Erste Asset Management

Information availability and data protection and their impact on society

Information availability and data protection and their impact on society
Information availability and data protection and their impact on society
Share post:

Interview with Gregor König, Head of Data Protection office

Digital providers collect loads of data in the background. They are evaluated/analysed and, more and more often, are used for personalised marketing and/or product/service offers. What is your opinion in this context? Is this beneficial for the user, or is the opposite the case? And what is data protection?

Like many things in life, targeted marketing has its pros and cons. The benefit, for example, of not receiving any personally irrelevant adverts is juxtaposed by the downside of the fact that the targeting of such an advert is only possible on the basis of detailed knowledge of the interests and proclivities of the potential customer, i.e. on the basis of profiling. While the average recipient may be aware of that, the kind, depth, and content of these profiles are usually not known to them. This is where the EU General Data Protection Regulation (GDPR), the new data protection law that came into effect in May, comes in by requiring transparency from such profiles and prescribing a basic agreement (that can also be expressed in the process of signing a contract). This way, it is up to the individual to judge whether for them, the pros outweigh the cons, or the other way around – based on the premise that I as targeted customer know the way may data are processes, and it is transparent to me.

A whole range of apps is available for free to their users. While the data of an individual user may be worth next to nothing, it is the volume that counts. What kind of data that users readily provide would you consider on the “critical” and “noncritical” side, respectively?

Here, too, transparency plays a role. When using an app, I have to be aware of what data this app uses in what way, what other functions and information it access

Gregor König

Gregor König

es, and with whom it shares these data. What has to be seen as “critical” is often a very subjective perspective, depending on the age and the technological affinity of the person in question. To this end, data protection has an objective benchmark and protects, in particular, “specific categories of personal data”, as the industry jargon expresses it. Among them are political leanings, membership of trade unions, and of particular, practical relevance, religious denomination and health data as well as biometric data. This categorisation can be used as basis to evaluate the critical nature of the data, but in practice, as just explained, the crucial aspect is with the use of what data I personally have a problem. We also have to accept that for many people, especially the younger generation, privacy and data protection play a less relevant or at least different role than the general structuring of the law suggests. For example, they record and share pulse rate and calorie consumption, divulge their preferences or activities on social networks, and accept mobility profiles for more detailed geographical measurements and directions.

In social networks, the personal, face-to-face contact is not required. What reasons do you see that make social networks so successful? Does human interaction become irrelevant, and will it be completely phased out at some point? What does that mean for society?

The easy access to information definitely has an impact on society. After all, we are talking about the information society. This happens across all levels – companies talk about Industry 4.0, in the private sphere this development is connected to the discussion of whether a private sphere or privacy still exists or whether due to our constant need for information, which at the same time is the source of new information pools, we have not already waived this (currently) basic right. I would like to see a broadly-based discussion in society here that is detached from political events. In the past years and decades, we have come to accept our role as passengers in a trend that is driven by the technological development, which tempts us with the utility of achievements in this field without participating in critical discussion. As far as social networks are concerned, for example, such a discussion nowadays would not make sense on a general basis anymore, but in an area where social networks are subject to misuse for influencing opinions.

Big Data applications make use of a large number of algorithms, i.e. processes of calculation for all sorts of problems. They are often said to be “objective”. How objective can Big Data be if these algorithms are implemented by programmers? Do you know applications where the lack of any “subjectivity” is required, i.e. applications that could solve such problems better than people and/or public bodies?

The implementation of applications by human programmers does not prevent an application from being objective – otherwise, research and scientific knowledge, based on the notion of lege artis, would never be possible. But as far as applications are concerned, Big Data, too, opens up a large bandwidth between “reasonable” and “less reasonable” as well as “socio-politically desirable” and “less socio-politically desirable” (although there is a lack of broad discussion, we do have a certain form of basic consensus on some questions). Do we want improved traffic-control systems on the streets and better telematics in our navigational devices of our car? Probably yes. Do we want single-case classification of a consumer in an insurance system in dependence on their individual lifestyle? Probably not. Do we want to be able to improve the analysis of diseases and exterminate certain disease patterns on the basis of large data volumes? Probably yes. Do we want certain individuals with a certain financial background to be able to influence democratic elections? Probably not. Legally speaking, the GDPR missed the chance to address the issue of Big Data more specifically; while the legislator wants to put data users in the position to process the data of personified information for compatible uses, the wording here is very vague (N.B. we can see discussions about the exact range of applicability in both legal and business areas) and moreover, there is a complete absence of any underlying mitigating measures.

The Chinese government plans to introduce a social credit system by 2020 for all Chinese citizens to boost the “honesty in governmental issues”. It has already been implemented on a voluntary basis and accesses various sets of data such as credit rating, criminal record etc. to establish the reputation of an individual. How do you see this development? Should the government be able to classify its citizens into “desirable” and “undesirable” citizens, and to award good behaviour and sanction bad behaviour?

Welcome to 1984. We indeed have to look at this development very critically. I also think that despite the relatively inhomogeneous political situation, in today’s Europe this would not be possible, given our basic values and also the development of legal framework in this field, i.e. in particular the GDPR and the right to privacy as laid down as basic human right. But I would not bet my life that we might not also experience such a development, albeit a watered-down version, in the coming decades on a governmental level in Europe. While the hunger for information displayed by governmental institutions is quite high at the moment in Europe, and specifically Austria, as well, we also attach a great deal of importance to such data pools remaining insular – i.e. without connections existing or being established and without any decisions-making processes with legally disadvantageous consequences stemming from such connections.

