governance of technology and governance through technology
Class Seven: Data Ownership and Privacy
For each quote, we plan on discussing it, placing it into its context, and understanding how it fits into the broader discussion about bias.
- NYTimes/MIT Technology Review
- The first principle, for example, covers an issue that seems dead obvious and should have been enshrined in law back in the early 2000s: The right “to have access to and knowledge of all collection and uses of personal data by companies.” (Some companies voluntarily follow this rule already, as well as a few of the following, but none are required by federal law.)
- Very easy to mechanize this, however it places the burden of sifting through this on the consumer.
- The second says consumers should have to give their permission — an “opt in” rather than “opt out” system — before their data can be collected and shared with third parties. I like to call it the anti-Cambridge Analytica rule.
- oftentimes, there is no reasonable opt out
- The third principle moves into a dicier area: the right “to obtain, correct, or delete personal data controlled by any company.” In Europe, this idea has manifested as the controversial “right to be forgotten” laws, which wouldn’t fly here. Because of First Amendment issues, and also to prevent anyone from removing information that is merely critical, Mr. Khanna added a caveat that covers a lot of sins: “where context appropriate and with a fair process.”
- Seems like this rule has been walked back quite a bit. Also, not sure if this makes sense digitally. What about analog copies?
- The fourth centers on timely notifications in the case of breaches.
- The fifth would give consumers the right to move their data (called data portability)
- The sixth calls for making net neutrality a law rather than a regulation that gets Ping-Ponged every time a new administration takes office
- The seventh would hinder big internet access providers like AT&T and Verizon from collecting more data than is necessary for the rendering of services
- The eighth addresses fostering competition.
- The ninth would protect consumers from being “unfairly discriminated against or exploited based on your personal data.”
- And the tenth would demand that companies that collect personal data practice “reasonable business practices and accountability to protect your privacy.”
- Brookings
- The better way to strengthen privacy is to ensure that individual privacy interests are respected as personal information flows to desirable uses, not to reduce personal data to a commodity.
- In a simple purchase of a book from an online retailer, for example, the book title and subject could reveal highly personal information about the purchaser, but the retailer surely would have a right to retain and use its own business records about the transaction (including the title of the book).
- Under an information-as-property regime, would both the purchaser and the retailer have property rights to information about the transaction? And in such a property regime, couldn’t the retailer simply make as a condition of sale that the purchaser must grant a license to the retailer to use the information for specified uses? And wouldn’t that simply lead to another form of the tyranny of fine print in which the purchaser who wants the convenience of an online purchase would be forced to cede rights to the retailer?
- Quartz
- Many large corporations and government agencies have strong governance mechanisms for their hard assets, but really poor governance of information assets.
- The second involves the discontinuation of practices that collect and store customer data.
- The third involves the cultivation of a new core competence: the ability to work with huge anonymized datasets rented from large numbers of people, all handled in a distributed and trust-minimized manner. It will remove data as a toxic asset from the corporate balance sheet and make it a fundamental human asset from birth. It will flip the data-analytics business model on its head and reward corporations for serving as data brokers on behalf of individuals. This will see the end of the large centralized data frackers that scrape, hoard, and rent, but don’t protect this data.
Feedback (5 minutes)
- Did we like the readings?
- Too long? Too short?
- Did we like using Github? Github issues?