Gain full visibility across your data landscape, find meaning in your data and improve the quality of business decisions.
Discover and download solutions and pre-built integrations for the Collibra Platform.
Get unparalleled value through the combined expertise and unique strengths of our people and technology.
See how security plays a key role in everything from how we build and deliver our platform to how we hire and train employees.
Collibra Privacy & Risk
Discover and understand data that matters so you can generate impactful insights that drive business value.
Understand your ever-growing amount of data in a way that scales with growth and change.
Show how data sets are built, aggregated, sourced and used, providing complete, end-to-end lineage visualization.
Build customer trust by operationalizing privacy policies and scaling compliance across new regulations.
Modernize your operations with a solution that is scalable, accessible and resilient: data in the cloud.
Drive digital growth and customer engagement by breaking down data silos and adding value to customer interactions.
Fuel your self-services analytics with the right data to develop unique business insights.
Innovate for the future while successfully navigating the complex web of regulations.
Transform decision making in the public sector with secure Data Intelligence that is FedRAMP Authorized.
Cloud ready data
Government and public sector
Tap into our knowledge base by connecting, sharing and learning from your peers in our Data Citizens community.
See how Collibra is helping global organizations unlock the value of their data.
Find the resources you need to accelerate time to value and fuel your growth.
Learn from the leaders in Data Intelligence through our individual courses, learning paths, and certification programs.
Data Citizens '20
Take your data strategy to the next level by arming yourself with the knowledge you need to achieve Data Intelligence.
Get advice, tips and tricks from our product experts and industry thought leaders to learn how to make your data meaningful.
Join the world’s largest virtual gathering of professionals focused on empowering businesses to deliver on strategic goals through Data Intelligence.
Check our upcoming events calendar to discover exciting opportunities to learn from our product and industry experts.
Connect the right data, insights, algorithms and people to optimize processes, increase efficiency and drive innovation.
Read our latest announcements, news coverage and thought leadership articles.
Find an opportunity to challenge and be challenged, and work with some of the most talented people in the business.
Get in touch with a member of our global team by locating an office near you, calling us or sending an email.
The importance of getting privacy by design right – and the damage that getting it wrong can do – is illustrated by a new study which looked at how 120 of the most used Android apps in Belgium handle the personal data of their users.
Breaking the personal data rules
The study – which Collibra conducted with partners at UC Berkeley and AppCensus – showed that more than one-third of the apps were transmitting personal identifiers either without users realizing they were doing so, without asking for permission, or without informing users transparently about which companies receive this data and what they intend to do with it. This is potentially in violation of the EU’s General Data Protection Regulation (GDPR).
For example, one game app in the study shared user personal information with 23 external companies in just 10 minutes. The game asks users if they are willing to share their information, but is unclear how the data will be used and makes it difficult to decline. The personal identifiers could include geolocation information, a user’s Android ad ID or information the user provided to register for the app, such as age or email address. An Android ad ID is used by advertisers to assemble profiles of user activity, and can be erased manually by users through their Android devices.
In addition, more than one-fifth of the apps tested appear to be breaking Google’s policy (in violation of GDPR) and best practices for app developers. These apps were sending out persistent identifiers, which are pieces of personal information that are very hard to erase, alongside the Android Ad ID. One example of this is the identifier associated with a mobile phone, which is called an International Mobile Equipment Identity number (IMEI). Persistent identifiers are very difficult to erase in the same way as the Android’s ad ID, and therefore behavioral information will be associated with it forever.
This study was conducted in Belgium in partnership with De Tijd, a top Belgian business newspaper, and Serge Egelman, research director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI). He also holds an appointment in the Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. Egelman’s company, AppCensus, provided the analysis of the apps in the study.
Understanding the impact
The apps caught using personal information incorrectly included a bank, a train ticket website, and the newspaper De Tijd itself. For De Tijd, the cause was an old piece of code that was still operating within its app – the newspaper promised to remedy the problem. These kinds of personal data challenges can happen within a variety of types of organizations across a range of industries.
It’s important for all organizations to be sure they are getting data privacy right. Today, organizations need to be in compliance with the growing number of data privacy rules. However, beyond that, it’s also vital to maintain the trust of the individuals who use their products and services. For the internet to thrive, society needs to be able to trust the organizations it engages with there.
An individual’s personal information about their behavior is one of the most valuable resources on the global market today. In the process of developing services which make the lives of consumers easier, organizations also gather data about individuals. While consumers welcome this, data about them is assembled into behavioral profiles which with some certainty can predict what individuals want now, tomorrow, and further into the future.
While in many circumstances consumers are happy to trade information about themselves in exchange for a more personal experience, they remain sensitive to the possibility of their personal data being misused, particularly within technologies like AI.
If consumers perceive a risk that their personal or behavioral data might not be safe or could be misused, they may not want to engage with individual organizations online. There is already evidence that this cause-and-effect can happen. Recognizing these risks, software giant Microsoft wrote in its 2018 annual report that, “If we enable or offer AI solutions that are controversial because of their impact on human rights, privacy, employment or other social issues, we may experience brand or reputational harm.”
To survive and succeed, organizations need to build and maintain the trust of their users by having strong data privacy policies supported with robust processes. As well, products and services should be created using privacy by design approaches to greatly reduce the risk of personal data being misused.
Adopting a privacy by design approach
To implement privacy by design, organizations need to integrate or “bake in” data protection into their processing activities and business practices from the design stage through the lifecycle. Proactive ways in which organizations can embed privacy by design are:
It’s vital that organizations to do everything they can to avoid the negative financial and reputational consequences of poor data privacy practices. By creating a robust privacy by design approach, organizations can greatly reduce this risk while supporting innovation and positive customer relationships.
Learn more about how Collibra Privacy & Risk supports privacy by design programs.
Pieter De Leenheer, Vicky Froyen and Serge Egelman contributed to this article.
The Collibra, UC Berkeley and AppCensus study was conducted based on data collected on August 19, 2019. It does not take into account changes or updates to the apps analyzed since that date.
Additional resources on app personal data use:
“Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale
50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
Do You Get What You Pay For? Comparing The Privacy Behaviors of Free vs. Paid Apps
Vicky Froyen is a Senior Research Scientist at Collibra Research. He holds a Ph.D. in Cognitive Science from Rutgers University. He works on privacy, cognitive science, and machine learning
© 2020 Collibra. All Rights Reserved.
A message to our Collibra community on COVID-19. Read more from our CEO.