The Missing Focus on User Privacy Issues
by Ken Dulaney
The constant drumbeat about protecting one’s privacy solves only part of the problem if it solves any of the issues at all. The act by individuals trying to protect their privacy is a futile act of searching out where one’s data is stored, removing it, and moving on to the next source. Meanwhile, interconnectivity and sharing agreements among parties that the individual may never know exists moves and proliferates data at light speed.
For a small fee, it is possible to find out unimaginable details about everyone including former places of residence, criminal charges, credit scores, etc. What is generally well protected are one’s financial records given a relationship with a credible institution. But beyond that, the sky’s the limit. Privacy is lost, your data is collected, get over it. And if you are postmillennial, your digital footprint will mirror your lifetime.
The Spread of Data and an Individual’s Permissions for the Use of Such Data are Unknowable
The bigger issue is what actions can be conducted with an individual’s data. Most systems have long legal documents that are supposed to be read by the user prior to downloading and activating an application. However, few users read them. It may be that during one’s lifetime an individual may have made commitments to hundreds of thousands of pages of legally binding agreements for which they have little understanding of their consequences.
Standards like OAuth permit the interlinking of systems for the transfer of information. The concept of “Six Degrees of Separation” applies to the spread of personal information just as it does with human connectivity. Individuals may be connected to entities they may despise. And even if one knows linkages at any point in time, data repositories are bought and sold constantly. There is no requirement to acknowledge such transfers.
Its More About What Entities Can Do with Your Personal Information
As we have seen in recent political cases in the United States, if an individual is challenged in court, millions of pieces of data can be collected. The electronic tools to collect and analyze such data are incredibly effective. While the immediate rationale for collecting the data may not bring forth charges, historical data could reveal heretofore unknown issues that lead to prosecutorial action. In non-democratic societies, the implications for the individual can be far more severe.
What is needed are more laws that protect the use of the individual’s data, assuming that we cannot stop its collection and dissemination. Time ranges must be specified for collecting data. There should be an indemnity for non-violent past acts that fall outside such time boundaries. The use of data should be solely focused on the case at hand.
Some may say that this permits criminals to go free. Yes, it can. But there is no other recourse given we want to enjoy the benefits of the digital lifestyle but also do not want to suffer consequences from the inherent storage of our information. We cannot expect all to be saints; I am sure many would admit that somewhere in their background there would be at least a small indiscretion that has been forgiven due to the passage of time. But do we want the revelation of that indiscretion to be used as blackmail?
The collection and storage of vast amounts of information about individuals worldwide is a fact of the 21st century and beyond life. There is little one can do to prevent it even by limiting participation in social media. Life has become digital, both directly and indirectly. Everyone today has a digital footprint. Disclosure laws may comfort some but will be proven to be largely ineffective. Data will be distributed across international repositories governed by differing laws.
What is desperately needed are new laws that govern the use of personal digital information. Short term we must protect the use of such data during such actions that act against the wishes of the individual (e.g. court cases). Entities may not bring forth the entire personal data portfolio in search of a crime. Corpus delicti laws should be followed, namely that a crime must be proven before data is collected. Longer term, personal data needs to be formally owned by the individual and “loaned” to any party storing it. This means that the user has a “digital leash” to each personal data element. This should permit the individual to remove that data without the intervention of the hosting entity.