Why we urgently need an aggressive overhaul of data privacy
A good article in MIT Tech Review, “It’s time for a bill of data rights”, further convinces me of the need to completely regulate and redesign a system that we know from bitter experience doesn’t work and is exposing us to practices we never agreed to.
When it comes to data privacy, the world is divided pretty much into three zones: the most radical has been created by China, a country where the individual has no right to privacy and the state can access anybody’s data; it’s not clear whether the Chinese themselves agree with this approach to population control, but for the moment they seem willing to accept it in return for political stability and economic growth. If you live in China, you automatically accept a contract that nobody has asked you to sign whereby anything you do online and offline is captured by cameras, devices and technologies of all kinds and is processed and incorporated into your profile, which is constantly being analyzed by the authorities and businesses working hand in hand.
In contrast, in many of the democracies of the West, online service providers require users to accept incomprehensible terms and conditions, which we do without reading them, and that invariably allow those companies to collect and process our personal data, using it as they see fit, as long as what they’re doing isn’t specifically against the law. Businesses are thus able to find all sorts of ways to monetize our data, selling or transferring it to third parties based on some hidden clause we’ve accepted unthinkingly, or simply by stretching a concept to infinity and beyond, meaning that any data a sensor or an application can collect becomes a good in a bazaar where everything has a price. It might be the location of your smartphone that you innocently thought it made sense to provide so as to improve an app’s value proposition or your most personal health data or religious preferences, or those of your friends and acquaintances: everything can be used within extremely sophisticated, specially created business models that most of us have no idea even exist.
Finally, there’s the European Union’s model, where hypocrisy is the order of the day: data processing is hyper-regulated, not to protect users, but instead so that companies, whatever their activities, have operate in a labyrinth of permits, forms and rules that are impossible to comply with, and where they face the permanent risk of being reported by a whole range of specially created agencies. The result is that the companies whose mission is to exploit user data are able to do so by finding loopholes and being very careful, and occasionally paying fines that have no impact on their profit margins.
The problem here is that our information, once it has been taken and stored in a database, is no longer ours, regardless of what the law says. And once data becomes part of our profile, it comes to define us and can be used for a wide range of activities, not all of them of benefit to us. What’s more, if a company only has a little data about us, meaning our profile is incomplete, that can be a bigger problem: a bank may not allow us to access an account because we haven’t provided it with a particular document or because our transactions seem to suggest some kind of pattern that might point to illegal activity. In short, we’ve come to accept the idea that companies obtain, record and analyze all the data they can squeeze out of us, and we then allow them to build a profile of us based on that data. Thanks to practices that until a couple of decades ago made sense for businesses, we are now locked in an information madhouse we can’t escape from.
What sort of world is it where we have to be permanently on our guard about the information we provide when we buy something and how it might be used, or worse, a world in which in reality, we have no power over how our data is used? The successive disasters of recent years, whether the result of immoral business models, irresponsibility or naivety, brings me closer to the position of Tim Cook and Apple: privacy as a fundamental, inalienable human right. We need new regulations that provide us with exhaustive guarantees, that are simple to understand and give us full control over our data. The simple truth is that the supposed permission we give companies to access the data we generate by using it, ostensibly to improve that service, has become a carte blanche for systematic abuse, protected by terms and conditions we agree to without understanding or even reading them.
We urgently need to redefine all the rules relating to our data, with the aim of allowing us to be completely sure of what information we’re sharing, how it’s being treated and what impact that might have on our lives, and ensuring that under no circumstances can our data be sold to third parties, giving us full control over any analysis and use made of it, regardless of how granular it might be. It is quite simply wrong that data you provide to an app to turn your apartment lights on when you come home is passed on to the database of an insurer or a bank, and the very idea should not only be rejected out of hand, but be outright illegal. Passing on our sports or health habits into the databases of companies so they can sell us stuff should mean jail time for the guilty parties. The current laxity regarding our data has to be replaced with practices of extreme vigilance, even if this means outlawing certain business models or making certain practices that today, due to repeated abuses, now seem normal.
I believe that in the not-too-distant future, when we are fully aware of the rules that govern the data economy, we will look back in astonishment at certain practices and models of hyper-segmented advertising, the marketing of personal data or the collection of usage habits for analysis. But of course… I may be wrong.
(En español, aquí)
