Posted on: Monday 19th of May 2014
If you think about it, it’s obvious. When push comes to shove, privacy has to be a personal setting because only the individual knows what information he or she feels comfortable sharing with who, in what context, for what purposes.
Simple. Obvious. And full of far reaching implications.
Accepting that privacy is a personal setting means that individuals should be able to understand the implications of the data they are sharing, that they have some control over what data they share, that there are some mechanisms for ensuring the people they share the data with can act on these preferences – and that there are also mechanisms to ensure that they actually keep their promises.
It also contradicts the way current EU data protection regulations work – the model of ‘notice and consent’ by which organisations present individuals with terms and conditions which they either agree to (tick the box) or not.
And, as a principle, it’s not without its problems as the current furore over an EU ruling asserting that individuals have ‘the right to be forgotten’ in web searches. At what point does an untrammelled right to privacy undermine the public’s right to know?
An accelerating pace of change
The quest for workable answers to these questions is urgent, and things are beginning to move very fast.
In response to the EU ruling, Google is introducing new tools that let users request that information about them be removed. Whether or not the EU ruling itself is positive or negative, that’s a significant step towards individuals being able to specify their own personal privacy settings.
Meanwhile the World Economic Forum’s latest ‘Rethinking Personal Data’ reports highlight the three key issues which must be addressed if trust around personal data is to be sustained: transparency, accountability, empowerment. At first blush they sound like motherhood and apple pie clichés. But as they report shows, they surface knotty problems.
Transparency imposes potentially hard work on the user, who must invest time and effort understanding information that’s being disclosed. The harder this work becomes, the less likely people are to do it – making any attempts at transparency more sham than real. Likewise, making accountability work in a digital environment of endless copying and instant data flows is by no means easy.
One answer, as suggested in a report to the US president on Big Data and privacy last week is to encourage a new type of intermediary that helps individuals simplify, automate and improve the job of managing their data; what we call personal data management services.
Riding the storm
The details of each of these debates are important: the right to know versus the right to be forgotten; what it takes to build trust around personal data, the potential of innovative new services that empower individuals in new ways to offer new answers.
But what’s even more important is the pace of change; how all these elements are coming together to create a perfect storm for personal data where every key dimension – the social norms, rules (and regulations) and tools (technologies) of personal data – are all thrown in the air to potentially transform the landscape forever.
As we said up in the run up to our Personal Information Economy event in March, fundamental shifts such as this occur only rarely – over decades not months or year. And they create completely new sets of winners and losers. What does it take to ride such a storm and turn it to your advantage? Looking around you, how many organisations do you see which are clearly on top of this? Given the scale of the changes now unfolding, if your organisation isn’t already working hard to formulate its response to this shifting landscape, it’s already in danger of being too late.