Issues of data aggregation and de-anonymisation are hardly new, but there’s nothing like a good example to make an issue more visible – and secret US bases revealed through aggregated data from fitness trackers are about as good as it gets.
The real issue though is less such revelations and more the implications for data and privacy more generally. This article argues powerfully that to see this as an issue of individuals and clickthrough privacy policies is to miss a very important point. People can’t consent to the ways their personal data will be used and the risks that carries, because service providers don’t and can’t understand those things themselves, and so can’t explain them in a way which makes consent meaningful. That has some important data policy implications, including much stronger liability for data breaches, and keeping the amount of data captured and held to a minimum in the first place. Those are not new suggestions, of course, so as ever the real question is not how the risks could be managed better, but how incentives can be aligned to ensure that the risks are in fact managed. And that is a political and social problem, not a technical one.