The European Parliament today cemented the strong support previously given at committee level to the European Commission’s data protection reform (MEMO/13/923 and MEMO/14/60) …
The data protection reform will ensure more effective control of people over their personal data, and make it easier for businesses to operate and innovate in the EU’s Single Market.
One small problem… Living up to this directive is nigh on impossible.
There are four basic tenets of this legislation:
The new rules will put citizens back in control of their data, notably through:
A right to be forgotten: When you no longer want your data to be processed and there are no legitimate grounds for retaining it, the data will be deleted. This is about empowering individuals, not about erasing past events or restricting freedom of the press.
Easier access to your own data: A right to data portability will make it easier for you to transfer your personal data between service providers.
Putting you in control: When your consent is required to process your data, you must be asked to give it explicitly. It cannot be assumed. Saying nothing is not the same thing as saying yes. Businesses and organisations will also need to inform you without undue delay about data breaches that could adversely affect you.
Data protection first, not an afterthought: ‘Privacy by design’ and ‘privacy by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm – for example on social networks.
I agree that ‘privacy by design’ is a good idea, but I find the other statements, while sociologically correct, impractical to the point of impossibility. This is purely a technical opinion.
Right to be Forgotten
In order to forget you, I have to know where you are in my systems. We’ve been trying for half a century to do that just to sell you more stuff. We have not been successful. Aside from the data silo dilemma faced by every business intelligence and digital analytics professional, there’s a small matter of data acting like water, seeping through even the smallest of cracks… intentionally.
In January, Mark Gibbs wrote a compelling series of blogs for Pneuron about Dark Data: The Mysterious Force that Holds the Corporate Universe Together. In in, he reveals,
… The total amount of data in every organization is far, far greater than anyone including, most crucially, their Information Technology group knows about. Moreover this "missing" data that can’t be seen and currently can’t be made use of is also the very stuff that holds the organization together. This is what we call "Dark Data."
Consider how an enterprise-sized organization might tap API’s, pull data cubes and create spreadsheets. The result is an incalculable number of ‘places’ somebody’s preferences for blue widgets over green widgets might end up.
Claiming that we can unhook Personally Identifiable Information from these records assumes the ability to find these records in the first place and discounts the ease with which Big Data practices can re-personalize that data. It only takes a handful of variables to make highly confident guesses that this is the John Doe with a green pickup truck, a loyalty card at the local home improvement center, a penchant for cowboy westerns, a subscription to Time, Sports Illustrated and Scientific American, and is a member of the National Restaurant Association, the Brewers Association and the International Association of Chiefs of Police… in Brimfield Ohio.
Bottom line: You are unforgettable.
Easier Access to Your Own Data
You want to take all of the data I have about you and give it to my competitor? First, I’m sorry but I can’t find your data in my systems on a good day.
Second, there’s the overwhelming power of international lobbyists. If you believe multinational corporations are going to simply agree to let their data go, you need to re-watch Network from 1976. Especially this scene where Ned Beatty tells Peter Finch:
There are no nations. There are no peoples. There is only one holistic system of systems! One vast and immane, interwoven, interacting, multi-variant, multinational dominion of dollars!
We no longer live in a world of nations and ideologies, Mr. Beale. The world is a college of corporations, inexorably determined by the immutable bylaws of business. The world is a business. It has been since man crawled out of the slime.
Putting You in Control
Asking the public’s consent for specific uses of their data assumes the ability to foresee the future. If "data is the new oil," the European Parliament is asking everybody in the petroleum supply chain to envision every way its products might be used; fuels, lubricants, plastics, wax, asphalt, fertilizer, pesticide, etc., and asking each ancient fossilized zooplankton and algae if that’s alright with them.
We no longer know what data about you might be used for – is being used for. We just don’t know. That horse left the barn when large companies subscribed to list makers, data brokers and startups suckling at the API’s of social media sites.
Data Protection First, Not an Afterthought
Excellent idea. But you have to find that data before you can protect it.
As a human being, I am all for the protection, supervision and authorization of data about me. I believe this issue will come to a head when dangerous decisions are made about individuals by governments based on bad, faulty, out of date, irrelevant data for nefarious purposes. I live in fear.
But as a card-carrying member of the datarati, I fear that it is inevitable
By: Jim Sterne, Founder, eMetrics Summit