The biggest conundrum about privacy is data ownership. Who owns the data and especially if it’s about yourself. EU’s GPDR puts responsibilities in place on collecting data, informing users about which data is collected and the data can be only used for the disclosed purpose. It also gives rights to users to remove and change that data when it’s erroneous. But the EU as a mostly technocratic institution side steps the biggest question and gave us a technical solution for a problem which is more broad. It’s ultimately who has ownership of personal data. To me that’s the fundamental problem about personal data. We can disclose all we want, but we also know that nobody closely reads these disclosures and ponders about the ramifications about sharing your personal data. Of course, there will be token lawsuits to prove misuse of personal data and non-compliance with GPDR, but they’re just what they are; token lawsuits. It won’t fundamentally change how we regard personal data or use it.
Without ownership of data, it’s a free-for-all party which we can try to regulate but it’ll be a moving target. There was a bit of hoopla last week about the EU trying to pass regulation which puts copyright of data collected by autonomous cars in the hands of the manufacturers. The obvious link to John Deere was made whose farming machines collect of data which is sold while mostly unavailable to the individual farmers “owning” and using their equipment.
The problem is that we’re still in the infancy of the information age and as we slowly but surely surround us with smart devices in our lives, this problem is going to creep into every aspect of our lives. Data collection is the fabric of the information age, it binds everything together. It enables powerful and better solutions, but it can as easily be abused for additional revenue by keeping it hostage.
I think the only solution is to rebase our thinking about data ownership and especially personal data. If we define ownership of personal data to be owned by the natural person who generates it, we’ve a better starting point of regulating data ownership and sharing. Since it’s mine and it becomes a virtual property we can more or less apply the same laws as we have personal property. Theft, sales, sharing and losing of personal property has been embedded in our laws for centuries. It would be a good starting point.
It’s a better starting point than regulating something which has no basis in ownership or control. It’ll be a continuous process of updated regulation to cope with the changing landscape and new uses propping up over the course of time. Even a productive regulator like the EU won’t be able to keep up.