Talk about a perfect storm. In the past few months, we’ve seen new European rules on handling personal data, an outcry over Facebook’s privacy practices, and major shift in how big companies address consumer controls of advanced advertising technology.
On their own, each development really only adds up to a limited business and technical challenge for the organizations that collect and use consumer data. But in combination, these events could prove to be revolutionary and the substantive foundation for how every person – and every machine – will interact in our world and beyond.
GDPR has started the movement. The European law affects any company, regardless of home territory, that processes data from EU citizens. California, the world’s fifth largest economy, recently passed one of the toughest data privacy laws in the world. So it’s only a matter of time before GDPR-style legislation is enacted in other countries, including the U.S.
But while these laws seek to protect individuals from annoying advertising that follows you around and seems to know what you are thinking, as well as egregious overreach into one’s personal privacy, they do not establish a fundamental global system of rights related to human-generated data.
In the majority of countries and cultures around the world, there is an established “natural” right to property ownership, both physical property and what you as an individual create and produce. We each own our intellectual property and our personal data must be considered a subset of that property. And when established as personal property, data then becomes a valuable asset for the individual to profit from, and not just the economic engine of giant multinational companies.
Given the global nature of our technologically driven world, the ownership of your personal data must be consistent and common across jurisdictional boundaries. It must be the right of every citizen of the world, much like GDPR extends outside the physical borders of the EU. Currently, a global patchwork of confusing and sometimes conflicting standards, individuals around the globe must advocate for these same protections.
We need a Global Personal Data Bill Of Rights, and we need it now.
Here is some of what I believe it should contain:
Data are an essential and inseparable part of human beings and data hold great value, just like our personal property, our memories, and our life experiences. We own our data and everything that can be done with them. From this foundational belief falls a number of inalienable personal data rights.
Right of Digital Identity
We have the right to a unique individual digital persona that is owned by the person and can be ported as he pleases just as is formed and preserved in most countries by proper birth registration.
Right of Data Awareness
We have the right to be informed when someone gathers or uses our data both in the physical world and the virtual world. We have the right to know how they handle the data and what they are going to use them for now and in the future. We have the right to access information on the status of our data at any time and under any circumstances.
Right of Data Accuracy
We have the right for our data to be truthful and, as such, we must be able to manage the data and correct them.
Right of Data as Labor
We have the right to put our data to work and make a profit with it the same way people have a right to work or engage in productive employment and may not be prevented from doing so.
Right of Secrecy
We have the right, to hide, to go back to anonymity or to grant partial access to our data to entities and people of our choice.
Right of Redress
We have the right to fair and expedient compensation from entities who violate our data rights.
Right of Inheritance
We have the right to pass along our data assets when we die in the same way that inheritance is the practice of passing property, titles, rights, etc upon the death of the individual
It’s nice to see a groundswell of support for legislation that grants consumers the right to understand how their personal information is being held by businesses, along with the ability to opt out of the data exchange altogether. This is a huge step forward — but the battle for TRUE personal data rights has only just begun.