5. Data gathering The beginning of a solution: The right to roam the Internet with privacy
6. A change in assumptions A new default: no data gathering The fundamental tools of the Internet should be available without data gathering
7. How could this work? E.g. for a search engine, two search boxes: ‘Basic’ search, without data gathering ‘Super’ search, with data gathering and tailoring One big questions: What are the ‘fundamental tools’ of the Internet?
8. Data processing and utilisation Instant utilisation – tailored advertising, tailored content Subsequent utilisation – the impact of profiling
9. Data processing and utilisation The beginning of a solution: The right to monitor the monitors
10. A change in approach to consent Consent is not one-off, but continuous Data gatherers must continually alert you to the fact that gathering is taking place The opportunity to turn the monitoring OFF and to revoke consent must be provided Links to information and options to gathering and use must be provided
11. How could this work? A little alert box, flashing up to indicate when something is happening, allow the option to click on/off, or link to further information Use the communicative opportunities of the internet – and its immediacy Consent in ‘real time’.
12. Data holding The beginning of a solution: The right to delete data
13. A change in assumptions The default: data CAN be deleted Holding data is a privilege, not a right Putting data minimisation into the hands of the individual
14. When can data NOT be deleted? Paternalistic reasons – e.g. medical data Communitarian reasons – e.g. criminal records Administrative reasons – e.g. tax records, electoral rolls Archival reasons – but strictly controlled Security reasons – strictly controlled
15. How could this work? Immediate access to data held should be provided – with the option to delete Data deletion should be simple and direct – not complex or opaque Could be combined with the monitoring of monitors
16. Three connected rights The right to roam with privacy The right to monitor the monitors The right to delete
17. Why rights? What is needed is not detailed law, but a change in paradigm Changes in the net are driven by business models more than by law Businesses are sensitive to the perceptions of the public Internet businesses are cross-jurisdictional, but can set worldwide standards
18. Rights in balance The needs to business and governments must balance with those of individuals All these rights are subject to balance - and where necessary may be overridden Both businesses and individuals need to be able to trust and use the net - clear and appropriate rights can help build that trust
19. Business models in balance With rights in place, business models will change If data gathering must be notified and may be refused, models reliant on secret gathering won’t be created If a user can delete data, models reliant on long-term holding of data won’t be used If businesses have to gain consent, then users must be gaining benefits if they are to gain that consent
20. Taking back control A rights-based approach to the gathering, processing and holding of personal data in the online environment Paul Bernal: p.a.bernal@lse.ac.uk