Data Privacy, Control, Transparency, and Regulation

I’ve writ­ten about pri­va­cy and per­son­al data a few times before, and my con­clu­sion gen­er­al­ly remains the same: our data has val­ue, and we should be able to ben­e­fit from the use of it, but we must be pro­vid­ed with con­trol and trans­paren­cy, backed up by strong reg­u­la­tion.

Per­ti­nent to this, I was inter­est­ed to read The Future Is Data Integri­ty, Not Con­fi­den­tial­i­ty. This is an extract from a talk by Toomas Hen­drik Ilves, Pres­i­dent of Esto­nia, where they’re cre­at­ing a dig­i­tal soci­ety. In this talk he says:

We have a law that says you own your own data. And you can see who has tried to access your data.”

And in What Hap­pens Next Will Amaze You, the lat­est in a long line of excel­lent talks/essays by Maciej Cegłows­ki, he lays out six fix­es for the bust­ed inter­net pow­er mod­el (where users are some­where near the bot­tom). These fix­es include:

You should have the right to down­load data that you have pro­vid­ed, or that has been col­lect­ed by observ­ing your behav­ior, in a usable elec­tron­ic for­mat.

You should have the right to com­plete­ly remove [your] account and all asso­ci­at­ed per­son­al infor­ma­tion from any online ser­vice, when­ev­er [you] want.

Com­pa­nies should only be allowed to store behav­ioral data for 90 days. Com­pa­nies should be pro­hib­it­ed from sell­ing or oth­er­wise shar­ing behav­ioral data.

And, per­haps most impor­tant of all, there is a require­ment for:

A legal mech­a­nism to let com­pa­nies to make enforce­able promis­es about their behav­ior.

This is exact­ly what I mean. This is what I think the future should look like: we ben­e­fit from our per­son­al and aggre­gat­ed pub­lic data, with con­trol and trans­paren­cy, backed up by strong reg­u­la­tion. Who do we talk to, to make this hap­pen?