Personal Data in 2018: a "brand new" Paradigm?
This year, as it comes to an end, was marked by numerous scandals regarding personal data collection and utilisation by services a large amount of internauts use (on top of which Facebook), and also by meaningful changes of the law regarding these practices. Such events granted a larger audience to those issues and raised the users' consciousness about the risks and possibilities of data management. Hence the importance of framing a new paradigm and ethics based on decentralisation, competition between corporations and individual autonomy, through initiatives aiming at gaining back the control over digital privacy.
The year 2018: crises and distrust
During the first months, some Web colossi went through major crises putting forth fundamental questions about the ethics that motivates their decisions and ways of operating the collection and exploitation of their users' personal data. Thus was the giant Facebook put under the media spotlights when a crisis that had been gestating for years burst out – malfunctioning personal data management had been pointed out first in 2015 and criticisms cristallized shortly before 2018 on the Cambridge Analytica scandal. This communications agency, specialised in political influence, retrieved personal data from 87 millions accounts by means of an application connected to the social network and might have used it to support Donald Trump's candidacy to the White House. Despite the application having been disabled, Facebook appeared to be the sorcerer's apprentice having no control over the data and its use. This collusion also revealed links between personal data exploitation, lobbying and interfering in the democratic process. Though it was not as significant, WhatsApp cocreator Jan Koum resignation on the 30th of April drove the point home, for the application rushed monetization and the collection of personal data used by Facebook (which bought it in 2016) went against the core values of the application (data encryption and respect of privacy) and conspicuously motivated its founder's decision to leave.
Though the Facebook scandal is the most emblematic and written about, many crises with similar grounds shook the digital world in 2018. Such as the decision to shut down Google+ – which will occur eventually in August 2019 – to protect personal data threatened by a breach in the APIs. Although a larger crisis was averted and the consequences would never have reached Cambridge Analytica scandal's gravity, its whys and wherefores were similar and raised analogous questions about personal data security and exploitation. A few months earlier, Amazon went through spying allegations as an American family had unpleasantly found out that its digital home assistant (Alexa Echo) had recorded a conversation and sent the audio recording to a random person on its contact list. More recently, the Tory Conference Application (UK) suffered a major security flaw allowing anyone registered to access the personal data of any other attendee.
These scandals, whatever their consequences, brought to light ethically questionable practices. Even more than highlighting worrying deficiencies regarding personal data, these scandals gave material to voice criticisms towards some service providers' ethics and business model, based on data processing and lobbying. These condemnations particularly stressed the importance of reshaping the law and ensuring an increased control over such practices.
The year 2018: controls and vigilance
Judicial authorities watched over those issuesvery vigilantly and held strong positions against the digital industry giants. This was demonstrated by the way Mark Zuckerberg was heard by the US Congress on April 11th, and by a Senate Committee during the following weeks. During those hearings, Facebook's CEO acknowledged his company's responsibility in the circulation of information and the exploitation of personal data. The medium's responsibility is particularly patent when it comes to obtaining the user's consent to the collection and use of their data. This issue is one of the major concerns that led European judicial authorities to vote in favour of the General Data Protection Regulation (GDPR) which was implemented on May 25th in every EU country and some other states such as the UK. The whole purpose of this law is to shape a supranational and harmonised legislative framework providing internauts with a first defense line and giving them the upper hand on their personal data management. This framework then must be coordinated with national legislation, e.g. with the French Law on data processing, computer files and freedoms which came into effect in 1978 and has been amended a lot within the last years in order to update control tools and address more specifically the renewed data privacy issues.
In this respect, Article 20 of the GDPR is of paramount importance, given that it creates a new right to data portability which allows for any user to receive their personal data in a structured, commonly used format and to transmit those data to another controller – thus it ensures competition between service providers and a choice for the data owner. However, this right is largely disregarded by digital companies which some organisations are trying to battle against using the GDPR framework. For instance, NOYB organisation, led by legal expert and activist Maximilian Schrems, lodged several complaints against the GAFA for “forced consent.” French organisation La Quadrature du net also pressed charges against Facebook after noticing irregularities in the way the controller obtains its users' consent. In spite of the new weapons and tools states and organisations can wield, they cannot really bend the web colossuses to their will, and necessity calls for the emergence of propositions at the individual scale to change the users' habits.
