Understanding Digital Privacy Tomorrow.

Part 2: Insights from looking at a growing market.

Henri Stern
Jan 8 · 8 min read

This is the second half of part 4 of 4 of a series of musings on the topic of online privacy. I don’t pretend to resolve the problem, simply exploring facets of the space and pulling at strings that may make the web a more wholesome place to explore and help builders think about the moral valence of their technical decisions. View the first half.

TL;DR — It’s a uniquely exciting time to work on Internet Privacy. Will privacy be defined by compliance to regulation, or new software abstractions? Should the default be transparent data-usage, or privacy-by-default? Some patterns are already emerging from the space and they are shaping our lives online.

Just as code deployment and cloud infrastructure matured over the last 20 years, we are on the brink of huge advances for data privacy. Our toolkit is evolving and changing the dev stack in fundamental ways. Web stacks today commonly involve datastores (the model), backend software (the controller) and frontend code (the view), all powered by devops tools.

A stylized modern stack.

The Internet will change as software engineers gain more granular control over user data. But what might that change mean? We may see data logic be split from app logic in the backend, for instance.

A potential future stack!

What else? Looking through what work is happening in data management and online privacy yields interesting insights into what might be next for privacy tech.

Seeing competitive markets emerge we can see what incentives new regulation is creating (with the growth of consent management startups in the wake of GDPR, e.g.). Watching many startups chasing the same goal fail, we can distinguish consumers’ stated preference from their actual desires (see all the pivots in the self-sovereign identity space, e.g.).

The way these companies present themselves reflects the public narratives in the space. Startups’ positioning in the space is fed by and feeds the stories we tell ourselves about online privacy.

Having looked at the space, I work through some of the narratives.

  1. Open source is better for privacy.
    Proving to users what you’re doing with their data is hard. The idea is that opening up part of your code base helps (you can charge for services or make a token to monetize). It’s an interesting idea (you might thing opening up a code base makes things less private) that reveals a couple things about the space. First, a lot of people working on privacy have a cryptography background (where security by secrecy is the kiss of death). Second, data privacy and data ownership are deeply tied. Sovereign ownership demands you see what is done to your data.

I saved my best for last:

  • Privacy as software abstraction vs compliance.
    The above question has emerged as a key organizing principle for the space. Is the end-goal here compliance or privacy-preserving data architecture? Is the real user the lawyer or the software engineer? The answers to this question will fundamentally shape the Internet and its relationship to data in the coming years.
Gretel has a clear stance here, hear hear.

I believe most long-term solutions must go beyond regulation and involve splitting out data-logic from app-logic to some extent. Regulation is key, but data engineering must go beyond simply complying with local regulation ad-hoc.

But what does that mean? I’ve found there are two schools of privacy tech practitioners: “transparent-data-use” vs “privacy-by-default”. The first believes transparency fulfills a product’s privacy needs, i.e., you should be told what is being done to your data and choose whether to proceed. The second believes transparency is a useless promise: “Is it better to be screwed if you know it?” Instead privacy-by-default (i.e. can’t collect the data in the first place) must be the path forward for the Internet.

Messenger data permissions: from privacy-by-default to … we own you by default?

Clearly, transparency is too low a bar to clear for online privacy. It seems a slippery slope and carries too many deep societal dangers.

  • Should a user be expected to understand the data requirements of a given algorithm to know if the data requested is warranted? How informed can informed consent be?
You knew you’d regret posting that last tweet.

On the other hand, while “privacy-by-default” sounds nice, it can be hard to define precisely for any given product. Can it really an effective heuristic across all internet applications? What does it even mean in a given context? No PII collected? All collected data is anonymized? No data collected at all?

We’ve got some work to do. There is power in being deliberate about shaping defaults and this is the mission at hand: defining and building the new data and privacy standards for our digital lives.

Change is afoot. The Internet’s potential as a great means of expanding human knowledge and driving progress is playing out. So too is its potential as a means of mass surveillance and intellectual coercion. The extent to which these outcomes play out is up to us. The future of the Internet is ours to shape. Online privacy will be a key part of this evolution. I hope you’ll consider working in this space.

The Startup

Get smarter at building your thing. Join The Startup’s +724K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store