When did that leak out?
Who knew?? It was obviously a private meeting!
Monday, January 28, was Data Privacy Day and you won't get another for a year. If you missed it, you didn't miss much. It was a day like any other day, without meaningful privacy except for those offline and unobserved by the global surveillance panopticon. The non-profit National Cybersecurity Alliance marked the occasion, …
"Velasquez added that consumers need to be motivated to become informed. She likened privacy to health, noting that it tends to be ignored until it causes pain. Your doctor can warn you to live a healthy lifestyle, but many people won't pay attention until they experience chest pains, she said."
How about if all the information about a person was considered as sensitive as the data doctors have access to, and handled as carefully ? There are failings, occasionally, but they're uncommon and punished heavily.
And the lead paint comparison is good as well.
For example, all health-related data (including fitness tracker data) should be considered completely toxic. It cannot be transferred between companies without explicit authorisation (for that particular transfer, for that particular purpose) by the data subject. And it cannot be processed or combined with other data.
Of course, that would scupper all the e-health startups. But, sorry, you are the equivalent of lead paint manufacturers. Close down and do something else.
One thing that many firms (particularly US ones) fail to understand is that the data subject is actually the data owner. You may have gone to a lot of time, effort and money to gather data but if it is about me then I own it. Thanks for gathering it for me. If you want to even process the data you have gathered you need a licence from me. Let alone if you wanted to transfer or sell it, or some conclusions drawn from it, to someone else.
This guiding principle, which is as simple, and as complex, as copyright, needs to be clearly enshrined in law. Once we have that in place, we have the basis of a functioning personal data economy. I may be happy to grant licences in exchange for valuable services. Or I may not.
And this applies to data that is created or inferred about me from other processing. Even if I didn't provide it (maybe you are a phone company and someone dialed my number, or you are LInkedIn and a contact gave you my email address), if you have some data about me you need a licence from me (with a traceable record to prove you have the necessary licence) to even process it.
Of course, there may be some exceptions -- a sort of personal data "fair use" for example. Lots of details, just as with copyright. But a perfectly logical and reasonable way to build an information economy.
Biting the hand that feeds IT © 1998–2019