This is precisely what Tim Berners-Lee offered when launching Solid, an open-source platform for hosting data on a secured and customised server, that its creator wants to be a way to decentralise data management and allow any user to process it with scrutiny. According to the inventor of the World Wide Web,
it will empower individuals, developers and business with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services
– nothing less than a revolution. Although Tim Berners-Lee was praised by the press, he was not the first to offer such a possibility: we with Cozy had anticipated all these scandals and launched in January the first “digital home”, a personal and personnalized cloud which allows the data owner to store and process it at their will.
Just discovered @SolidMit idea was already invented by a French company @cozycloud. Even the great @timberners_lee can arrive late nowadays.— Eduardo Yáñez (@eduardo_yanez) 4 octobre 2018
Both solutions are free, open source, give control to the data's owner, and can have an apps ecosystem around.#privacymatters #privacy
Those initiatives aim at bringing to a variety of audiences protocols long known and approved within specialised fields, and at creating new interfaces in order to allow anyone to take over data management. In so doing, they challenge the GAFA, their rationale, business plans and ethics, and provide all users with empowering resources.
The year 2018: raising consciousness?
That sequence of controversies granted personal data-related issues a high visibility and highlighted the links between data controllers, global economy, digital ethics and democracy. It made the general public more aware of the risks of uncontrolled data processing or dishonest practices, such as dark patterns, interfaces crafted to trick users (by profiting from cognitive biases for example) into doing things that meet the company's interests and go against the data owner's sake or security. At the core of the criticisms stands the way service providers drag Web users into relationships of dependency. Journalists and specialists called for a broader vigilance and surveillance of personal data trajectories and uses – some even advised detoxification. Result or inference, the number of Facebook users dropped during the second quarter of the year for the first time in the company history, and the social network's stock price therefore plunged.
This financial hit did not significantly harm the Californian giant, albeit it demonstrated the influence users have and how a change in their habits and practices can impact on Facebook's operating. It invites every service user to rethink their relationship to personal data, understood as a constituent part of any individual's digital privacy, the preservation of which needs to become a major concern for today's and tomorrow's data owners. Solid and Cozy appear as user-friendly tools, created to assert an inalienable right of privacy – to do so, they brought the users' agency to the fore, underscoring their capacity of acting on these matters as individuals.
Constant experience has proven that every man who has power is inclined to abuse it [...] To prevent this abuse, it is necessary by the nature of things, that power should be a check to power.
Montesquieu, The Spirit of Laws, 1748
There lies a new paradigm hinging on a new balance between users and controllers, which could prevail in the years to come. To attain such an equilibrium, a true competition between service providers seems essential, so as to dismantle their monopoly and the relationships of dependency it carries. Thus, to put forward initiatives that seek a greater coincidence of interest between service users and providers, through data portability for instance, is to support every user's self-empowerment. Thanks to this shift both in practices and power balance, one might truly consider taking the data out of the information silos where it is currently stored to see the advent of new ways of processing it. Such uses would rely on principles like decentralisation, judicial institutions potency, control by competition and individual autonomy – all contributing to the protection of the users' digital privacy.
The year 2018: a milestone
We must cultivate our garden, Candide ou l'Optimisme, Voltaire, 1759.
Through this year, the (re)shaping of users' relationship to personal data has reached a climax, regarding the way companies process it, as well as how it is regulated by various entities. The whole sequence of scandals has brought to light the data storage and management issues, which are now looked upon as major concerns not only by specialists or free-culture activists, but also by a larger public. This increased awareness has offered a new frame for a digital ethics based on a reasoned, shared and transparent use of the data. To orchestrate this paradigm shift, recent initiatives have allowed users to take over their data management in order to cope with Voltaire's injunction to cultivate our garden. And not to cultivate it by facing alone the Web giants but rather by acting as groups and communities of aware, conscious, enlightened individuals.
🖌 Some words about Cozy
► Our mission: democratize the personal cloud as digital home by allowing everyone to be autonomous in their digital life, control and use their data with brand new services.
► Follow us:
► Join us: https://www.meetup.com/fr-FR/Meetup-Cozy-Cloud-en-France/events/254790951/
Visit our website cozy.io in order to create your Cozy hosted in France, respectful of your privacy and free of charge up to 5 GB of storage.
Credits : Photo by Thought Catalog on Unsplash