| |
| META TOPICPARENT | name="FirstEssay" |
|---|
Tracing Data Privacy and How to Realize It | |
<
< | -- By AndrewTaub - 09 Nov 2017 | >
> | -- By AndrewTaub - 16 Jan 2018 | | | | |
<
< | Defining Data and Privacy | >
> | Introduction | | | | |
<
< |
Data is defined as “facts, information, and statistics collected together for reference or analysis.” The origin of the word data is from the Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given.” This connotes a sense of belonging and that the information transferred is given to someone by someone else, suggesting that there is a degree of ownership of that information and a choice that is exercised as to whether to give or share that information. Privacy is defined as “the state of being alone and not watched or disturbed by other people or the state of being free or away from public attention.” It is also defined as “freedom from unauthorized intrusion and the state of being able to keep certain especially personal matters to oneself.” Both underlying definitions of data and privacy independently have similarities. Based on data’s origin, the word implies that there is possession involved in terms of who owns the facts or information that are being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that state. By combining these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual. | >
> |
Data privacy continues to be misunderstood as protecting the individual rather than the data. Defining and understanding this distinction is key to positioning how to counteract private power’s rise and to control one’s data privacy. Public law has been increasingly pushed out by private power from the process of regulating how and what happens when behavior data is collected. Specifically, companies generating data and operating closed platforms have amassed such private power by controlling the data and consent arrangement with its users. Ultimately, should users want to restore the privacy of their data and not be at the mercy of companies’ growing private power, they must operate and control their activity on the internet by owning their data infrastructure, both hardware and software. | | | | |
<
< | Terming Data Privacy | >
> | Recognizing What Data Privacy Serves to Protect | | | | |
<
< |
Data privacy as a term began to appear in written texts in the United States in the late 1950s. Specifically, in 1959, the National Bureau of Standards (NSB) published a monograph in which the term was defined: “Data privacy is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize (e.g., other individuals, organizations, agencies, or groups).” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time. By pairing these words, the term data privacy closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected. | >
> |
Where could a misinterpretation stem from for thinking that data privacy protects the individual? The origin of the word data (Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given”) implies there is possession involved in terms of who owns the facts or information being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that. Given these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual, as one who decides to give information and to protect that personal state. But as a term, data privacy “is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize.” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time in 1958. The term closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected. | | | | |
<
< | The Problem Created | >
> | Amassing Private Power through Control of Data | | |
In theory, it seems that data privacy should be about the individual, but in reality, it is about the protection of data on computer systems. This distinction is necessary because data protection is operated by who ultimately has power. That would be who owns the computer system, where it and the data stored are located, and most importantly, who collects, controls, and owns the data. As Yochai Benkler states, over the past ten years, there has been a shift to higher level systems (e.g., Facebook, Google, Apple, Amazon) in which there exists no core organizing structure for how to build new or integrate existing systems. The shift has been away from building frameworks and software of openness, and there are no public standards for data portability nor legal requirements for interoperability. | |
<
< | Why Does That Matter? | >
> | Public Law Ousted | | | | |
<
< |
This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest. | >
> |
This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest. Other forms of growing and isolated private power exist, beyond just in terms of data privacy and behavior data collection. One example is in real estate. Short-term rental platforms such as Airbnb and HomeAway? have been skirting local housing laws. By working directly with the homeowners, these companies were avoiding hotel or tourist taxes in many cities. In this case, regulatory authorities have intervened to enforce tax payments, issue fines, or enact new legislation. Another example is in biotechnology. From 23andMe, which sells personal genome tests directly to consumers, to Theranos, which is developing blood testing machines, both companies leveraged their fast rise, substantial financing, and, importantly, by owning their infrastructure, development process, and close relationship to customers, to outmaneuver components of regulatory approval. In both cases, authorities intervened to enforce the required revisions for compliance, including an investigation for Theranos. | | | What Next? | |
<
< |
If a user consents to engage with a behavior collection system, then that user should expect no privacy on that platform. What is the alternative? To see past the convenience and attractiveness of closed platforms and their services and to “demand that the physiology of the machine work for the human” (Moglen). The individual must exercise the right to privacy not by negotiating with the no-exit platforms for protection that will never exist, but rather returning to an open architecture in which the individual’s freedom lies in the infrastructure itself and which allows users to reestablish ownership and the discretion of where, when, and whom to share their data. Indeed, only then, through the user’s choice and act to take ownership of activity in the digital/cyber realm will a true sense of freedom be achieved and data privacy realized for the individual. | >
> |
How can public law reassert regulatory oversight over system providers that collect behavior data? One example is the EU’s GDPR in which one of the three main elements is to strengthen the conditions of consent between the company and the data subject by requiring that companies be unable to have lengthy, illegible terms and conditions that consist of legalese and that the request for consent must be delivered in an easily understandable form with plain language and the consent must be as easy to withdraw consent as it is to give it. This is an attempt to restore the individual’s ability to exercise rights when engaging with a closed platform functioning as a behavior collection system. Ultimately though, to achieve real data privacy, the individual must take control over any activity on the internet to restore greater freedom. One example is to own a piece of the network to possess the infrastructure itself. While perhaps not as convenient or attractive to operate this as a self-service, applying this resistance restates the right and discretion of where, when, and whom users intend to share their data, an act that can reposition power, and the true sense of data privacy, back to the individual.
| | |
|
|