The fight against surveillance capitalism and mass state surveillance has reached a tipping point, the peak-indifference moment, when new privacy advocates are self-radicalizing as they witness firsthand the undeniable risks of overcollection, over-retention, and secret manipulation of personal data.
A natural response to this awakening is to declare personal data to be personal property and to use property-rights to manage our relationship to the surveillance machine. The response is natural for many reasons, but mostly because, after 40 years of neoliberalism, we have all but lost the ability to think of things as "valuable" unless they are owned.
But the most valuable things in the world can never be owned (e.g. people, ideas). Making people into property makes them less valuable, not more.
Instead, we have a whole vocabulary, and with it, a whole set of norms and laws, for describing the "interests" that accumulate around people: familial ties, state and police interests, interests the people have in themselves.
Using property as the framework for managing our privacy will do us no good. Your phone number is an integer. It's sensitive and private, but you can't own it, and if you tried to, the cure would be worse than the disease.
As Martin Tisney points out in an excellent essay in MIT Tech Review, property rights aren't just a dysfunctional way to make sense of privacy — they're also ineffective. Even if you never share your data, corporations and governments can still make potentially compromising inferences about you by analyzing other peoples' data.
What's more, property frameworks are vulnerable to a devastating attack: the illusion of "consent." We live in a world of highly concentrated wealth and even more concentrated industries: when working, learning, and participating in social, civic and political life requires you to use one of a very few giant corporations' services, they will simply divest you of your "property rights" to your personal information with license "agreements" and terms of service by which you surrender every right as a condition of merely existing.
Instead of property rights for information, Tisney calls for a sui generis framework for managing personal information, one that is as nuanced and purpose-built as the rules we have to managing people themselves.
Tisney proposes three starting rules: "The right of the people to be secure against unreasonable surveillance shall not be violated"; "No person shall have his or her behavior surreptitiously manipulated"; and "No person shall be unfairly discriminated against on the basis of data."
Of course, to make those rules stick, we'll need the rule of law: this isn't a problem that technology can solve, it's a problem that we need accountable, legitimate governments that are not in thrall to that same handful of corporations to oversee.
As I've argued, "data ownership" is a category error with pernicious consequences: you can't really own most of your data, and even if you could, it often wouldn't protect you from unfair practices. Why, then, is the idea of data ownership such a popular solution?
The answer is that policy experts and technologists too often tacitly accept the concept of "data capitalism." They see data either as a source of capital (e.g., Facebook uses data about me to target ads) or as a product of labor (e.g., I should be paid for the data that is produced about me). It is neither of these things. Thinking of data as we think of a bicycle, oil, or money fails to capture how deeply relationships between citizens, the state, and the private sector have changed in the data era. A new paradigm for understanding what data is—and what rights pertain to it—is urgently needed if we are to forge an equitable 21st-century polity.
This paradigm might usefully draw on environmental analogies—thinking of data as akin to greenhouse gases or other externalities, where small bits of pollution, individually innocuous, have calamitous collective consequences. Most people value their own privacy, just as they value the ability to breathe clean air. An incremental erosion of privacy is tough to notice and does little harm to anyone—just as trace amounts of carbon dioxide are scarcely detectable and do no environmental harm to speak of. But in the aggregate, just as large amounts of greenhouse gases cause fundamental damage to the environment, a massive shift in the nature of privacy causes fundamental damage to the social fabric.
To understand this damage, we need a new paradigm. This paradigm must capture the ways in which an ambient blanket of data changes our relationships with one another—as family, as friends, as coworkers, as consumers, and as citizens. To do so, this paradigm must be grounded in a foundational understanding that people have data rights and that governments must safeguard those rights.
There will be challenges along the way. Neither the technical nor the legal infrastructures around data rights are straightforward. It will be difficult to come to a consensus about what rights exist. It will be even tougher to implement new legislation and regulations to protect those rights. As in the current debate in the US Congress, interest groups and industry lobbyists will fight over important details. The balances struck in different countries will be different. But without a strong and vigorous data-rights infrastructure, open democratic society cannot survive.
It's time for a Bill of Data Rights [Martin Tisne/Technology Review]
(Image: Cryteria, CC-BY)
(via Four Short Links)