How do you see this issue in the corporate sector? Award schemes or discounts for positive behaviour vs. punishments or even exclusion from certain services?

In the corporate sector, such profiling is deemed acceptable only if it does not relate to goods or services that cover basic needs or where a monopoly exists. Apart from that, such a merit-rating system is acceptable also from a data protection point of view if it is transparent and the people affected have freedom of choice. We can already see numerous examples, especially in the insurance industry. But I think that basic products from insurance companies or banks for example should be available without profiling and its consequences. Also, the complete exclusion from a service has to be looked at critically and has to be linked to traceable, grave criteria that have been communicated clearly in advance.

Can or should ethical/moral considerations in Big Data, Artificial Intelligence, and similar applications implemented (e.g. in applications such as autopilots in the event of an accident)?

I think this is a very important point. Not only in the example you mention, how data-controlled processes should behave in cases of moral dilemma, not the least since due to speed they have more options than the human decision-making process; but even with regard to the question of whether we as society actually want a certain use of information. Do we want the outcome of democratic elections to be influenced by social networks? Do we want to legally provide governmental institutions with more and more data to fight crime at the expense of our privacy? I am not being judgemental either way, but these should be the political and societal discussions of the information age. Legal discourse alone will not suffice to answer these questions.

From the perspective of the consumer/user: does the EU General Data Protection Regulation (GDPR) have any positive effects for the user? Can the legislator actually keep up with the development in the areas of Big Data and Artificial Intelligence?

The legislator will never again be able to keep up with the technological development, especially since it keeps accelerating; to believe anything else would mean to avoid looking at the facts. The reaction of the legislator – or the specifications from other governmental institutions – necessarily has to remain on a general and technically neutral level so as to create a level playing field for technological developments. Actually, the Data Protection Regulation is doing a good job in this respect – of course, as recipient of such regulations, we despair, because the vagueness does not give us any certainty that the controlling authorities concur with our implementation say, at a company. Here, too, the mindset has to shift, away from by-the-book control to ensuring compliance with the goals of a regulation.



Forecasts are not a reliable indicator for future developments.



Legal disclaimer

This document is an advertisement. Unless indicated otherwise, source: Erste Asset Management GmbH. The language of communication of the sales offices is German and the languages of communication of the Management Company also include English.

The prospectus for UCITS funds (including any amendments) is prepared and published in accordance with the provisions of the InvFG 2011 as amended. Information for Investors pursuant to § 21 AIFMG is prepared for the alternative investment funds (AIF) administered by Erste Asset Management GmbH pursuant to the provisions of the AIFMG in conjunction with the InvFG 2011.

The currently valid versions of the prospectus, the Information for Investors pursuant to § 21 AIFMG, and the key information document can be found on the website under “Mandatory publications” and can be obtained free of charge by interested investors at the offices of the Management Company and at the offices of the depositary bank. The exact date of the most recent publication of the prospectus, the languages in which the key information document is available, and any other locations where the documents can be obtained are indicated on the website A summary of the investor rights is available in German and English on the website and can also be obtained from the Management Company.

The Management Company can decide to suspend the provisions it has taken for the sale of unit certificates in other countries in accordance with the regulatory requirements.

Note: You are about to purchase a product that may be difficult to understand. We recommend that you read the indicated fund documents before making an investment decision. In addition to the locations listed above, you can obtain these documents free of charge at the offices of the referring Sparkassen bank and the offices of Erste Bank der oesterreichischen Sparkassen AG. You can also access these documents electronically at

N.B.: The performance scenarios listed in the key information document are based on a calculation method that is specified in an EU regulation. The future market development cannot be accurately predicted. The depicted performance scenarios merely present potential earnings, but are based on the earnings in the recent past. The actual earnings may be lower than indicated. Our analyses and conclusions are general in nature and do not take into account the individual characteristics of our investors in terms of earnings, taxation, experience and knowledge, investment objective, financial position, capacity for loss, and risk tolerance.

Please note: Past performance is not a reliable indicator of the future performance of a fund. Investments in securities entail risks in addition to the opportunities presented here. The value of units and their earnings can rise and fall. Changes in exchange rates can also have a positive or negative effect on the value of an investment. For this reason, you may receive less than your originally invested amount when you redeem your units. Persons who are interested in purchasing units in investment funds are advised to read the current fund prospectus(es) and the Information for Investors pursuant to § 21 AIFMG, especially the risk notices they contain, before making an investment decision. If the fund currency is different than the investor’s home currency, changes in the relevant exchange rate can positively or negatively influence the value of the investment and the amount of the costs associated with the fund in the home currency.

We are not permitted to directly or indirectly offer, sell, transfer, or deliver this financial product to natural or legal persons whose place of residence or domicile is located in a country where this is legally prohibited. In this case, we may not provide any product information, either.

Please consult the corresponding information in the fund prospectus and the Information for Investors pursuant to § 21 AIFMG for restrictions on the sale of the fund to American or Russian citizens.

It is expressly noted that this communication does not provide any investment recommendations, but only expresses our current market assessment. Thus, this communication is not a substitute for investment advice, does not take into account the legal regulations aimed at promoting the independence of financial analyses, and is not subject to a prohibition on trading following the distribution of financial analyses.

This document does not represent a sales activity of the Management Company and therefore may not be construed as an offer for the purchase or sale of financial or investment instruments.

Erste Asset Management GmbH is affiliated with the referring Sparkassen banks and Erste Bank.

Please also read the “Information about us and our securities services” published by your bank.

Subject to misprints and errors.