kelly:

That’s a good question, Jake. I think there’s a big challenge with 5G in Europe over the US. We were talking before about regulation in the US where it is mostly “notice and consent,” the opt-out framework is the primary framework of regulation on a federal level in the US around privacy law. In Europe, that’s very different. Consent, very explicit consent, it’s actually called “informed explicit consent” has to be given for each use of the data. When we’re talking about giving consent one time and just using the data, that’ going to be a challenge. Each one of those data and each purpose of data has to have its own consent. The consent itself has to be written on a very basic, human level. It cannot be a complicated legal document.

As we’ve been talking about with 5G, there’s a lot of uses of data, and a lot of business models that will be evolving. With GDPR, they’re going to have to give consent for every single one of those uses of personal data. Where we have PII here and we have precise and non-precise geographic location, like we talked about, that is not the case in Europe. Any following of movement of the device or the data subject that has the device is considered tracking that individual, whether that’s precise or non-precise, it doesn’t matter. They don’t have those designations in Europe.

As you can imagine, all these small cell towers, location is very accurate. Different applications want to use data differently, they want to offer new services to the customer. They want to give value-added services to the customer. The problem is, every single one of those is going to require a very elementary, basic consent from the user. As you can imagine, that could complicate the user experience as well.

Jake:

What’s happened to data and programmatic vendors in Europe as a result of GDPR?

Kelly:

There was a lot of doom and gloom before it, a lot of hype. Honestly, there aren’t as many third-party data suppliers in the marketplace anymore, especially in Europe. Especially those that did clearinghouses of multiple sources maybe couldn’t track consent or didn’t have the ability to get consent, aren’t in the marketplace anymore. Maybe not just because they couldn’t get compliant, but because the advertisers and the brands are getting very smart about doing due diligence on their vendors and the data that’s being used to process their campaigns.

I think a lot of the programmatic vendors took the laws really seriously. The whole IEB transparency and consent framework was formed. If you look at it, almost every single player in the ecosystem is on that list and is committed to that framework. High numbers of traffic are getting consent. I say that though, with a caveat; we still come across, and I know other vendors still come across those who aren’t compliant, or even say they are compliant and even put it in their literature, when in fact, they’re not. Being GDPR compliant is a huge undertaking.

The message is that the doom and gloom isn’t as bad. We’re seeing a lot of traffic come back. A lot of the vendors that maybe weren’t ready as of May now have made some focused efforts and projects to be able to make themselves. I think the ending is, we need to continue to see these due diligence and I think the advertisers and the brands need to continue to keep the foot on the pedal of making sure that their vendors are compliant.

Jake:

Last question. What do you think we’ve learned that we can extrapolate to the upcoming California privacy law and the potential for future, more stringent privacy laws in the United States?

Kelly:

Let me address first the CCPA, the California Consumer Privacy Act. That is going into implementation January of 2020. It only overlaps in an area with GDPR when we’re talking about user rights. Outside of that, it is still an opt-out framework. It’s still a “notification and consent” where you have to give a consumer the information of what they’re doing with your data, and how they’re going to use that data, and you have to give them the option to consent with it or not consent. CCPA actually gives another layer of that which says, “You may use my data, but you may not sell it to anybody else.” That’s actually very new for any state or federal law for the US.

In addition, it beefs up a lot of consumer rights. It gives California residents very similar consumer rights as we see in the GDPR in the European law. I think in California, I see things like, you can request your data. You can add, you can move, you can change it, you can port it. Those things are good policy and a lot of companies do it anyway, but it hasn’t been defined in law the way it is here. You can tell me what you’ve done with my data over the last four months or the last year. What have you done with my data? That’s very new for US law.

One of the challenges of the CCPA is that it is centered on California only. You have a lot of multi-state US-based companies that have presence in all states. They may not necessarily be ready to follow these rules nationally or may not be set up. Do they set it up all over the US, or do they just center it on California. In some cases, you don’t know who your California customers are; there is no identifier saying “This customer’s in California,” or “I collected this data in California.” That’s kind of a challenge on how you give disparate operational process to data within California or data for the rest of the US.

There are more privacy laws coming in the state of Washington, where I live. There’s a privacy law being debated right now in the legislature. We have a federal law that is, right now, in discussion in committee. There are also several regional laws, like Chicago and Seattle where very small city privacy laws are being implemented. Which is a challenge for these large-scale US providers.

Jake:

Kelly, thanks so much for joining us again.

On our journey to the 5G world, privacy will shape the way we get there, and as marketers, what we can do within the boundaries of the privacy box. There are five key takeaways regarding privacy and 5G.

  1. From a privacy standpoint, 5G is a more compelling proposition for consumers and marketers in the US than it is abroad. The US approaches privacy very differently than do European countries. GDPR will make it even more difficult for European marketers to gain the benefits of consume data when users switch to 5G. The opt-in requirement of GDPR will have significant implications on 5G experiences and make a mobile lifestyle more cumbersome for consumers. 
  2. While our podcast focuses on the US market, it is important for US marketers to understand that the nature of privacy regulation in this country are fundamentally different. In most cases, the emerging privacy laws, like CCPA, are still based on a framework of disclosure and opting out. They aim to improve consumer choices and control of data, things like deleting and correcting data. it’s one of the reasons 5G is moving ahead more quickly in the US than it is in Europe. However, marketers should expect to learn about existing policies that haven’t been applicable before. 
  3. All of the new devices or experiences, enable or enhanced by 5G, whether they’re in the home, wearable, extended reality or sensors out in the world, will expand the amount of data and data inputs and fuel much more advanced data models. But they will also impact the type of data making its way into the cellular network, for instance, bio-metric data. That data is considered personal and sensitive. There are already privacy laws, like HIPPA, that apply to data related to health and medical devices. All of a sudden, folks in the marketing world may need to get familiar with those types of laws. The speed and precision of 5G are likely to lead to additional policy impacts. Here’s an example. Today, the accuracy of location data at a cell tower level is considered non-precise geo-location information. it’s commonly based on the radius of a mile, so it’s viewed as non-personal data. With 5G, the accuracy range could be within a couple of feed of the individual. That new level of precision may mean that marketers may need to treat it as personal data, and that has significant policy implications.
  4. Carriers are going to play a really important role in the world of privacy. Because of the difference of consent requirements, as compared with Europe, US carriers are going to become a central point of consent and a single point of contact for a variety of data use cases. Across the entire ecosystem, we’ll all be looking to them to be responsible stewards of data and privacy.
  5. 5G is new terrain. Advertising is the world’s most creative industry. It won’t take long for marketers to develop creative, engaging ways to take advantage of all the new capabilities of 5G. Expect a number of them to spur all kinds of new questions around data categorization and privacy policy.

Thanks for joining us.

The FIVE podcast is presented by Ericsson Emodo and the Emodo Institute and features original music by Diaphonic and the Small Town Symphonette. This episode was produced by Robert Haskitt, Adam Kapel, and me. I’m Jake Moskowitz.