Three Laws of Privacy: A Set of Rules to Build a Privacy Standard

Borja Moya
Oct 2, 2018 · 15 min read
Listen to the PrivateID Podcast. Download this episode here (right click & save as…)
Isaac Asimov
  1. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
  2. A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.

The problem is seeing the problem

One of the biggest lessons I’ve learned with design, is that you can’t design anything properly until you see the problem.

(2004) I, Robot

How to ignite change

The problem we’re trying to solve here is disruptive. This is a revolution. Maybe we don’t see it that way, but it is. The same has happened for centuries, when there’s a revolution going on nobody notices it until it explodes. And it’s only in hindsight when it’s easy to spot the moment when it ignited.

Deconstructing the problem

What we’ve got to do here is try to understand the system, then point out the vulnerability that could allow us to hack it. And, maybe, we’ll be able to collapse the entire system.

  1. Lack of data ownership. People can’t control their data — somebody else owns it and uses it at their will.
  2. The value of data increases over time — and permission is just required once, if ever. Once it’s out there, it can’t be taken back, and people don’t know what they’re giving permission for.
  3. National solutions don’t work on a global scale. (More on this later.)
  4. The power of ruling the 21st Century is at stake.

1) It’s a behavioral problem.

The first problem we encounter is a behavioral one. This apathy and lack of understanding with privacy is the same one as the problem with open defecation in the developing world.

  1. They get to the shithole and the facilitator asks: “Whose shit is this?” “Did anyone shit here today?”
  2. Then they create a subtle link with the flies: “Are there often flies here?” Everybody nods.
  3. By this point the whole village is around. They go to another place (nobody can handle the smell) and the facilitator asks to draw a map of the village. And then draw with yellow chalk the places where people shit. Now the whole map is yellow — it surrounds people’s homes.
  4. The facilitator asks for a glass of water and ask around if people would drink it. Everybody says yes. Now he pulls a hair from his head, dunk it in the shit and put it in the glass. Suddenly nobody would want to drink the glass of water.
  5. Here’s where he creates the big connection. He makes them arrive to the conclusion that flies have legs, and those legs carry each other’s shit. And since those flies are often on the food too, they’re all eating each other’s shit. Now they, desperately, want a solution.

2) People give away the most precious resource of the 21st Century: Data.

One of the most fascinating things about history is the ability it gives you to understand the patterns that ignited change. You just have to look back for a few hundred years in order to understand some of the changes we’re living now.

Yuval Noah Harari on CBS News
Mark Zuckerberg facing Congress
(2016) Billions

3) It’s a global problem, not a national one.

Consider climate change. Do you think this is a problem you can solve on a national scale?

Credit: Kris Krüg/DeSmogBlog

So, what’s the problem?

There isn’t a single problem. There’s a sequence of problems — but what matters here is their order.

Three Laws of Privacy

Now we’ve got our root problem: awareness. So it’s time to lay out the foundation of a privacy standard that tackles the real issue, and then work it out to solve the whole sequence.

  1. A Corporation, Organization or Government must give up the ownership of that data. It is the individual who owns it. It can’t be stored nor used in the future. It may only be used in the future for other purposes, except where such usage would conflict with the First Law.
  2. A Corporation, Organization or Government may have permission to invade an individual’s privacy and make use of his or her data, as long as such permission does not conflict with the First or Second Laws.

Building a privacy standard

Maybe this article raises more questions than solutions, but we’ll have to discover the solutions along the way. We don’t know what we don’t know. It’s only through experience where we can put this into practice and learn. That said, before we start having real experience, we need a structure to build our buildings upon. These three laws of privacy are that.

(2013) House of Cards

PrivateID Blog

PrivateID comes from what I believe is going to be one of the biggest challenges of the 21st century: privacy. PrivateID’s a blog/podcast about the conversations we need to bring to the table and about how to solve the problems that are coming. Because our freedom is at stake.

Borja Moya

Written by

Hi, I’m BM. Privacy Advocate | Filmmaker | Storyteller | https://bmstudios.org & https://borjamoya.com — hello@borjamoya.com

PrivateID Blog

PrivateID comes from what I believe is going to be one of the biggest challenges of the 21st century: privacy. PrivateID’s a blog/podcast about the conversations we need to bring to the table and about how to solve the problems that are coming. Because our freedom is at stake.