Modern day Masters: Who controls your personal data?
By Anonymous | December 6, 2019
As we move towards a more automated digital universe, data is considered as ‘the new oil’. As data, the most valuable resource of digital age continues to grow in a world where every move in the digital land is recorded; global tech giants such as Facebook, Amazon and Alphabet have succeeded in making huge profits from this opportunity.
Given that the number of digital devices has grown exponentially, we have involuntarily allowed our personal data to be at the disposal of big companies. This is mainly due to the fact that devices such as our smartphones are tools that not only help us with organizing our day but also the one that we voluntarily feed with data that are private. So, it becomes impossible for us to know and control who gathers what information, where it ends up, who has ownership of it and what it is used for.
The intrusion to autonomy is taken for granted and general public is resigned to the fact that their information is collected, shared and used without their consent as a tradeoff in order to use a network tool or social media platform. So, we succumb to the fact that it’s almost impossible to prevent tracking of our information with the usage of online platforms for our day-to-day activities. However, we need to be cognizant that this may put the individual at risk, if data is used with a harmful intent.
Recently there has been several data privacy breaches like Facebook contagion experiment, Facebook–Cambridge Analytica data scandal and unauthorized street view capture by Google that raised red flags and drew attention of governments across the globe. Though tech giants have been willing to discuss data protection after seeing the inevitability, it needs to be seen how far they would go in acceding control over the data they collect. While momentum is growing for federal laws and rules on data privacy in the US, European Union has already taken the lead with enacting a comprehensive General Data Protection Regulation (GDPR) to protect its citizens and residents. The hope is that GDPR with its comprehensive framework and enforcement of severe financial and legal implications will become a gold standard for empowering people to control their personal data, however history doesn’t stand behind this expectation.
The EU has had a data-protection directive since 1995, but studies have repeatedly shown that its rights weren’t well enforced. One of the reasons this has not been successful so far is because there is a lack of understanding of the different types of personal data held by these companies. We can classify personal data into three types:
- Data that is fully shared by the user consciously,
- Data collected automatically when the user uses a platform or a device to access an application,
- Data that is generated, predicted or modeled from user behavior based on piecing together different data sources.
While most of us are mindful of data that’s shared consciously, only some may be cognizant of data that’s collected automatically and most wouldn’t be even aware of such predicted data existing about oneself. Hence, this lack of awareness makes it difficult to enforce control even with stringent regulations like GDPR.
Rather than feeling vulnerable and just relying on regulations to protect and control your own data, there is a whole new approach to digital identity called self-sovereign identity (SSI) that’s evolving currently. With this approach, individuals and/or companies are able to manage their own data and thus decide which data should be shared with whom, when and for how long. The idea is that you allow your data to be accessed, but you never actually give it away. Enabled by blockchain technologies, a SSI solution would use a distributed ledger to establish immutable recordings of lifecycle events for globally unique decentralized identifiers (DIDs). This abolishes the need for centralized institutions/data barons to store (and capitalize on) personal data separately in their own servers. This allows you to control your own data and make specific data available to those who need them in a given context and thus allow the use of their services. However, this requires tech companies to tie up to this solution. But, this gives us a ray of hope that a true potential solution that can let you be the master of your own data is on the horizon!