Blog - DR TYRONE W A GRANDISON

What Ever Happened To Our Data Privacy Rights?

6/5/2013

We can all agree that the data in our wallets and contained in filing cabinets in our homes are owned by us and we are well-aware that there are legally-stipulated rights that apply to the use, processing and disclosure of this data.

The idea of your data containing a dimension of physicality and of you having proximity (or possession) of your data underpins the way privacy law was constructed in the past and how it is being interpreted today by the legal community.

The problem with that paradigm is that there is no differentiation between the data itself and the container that holds that data. In the past, it was a valid abstraction to assume that both were the same. Unfortunately, with the advent of computers, your data and the computer that it resides on (or in) needs to be separated if an individual's privacy is to survive this and the next century.

Moving forward, there are two notions that should guide policy and technology in the privacy space.

First, your data is your data irrespective of where it resides. Be it your licence card (in your pocket), your tax returns (in your home office), your medical history (in your provider's computer) or your genomic data (in 23andMe's cloud). Unfortunately, over the decades, it has been beneficial for companies to leverage the expression "possession is nine tenths of the Law", which they invariably interpret to mean that all data under their purview is owned by them.

The second notion is that there is a clear distinction between data stewards and data owners. As a direct consequence of the first notion, the data owner is always the person who is the data is about, whether it is collected (directly or indirectly) or is the result of some processing. The data owner has the most to lose from the misuse of his data whether it is used actively against him or her, or for another purpose that seeks an advantage for someone else, e.g. money, procedures, etc. The data steward is the person or entity that has control of the container that holds the data. As such, there should be an expectation of "good stewardship", i.e. taking care of the data as if it were your own.

Why are these notions critical to our future?

Currently, the majority of consumers and or patients assume that their data is their property. Unfortunately, they are only aware of the truth of their situations when a company, which they trusted, experiences a data breach and it has negative effects on their ability to live their lives as they expect or want. Imagine the brand and reputational damage incurred by these trusted institutions. Imagine the harm inflicted on the naive consumer or patient. This situation is not sustainable and will not create a future where businesses can continue this behavior and still be profitable.

The core tenet of privacy is control. Alan Westin (in 1967) described privacy as "the ability to determine for ourselves when, how and to what extent information about us is communicated to others". This viewpoint, which is assumed by most people, has been surreptitiously eroded over the decades. To reconcile consumer expectations with actual business practice and to get back to the core of privacy, we need to factor these notions in future policies, systems and activities.

Additional Material

Leave a Reply.