The ‘new deal on data’ for personal data protection.

A few days ago I went to Italy, and look what caught my eyes in the airport coming back:

Pub-DataPrivacy

So I cannot but get into the ‘new deal on data’ for personal data protection of Alex Pentland that I mentioned on the previous post 🙂

His idea is to treat personal data as an asset, and each of us would ‘own’ the data about ourselves.  He makes an analogy with a bank account, see how he explains it:

 …In 2007 I suggested an analogy with the English common law tenets of possession, use and disposal:

You have the right to possess data about you. Regardless of what entity collects the data, the data belongs to you, and you can access the data at any time. Data collectors thus play a role akin to a bank, managing the data on behalf of their “customers”.

You have the right to full control over the use of your data. The terms of use must be opt-in and clearly explained in plain language.  If you are not happy with the way a company uses your data, you can remove those data, just as you would close your account with a bank that is not providing satisfactory service.

You have the right to dispose of or distribute your data.  You have the option to have data about you destroyed or redeployed.

There are still some details to think about and see how we deal with them.   I find it fair his proposal of the ‘full control’ through an opt-in method.  But is it covering all the situations?  Is it feasable?  Can you contact everybody to be sure they allow you to use the data in a particular context?  What if we are facing a catastrophe scenario?

And what if before you withdraw data from a company, they had used it to do statistics, obtaining aggregated results based on your data?  Would it be reasonable to ask them to take it out from there?  Would it be even feasible or just too much costly or complex?  It may not be possible to draw it back entirely, but if your data has served to a calculation, well, the calculation may be wrong now if they go back again to their ‘raw’ data as yours is not there anymore, but you’re not ‘loosing privacy’ either.  So I think it we can live with this situation.

It gets complicated when we talk about private data not about a person, like a company’s data.  Or even more complicated when it’s difficult to identify a natural ‘owner’.

There are still issues we need to go through, even though I see many in the same line of Alex’s proposal that we should have the ownership over our personal data.