Session page, including audio: https://schedule.sxsw.com/2018/events/PP74405
Nicky Hickman, Inglis Jane Ltd
Karen McCabe, IEEE
Doc Searls, Project VRM; Berkman Klein Center; Harvard University
Doc: What is the state of privacy on the Internet? The internet is a protocol, an agreement of how to move data between two points with no billing or governance built into it. While we had ~10,000 years to work out how privacy should work in the physical world, we only had 22 years to figure out how it should work in the internet.
We built HTTP to get documents in a client-server, or slave-master paradigm. This introduces control of servers over clients.
Karen: How are things changing?
Nicky: Populist movements are on the rise; a lot of regulation around privacy is being enacted in Europe.
Karen: There is also the beginning of the rise of ethics in technology – ethics by design. The change required is one where people take over and wrest control over from the technology giants.
Normally, we have three personas: our work persona, our “play” or personal persona, and our civil/legal identity. We need more tools that can help reflect these three personas.
Doc: We have a good physical world model, where we can selectively disclose who we are and how much information we give others, by controlling who we talk to and what we say. We have private space in the real world, but less so in the digital world.
Karen: In Japan there is an increase in consent laws; in South Korea there are laws similar to GDPR. China, on the other hand, regulates less in favor of privacy. When governments get involved, other considerations can come to the fore.
Nicky: GDPR
IMG
The main tenants of GDPR are:
- Right of information (i.e. notice in advance of sharing)
- Right of access of my data
- Right of rectification (correction) of my data
- Right to withdraw consent
- Right of data portability
- Right of erasure
- Right to object
- Right to restrict processing
- Right not to be subject to automatic decisions
Doc: We can look at the Black Plague analogy. The Black Plague killed 30-50% of the population of Europe. It destroyed Feudalism, as lords simply did not have enough surfs to work the land. They had to start bringing in paid workers. This caused major changes in society, and let to a huge spurt of innovation (so you could do the same work with less people).
GDPR is estimated to make about 70% of all personal data unusable once it kicks in; a similar type of effect could happen in this domain as well.
We need to take back agency - the ability to act with full power. The only way to achieve this from the individual side; the companies have to agree to our terms. Instead of us signing terms of agreement, we list the terms for the use of our data. 1.7 billion people are blocking ads online, so the will to act is there.
Nicky: Another important regulation is PSD2, or the Revised Payments Services Directive. It allows you as an individual to take all of your data from one bank and move it to another bank (or other financial institution).
Q. Can the smaller companies bear the cost of compliance? Will this drive more people to larger companies?
Doc: With all the difficulties, the outcome will be worth it. Also, the EU most likely will go after large companies first, giving the smaller ones more time to adapt.
No comments:
Post a Comment