How to regain control of your personal data
Stage the First: As we go about our daily lives we generate personal data: what we read, buy, people we talk with and things we do can be, and are tracked by companies whose basic business plans depend on their ability to stalk us. The first stage in regaining control of our personal data is to eliminate or at least to reduce as far as possible the data we produce (and give away) as we go about our daily activities, and to prevent companies from doing this. The aim of this stage is to become as “invisible” as possible, leaving the lightest possible personal data footprint behind us as we move through our daily lives.
Stage the Second: Unfortunately, our personal data is already all over the place, so the second stage of regaining control is to remove it from wherever/whoever currently holds it and to gather it together in a safe and secure place that we control. The first part of this process, that of removing our data from people who have taken it and are keeping it, is a more general statement of “the right to be forgotten” which is currently the subject of EU proposals to strengthen the laws of data protection for EU citizens, and unsurprisingly, the focus of furious lobbying by Internet companies such as Google and Facebook aimed at preventing such laws being introduced. The second part of this process, the safe keeping of that data, is the focus of companies offering “personal data vaults” which provides a partial solution to this problem.
Stage the Third: Of course, there are circumstances where you are willing to give other people access to your personal data, and the third stage of regaining control of your personal data is to selectively give permission to other people for them to obtain, use and possibly to retain your personal data. The big problem with this stage is that at the moment the form of requests for permission, and the form that permissions can be given in are stacked against the individual. Permissions are often formulated as implicit permissions (“If you use this website you are assumed to have given your permission for us, and lots of unnamed third parties, to load cookies onto your computer”) and as all-or-nothing offers: you can only respond by either granting all/complete permission or you can refuse, but if you do you cannot then interact in any way with that company.
What is needed is a way in which you can negotiate with the company, so that instead of responding either “yes” or “no” to their request for access to your personal data, you can respond with a “let’s discuss this”. And that discussion can then take the form of a negotiation of the form “If you do X, then I will do Y”. For instance, “if you offer me a discount of 5% on my purchases from this website, I will give you the information you’ve asked for”. And if you offer me a payment of £x I will allow you to retain and use that information for the next 12 months”.
This third stage represents a mature information market, where both sides recognise the value of personal data, respect the ownership of that data, and have adult-to-adult conversations about the basis on which one person will allow another person to have and make use of that data. And that’s precisely why Handshake, a UK start up, has built an app and infrastructure that will allow these third stage, adult-to-adult conversations to take place.
