Who Knows My Identity?
I don’t have control over my personal identity any more.
Over the last two decades I’ve entered my details on internet sites countless times, whether buying things, applying for services or signing up to web accounts. I’ve given high-street stores my full details whenever I’ve taken out a service contract or credit agreement. Many hotels have a full copy of my passport. I have no idea how far my identity has spread but I imagine it’s on thousands of servers around the world.
I’m not a particularly cynical person — I think the majority of companies who have my data have no intention of doing anything other than storing it — but hacking is a significant problem and it has become common for companies to sell data on.
Selling data to pay for an otherwise free service seems ethically ok, but I have a problem with two things: the way it is done and the lack of clarity over the consequences.
Companies describe their intention to ‘share’ our data within their terms and conditions. This is the right thing to do of course but they know it is human nature to skip passed a long, dry legal document when our focus is on the end goal we desire. Hiding the terms and conditions behind a tick box on a flashy sales page is not ethical since it discourages us from making an informed decision on the consequences of clicking ‘Next’.
Now we come to the consequences. Do organisations that share our data really know what the recipients of that data are going to do with it? Do they know, for instance, if a recipient will share the data onwards to another organisation? The terms and conditions I sign up to don’t generally contain a tree of terms and conditions showing how my data will be used by each recipient and sub-recipient and sub-sub-recipient (etc) as it’s sold on down the branches.
—
I want to see two things happen.
- I want to be able to view and manage my global identity footprint. At any time I want to easily see who has my data, what data they have and what they are using it for. I want to be able to withdraw access to any or all recipients with the click of a button and to understand the consequences of doing so.
- I want data usage terms and conditions to be summarised in clear, simple bullet points, independently verified to make sure they match the detailed terms and conditions. I want those bullet points to be automatically assessed against a preset list of terms I find personally acceptable, and the conclusion displayed in a single traffic light-like manner so I can make an instant, informed decision to click ‘Next’ or sign the service contract.
Blockchain technology, particularly smart contracts, and the spread of smartphones and internet access now allow us to explore the implementation of these things. I am confident that technology, working with global data protection regulations, can give us all a trusted global platform on which we can share personal data under our control and potentially unleash a whole new set of possibilities for how we share and monetise our data.
David is CTO of Datona Labs, a non-profit organisation exploring “Smart Data Access” on the datona.io platform.
Image: ID 148818735 © Mohamad Faizal Ramli | Dreamstime.com
