We talk about privacy a lot around here and we talk about users having control over their own data. In some ways those feel like different conversations, but I’m wondering if much of our privacy concerns are just a special case of having control over where our data is seen/stored/shared. Where is that true and where does that not hold up?
I don’t understand this part. Did you mean to use what/where instead, or do you mean, “having control over who sees” it? In my view the answers are separate but there is some overlap depending on what you’re saying.
I meant “where”, and I thank you for catching the typo. I’m going to fix it now, and your message will just sit here confusing readers for all eternity.
3 Likes
In general, privacy is a fundamental human right to individual freedom, free from scrutiny, interference or intrusion by others including the state. So, an individual has the right to make decisions concerning personal, private matters, seems critical. Information privacy, in particular, is the right of individuals’ to have some control – right to make decisions – over how their personal information (data) is collected and used.
Thinking of Project Liberty, “User Data Control” seems more a manifestation, implementation of the more abstract “Privacy” where the individual controls and can decide to selectively disclose, depending on context, any piece of personal or other information as they see fit, unilaterally. It seems that “User Data Control” is the tangible, technical implementation of “Privacy”?
This ruling has set a far-reaching precedent for “Privacy” and “User Data Control”:
Meta fined €17m over EU data breaches (computerweekly.com)
€17m is not likely to upset Meta but it is the infringement of Article 5(1) which in effect makes the covert aggregation, harvesting and retention of personal data without explicitly, specified, legitimate business purpose(s) and so forth, illegal. That impacts the underlying business models and practices for all current social platforms (AdTech):
Meta fined €17m over EU data breaches (computerweekly.com)
Hope this is helpful to Project Liberty.
Kind Regards,
Patrick
2 Likes
I like that framing. User data control is, in part, an implementation of privacy values. What parts of privacy aren’t implemented through user data controls?
1 Like
I can only think of a platform e2e encryption implementation, like Whatsapp, that provides some privacy from silent, 3rd party intrusion / interference. This aspect of privacy is unlikely to be implemented as user data controls but rather as a standard blockchain (DSNP) default feature as blockchains are, I believe. Can’t think of others?
1 Like
Returning to the opening remark in this thread by @James: “having control over where our data is seen/stored/shared…where does that not hold up?” It does not hold up here:
Attack of the clones: the rise of identity theft on social media (computerweekly.com)
The article does overlook the fact that it is a criminal offence to steal/assume another person’s identity by, for example, presenting documents that belong to another and claiming that identity but the difficulty is proving it. Identity theft occurs silently on social platforms and only discovered long after the consequences have surfaced – too little, too late. The reality is that the incumbent platforms rely on the unfortunate victims of identity abuse to report it:
Attack of the clones: the rise of identity theft on social media (computerweekly.com)
Tangible evidence of identity theft can be established when a person actually presents various identity attestations in their possession. If a person is not the genuine owner of the identity attestations in their possession, and claims the identity of another person, this CAN be prosecuted as a criminal offence of identity theft, IF substantive evidence is available to prove it.
A pre-emptive strategy where each of us can claim, lock-down, control our own identity data asset has to be better than suffering the consequences of identity theft. Project Liberty is once again informed by the failings (Privacy AND User Data Control) by current social platforms. Hope this helps.
Kind Regards,
Patrick
1 Like
The Apple CEO first mentioned the impact of the “data industrial complex” on privacy at the same event, back 2018 (Brussels):
Tim Cook privacy speech to the IAPP sticks to generalities - 9to5Mac
He again cautions about one of the most essential battles of our time: “…the other [reality] where technology is exploited to rob humanity of that which is foundational: our privacy itself.” This all helps Project Liberty. Kind Regards, Patrick.
Congress Might Actually Pass ADPPA, the American Data Privacy and Protection Act | WIRED
The “data minimisation” principle – among others – draws on the GDPR that paves the way for decentralised personal data (1st party). The odds look good for this Federal legislation. Thoughts?
Kind Regards,
Patrick
Project Liberty is a crucial to liberation from endless aggregation, centralisation and abuse of personal data and/or abuse of market power. It is encouraging that regulatory enforcement is now clearing some space for more democratic innovations. Regulators in the EU have often been criticised for ineffective enforcement against violations ranging from anti-competitive conduct to infringements of data protection (privacy) regulations. That has changed recently. Violations by ANY online service, including EU services, now attracts record fines e.g.:
Google loses appeal over record EU anti-trust Android fine - BBC News
Google faces €25bn legal action in UK and the EU - BBC News
Instagram fined €405m over children’s data privacy - BBC News
To my knowledge, this is a first. The prospect alone of criminal liability for executives will weigh heavily on many boardrooms:
Every success with this year’s event 
:
Kind Regards,
Patrick
1 Like
Thanks for the good wishes, Patrick!!
You are very welcome, Denise. Great to see Frances Haugen join Unfinished Live 2022. Given the recent Project Liberty/MeWe collaboration, this recognition helps those of us who are also committed to decentralisation and data sovereignty:
Tim Berners-Lee wins Seoul Peace Price for promoting data sovereignty (koreaherald.com)
Patrick
Privacy is now a zombie… Shoshanna Zuboff (pictured at Unfinished Live 2022):
‘Privacy has been extinguished. It is now a zombie’ – The Irish Times
Kind Regards, Patrick
Another jurisdiction pursues a GDPR approach. No doubt, prompted by the devastating Medibank ransomware attack. “…aligning Australia’s law with the European GDPR…” :
Kind Regards, Patrick
This certainly changes the future for information architectures and PII:
noyb win: € 1.2 billion fine against Meta over EU-US data transfers
Kind Regards, Patrick
The focus of this EU Data Act is IoT generated data and user control over that data:
Consensus on EU Data Act to allow users to take back control over data (computing.co.uk)
Thought it worth sharing. Kind Regards, Patrick.
…“dark patterns” used by TikTok resulted in the platform “nudging users towards choosing more privacy-intrusive options” during the registration process:
TikTok fined €345m by Irish DPC for failing to protect kids’ privacy | Independent.ie
Data transfers to China is a separate, ongoing investigation.
Kind Regards, Patrick
Few are comfortable with the potential for unintended consequences/uses of encryption backdoors: Encryption backdoors violate human rights, says EU court (computing.co.uk)
Kind Regards, Patrick
Meta and others here in the EU are now out of options; unlawful CONSENT is the decision because consent is not freely given; the implications go far beyond Meta. Circumventing lawful consent has a limited future and is welcome news: Statement on EDPB “Pay or Okay” Opinion (noyb.eu)
Kind Regards,
Patrick