Policy@Manchester Articles

Expert insight, analysis and comment on key public policy issues

Policy@Manchester Articles: All posts
You are here: Home / All posts / The age of data: the death of privacy or its solution?

The age of data: the death of privacy or its solution?

By Filed Under: All posts, Digital Futures Posted:

With increasing details of our lives being stored in digital space, how do we safeguard our data-selves? In this blog, republished from our On Digital Trust publication, Professor Mark Elliot outlines the dilemma between the value of data and the need to protect users’ privacy, and offers a solution to policymakers.

  • Data is no longer something we possess, but something we are immersed in; we are living in the age of data
  • Existing safeguards struggle to differentiate between privacy and confidentiality
  • New solutions need a society-wide approach
  • This includes a personal data-avatar for each citizen, to allow them complete control over access to their data

The burgeoning digital economy is evolving at a fantastic pace. Plummeting data processing and storage costs have provided online companies with unprecedented opportunities. At the same time, these parallel developments continue to heighten public concern about online privacy. As more aspects of people’s lives become digital, the protection of privacy continues to vex policymakers of most countries. Whilst companies and governments are becoming increasingly sophisticated in the ways they collect and claim ownership of personal data, the commercial and political value of personal data is increasingly recognised.

In this context, ensuring privacy can seem like using a finger to plug a hole in a dam. Available evidence clearly shows how privacy remains important to citizens of the information society. Internet users, however, also want access to the services and products of the digital economy in a convenient and personalised way. Liberal democracies, such as the UK, are caught between inherently valuing privacy and its fundamental connection with democracy, and perceiving privacy as a barrier to their becoming fully functioning digital economies.

The data transformation

The phenomenon often misnamed ‘big data’ is central to this. Misnamed because the term big data fails to capture the all-encompassing nature of the sociotechnical transformation that is upon us. Many who use the term, qualify it by stating that big data is not just about volume but also other features: that data can be captured, updated and analysed in real time and that it can be linked through multiple data capture points and processes.

However, such characterisations are not sufficient; they still express the notion of data as something we have whereas the reality and scale of the data transformation is that data is now something that we are becoming immersed and embedded in. Our behaviour is increasingly documented and collated. Hence, we are now living in the age of data (a new historical phase that large parts of the global economy has now entered), where each individual is embedded in the data environment.

The problem with existing solutions

Existing solutions for obtaining analytical value from data whilst protecting people’s privacy, are increasingly challenged by this new data environment. Some believe that they simply no longer work. Even the more recent data-centric technical solutions (such as differential privacy) still struggle with the intrinsic tension between the apparently opposing constraints, which can be summarised as: exactly the feature that makes data valuable to analysts and policymakers also makes it risky. Beyond this technical issue lies an even more fundamental problem. Data-focused solutions do not in fact directly tackle the privacy problem. Even the so-called differential privacy is not actually a privacy solution. The cause of this is a critical misunderstanding about the difference between confidentiality and privacy. Privacy concerns people and the control that we each have over ourselves, lives, space and possessions. Privacy is not primarily about data. Confidentiality, on the other hand, is all about the data.

Confidentiality can be viewed as a boundary maintained through various combinations of law, security infrastructure and governance, social norms and practices. When I say, “I am telling you X in confidence”, I am asking you to agree to a confidentiality boundary that surrounds the two of us. When an organisation places information on a secure server, it is doing so in order to prevent unwanted dissemination beyond its boundaries.

Now, breaches of confidentiality may indeed have significant privacy implications and increasingly who has control over digital information about individuals is a matter of privacy. But this privacy concern is simply not addressed by putting in place another confidentiality fix. We need to tackle it directly. Fortunately, the technology to do this is now available. Implementing it, as a society level solution, requires significant policy commitment.

The political will for a new way forward?

To describe it simply, the proposition is this: there should be one source of data for each individual and that is the individual themselves. The concept of personal data stores has been around for a while, and there has been some tinkering around the edges, but the primary problem is the lack of political will for a full implementation.

The system would work like this: each individual would have an internet-based privacy avatar which would act as gatekeeper for their personal data store. The individual would set their own digital privacy policy and every digital interaction would be mediated by the avatar checking the privacy policy of the individual against that of the credentials, intentions and trustworthiness of the other party. Where there was clash between the privacy policy of an organisation requesting temporary access to (certain parts of) the personal data store, the transaction would be refused. Where the individual’s privacy policy did not cover a particular request, the individual would be consulted directly.

The implications of such a system are manifold and it is outside the scope of this brief piece to go into all the details, but a few headlines are:

  • The law. The current range of data protection law becomes irrelevant. Instead, criminal law around data abuse and fraud would need to be strengthened. Abuse of data (including one’s own) should be a crime with the same legal weight as physical abuse.
  • Education. The system implies a step change in the level of digital literacy. This is sorely needed in any case; if we are to truly have an information society then that implies digital citizens.
  • Existing databases. Current estimates suggest that the average citizen in the UK is on hundreds, if not thousands, of databases. The simplest way to deal with most of these is to let them wither on the vine. As the data in them ages it will rapidly become unusable. There may remain residual societal functions that, at least initially, require some data to be held elsewhere (eg policing and national security). This could be dealt with in the same way that statutory rights to enter a home is handled in current law (and should be a clearly stated and legally regulated exception rather than the norm).
  • Security and system resilience. A single unique copy of each individual’s data implies a single point of failure and early versions of the system are likely to require multiple back-ups (just as every organisation does with its existing data).

The critical point here is that all of these issues can be dealt with in a way that makes the net effect a positive development over the existing arrangement, which you might regard as a mixture of the Wild West and increasing control, by robber barons. Another model that is being explored, developed and honed by China, is the effective control of information flows by a centralised state.

If we do nothing, then one of these two scenarios – digital anarchy or heavy-handed state control – looks increasingly likely to dominate our political economy. The work needed to deliver our proposed alternative is significant, but the prize is a fully functioning information democracy. What is needed is the political will to explore the ramifications, carry out the required research and development, and invest in the necessary infrastructure. Alongside this, governments need the courage to embrace the opportunity of the democratic data transformation.

 

This article was originally published in On Digital Trust, a collection of essays providing analysis and ideas on the use of data in healthcare, crime prevention, and democracy in the current political climate. You can read the full publication here.

Policy@Manchester aims to impact lives globally, nationally and locally through influencing and challenging policymakers with robust research-informed evidence and ideas. Visit our website to find out more, and sign up to our newsletter to keep up to date with our latest news.

Become a contributor

Would you like to write for us on a public policy issue? Get in touch with a member of the team, ask for our editorial guidelines, or access our online training toolkit (UoM login required).

Disclaimer

Articles give the views of the author, and are not necessarily those of The University of Manchester.

Policy@Manchester

Manchester Policy Articles is an initiative from Policy@Manchester. Visit our web site to find out more

Contact Us

policy@manchester.ac.uk
t: +44 (0) 161 275 3038
The University of Manchester, Oxford Road, Manchester M13 9PL, UK