The Need to Own Your Data

The internet allows you to extend yourself. It empowers you with freedoms not yet fully known and possibilities previously unimagined. We are living digital lives, and our reach now goes further than ever before.

All is not well, however. Despite the incredible growth and opportunities, technology has not allowed us to control what happens with our information online. Until recently.

Are the keepers of our information responsible for it? Is there anything wrong with the way it is currently managed? More importantly, why does it even matter that we own our information?

Are we keeping track?

According to the McKinsey Global Institute, the average number of online accounts registered to an email address ranges between 90 and 130. This number doubles every five years.

An email address is often enough to find out someone’s name. An online search can reveal a lot more, and that’s assuming the account holds minimal personal information. Each account is a gateway to an individual’s professional and personal life; some gates are wider than others.

Do we have control of our identity online? Any real say in how our data is used and interpreted? The answer, generally, is no. Yet, keeping track of our identity is where owning it begins.

Whose responsibility is it anyway?

A Gemalto Survey of 10,000 consumers worldwide found that many of them were unwilling to take basic measures to protect their identity online. 56% said they use the same password for multiple accounts, while 41% rejected two-factor authentication. At the same time, 62% of respondents believed that it is the business’s responsibility to ensure data security and 70% would abandon a company if it suffered a data breach.

The vast majority of people admit that strong security measures are necessary, but no one wants to be restricted by them. Every time an individual makes a purchase online, they’re intercepted and interrogated by the gatekeepers, pulled back from where they want to be.

Whatever organisations are doing about cybersecurity, it isn’t enough. The Gemalto Breach Level Index found that 3.25 billion records were breached in the first six months of 2018 — a 356% increase from the same period, the previous year. With countless reports of data breaches and corporate inaction, public trust in the way organisations manage their data is lower than ever.

To the companies we trust less, we render a huge amount of power. Some of the most profitable companies in the world are driven by data — data which we, as consumers provide, often in exchange for a free service. Though on the surface, this might seem like a fair transaction, it’s worth considering how it relates to the concept of surveillance.

Surveillance means control

Surveillance is essentially the ownership of an individual’s personal data by a central authority, be it public or private. It is a threat to privacy.

In some cases, surveillance is permissible. We understand when a shop owner installs CCTV cameras at their premises as a security measure.

Other losses of privacy are unacceptable. If a home appliance company installed CCTV cameras in your home to study how their products are used, it would be invasive. If this were offered in exchange for a subsidy on the products, it likely would still be unacceptable. Yet, this is how we conduct our affairs online. We allow online services to construct our digital homes and workplaces in exchange for consent to monitor our activity. By carrying out surveillance-for-profit, such companies claim the ownership of our information.

The right to data ownership is about having a reasonable sense of choice; it’s not something that companies should be able to take away.

It has been found that surveillance impacts human behaviour and opinions, particularly if they go against the majority or generally accepted views. Surveillance is not just about watching someone; it is about controlling them. The average internet user does not deserve this. The right to data ownership is about having a reasonable sense of choice; it’s not something that companies should be able to take away.

Data enlightenment

We seem to be witnessing an era of data awareness. The world is coming to the realisation that privacy and security are fundamental human rights. In 2018, the EU began to enforce the GDPR, the firmest data protection policy yet. The State of California quickly followed with its own legislation, and India seems to be going in the same direction with the Draft Data Protection Bill.

Businesses are taking the hint, too. Notorious for neglecting privacy rights, mega-corporations like Facebook and Google have at least, on the surface, acknowledged that people should be able to control their data.

The real innovation in data privacy comes from self-sovereign identity companies. By championing breakthrough user-consent standards and Privacy-by-Design, they have put the control of data back into the hands of people.

Until now, the internet hasn’t really been about people, but information about people. In the wake of massive data breaches and with the advent of self-sovereign identity, things are starting to change and it is becoming a more human place. It’s time, we as a global community harness the power of the web and fully realise its true purpose.