Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Taking back control


Published on

Presentation from SLS 2010

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

Taking back control

  1. 1. Taking back control<br />A rights-based approach to the gathering, processing and holding of personal data in the online environment<br />
  2. 2. Two questions:<br />To what extent is the Internet a ‘public’ space to roam and enjoy?<br />To what extent is personal data ‘ours’?<br />
  3. 3. Three connected issues:<br />The gathering of personal data<br />The processing and utilisation of personal data<br />The holding of personal data<br />
  4. 4. Data gathering<br />Without our knowledge?<br />Without our permission?<br />Without our understanding?<br />
  5. 5. Data gathering<br />The beginning of a solution:<br />The right to roam the Internet with privacy<br />
  6. 6. A change in assumptions<br />A new default: no data gathering<br />The fundamental tools of the Internet should be available without data gathering<br />
  7. 7. How could this work?<br />E.g. for a search engine, two search boxes:<br />‘Basic’ search, without data gathering<br />‘Super’ search, with data gathering and tailoring<br />One big questions:<br />What are the ‘fundamental tools’ of the Internet?<br />
  8. 8. Data processing and utilisation<br />Instant utilisation – tailored advertising, tailored content<br />Subsequent utilisation – the impact of profiling<br />
  9. 9. Data processing and utilisation<br />The beginning of a solution:<br />The right to monitor the monitors<br />
  10. 10. A change in approach to consent<br />Consent is not one-off, but continuous<br />Data gatherers must continually alert you to the fact that gathering is taking place<br />The opportunity to turn the monitoring OFF and to revoke consent must be provided<br />Links to information and options to gathering and use must be provided<br />
  11. 11. How could this work?<br />A little alert box, flashing up to indicate when something is happening, allow the option to click on/off, or link to further information<br />Use the communicative opportunities of the internet – and its immediacy<br />Consent in ‘real time’.<br />
  12. 12. Data holding<br />The beginning of a solution:<br />The right to delete data<br />
  13. 13. A change in assumptions<br />The default: data CAN be deleted<br />Holding data is a privilege, not a right<br />Putting data minimisation into the hands of the individual<br />
  14. 14. When can data NOT be deleted?<br />Paternalistic reasons – e.g. medical data<br />Communitarian reasons – e.g. criminal records<br />Administrative reasons – e.g. tax records, electoral rolls<br />Archival reasons – but strictly controlled<br />Security reasons – strictly controlled<br />
  15. 15. How could this work?<br />Immediate access to data held should be provided – with the option to delete<br />Data deletion should be simple and direct – not complex or opaque<br />Could be combined with the monitoring of monitors<br />
  16. 16. Three connected rights<br />The right to roam with privacy<br />The right to monitor the monitors<br />The right to delete<br />
  17. 17. Why rights?<br />What is needed is not detailed law, but a change in paradigm<br />Changes in the net are driven by business models more than by law<br />Businesses are sensitive to the perceptions of the public<br />Internet businesses are cross-jurisdictional, but can set worldwide standards<br />
  18. 18. Rights in balance<br />The needs to business and governments must balance with those of individuals<br />All these rights are subject to balance - and where necessary may be overridden<br />Both businesses and individuals need to be able to trust and use the net - clear and appropriate rights can help build that trust<br />
  19. 19. Business models in balance<br />With rights in place, business models will change<br />If data gathering must be notified and may be refused, models reliant on secret gathering won’t be created<br />If a user can delete data, models reliant on long-term holding of data won’t be used<br />If businesses have to gain consent, then users must be gaining benefits if they are to gain that consent<br />
  20. 20. Taking back control<br />A rights-based approach to the gathering, processing and holding of personal data in the online environment<br />Paul Bernal:<br />