The rules, systems, and translation tools that share, interpret ,and enforce personal information-based decision-making are almost completely opaque to the original provider of the data. Data discrimination is pervasive and increasingly denies the enhancement of life-chances to those who are already resource- and biography-poor.
The Accuracy Problem
All of the above assumes that the data that's held is accurate. If the information is inaccurate, still greater problems emerge.
The discovery of personal data inaccuracy; the effective remedy of these inaccuracies; the assessment, unraveling, and compensation for derived decision-making are, to all intents and purposes, impossible for the individual, at present.
What is required, then, is a pervasive system that reliably ensures and polices both the accuracy of the data and its correspondence to the human being behind the data—in ways that are realistic in light of the prevailing risks. In short, an Identity Preference Service (IPS).
At the point of personal identity use—where value is about to be exchanged based on the assumed accuracy of the data and accurate identification of the data subject and the relying party, four basic authentication principles apply:
- The minimum amount of attributable information must be used.
- The integrity of all the data being used should be testable, tested, and the results openly shared.
- The "actuarial" basis for the information-reliance plus any risk assessment intrinsic to the exchange must be clear to both sides.
- The "contractual" basis of the information exchange and associated permissions must be recorded and retained, and accessible to both parties.
In the absence of IPS-system coming to fruition, individuals must content themselves with enacting the principals of the Data Protection Act on an individual basis (see below).
An IPS Charter: Improving Data Integrity
EC Data Protection Directive | IPS Charter Implication | |
1 | Intention and notification: the processing of personal data must be reported in advance to a Country's Data Protection authority or an organization's privacy officer, unless the processing system in question has been exempted from notification. | Individuals should acquaint themselves with their data protection rights, and treat their data as a valuable commodity. |
2 | Transparency: data subjects must be aware of who is processing their personal data and for what purpose. | Individuals should maintain a record of all organizations to whom they have knowingly given their data. |
3 | Finality: personal data may only be collected for specific, explicit, and legitimate purposes and not further processed in a way that is incompatible with these purposes. | Individuals should actively close down redundant relationships and ensure the destruction of outstanding data records. |
4 | Legitimate ground for processing: the processing of personal data must be based on a foundation permitted by national legislation, such as consent or some other legal obligations. For sensitive data, such as health data, stricter limits apply. | Individuals should exercise caution in giving any data that seems superfluous to the requirements of the transaction. |
5 | Quality: the personal data must be accurate and not excessive in relation to the purpose in question. | Individuals should seek to correct any inaccuracies in data held, and ensure that changes are made and confirmed. |
6 | Data subjects rights: data subjects have the right to access and correct their data. | Individuals should exercise their rights to access significant stores of data about them. |
7 | Security: providing appropriate security for personal data held within IT systems is one of the cornerstones of the DPD. | Individuals should be very wary of doing business with organizations whose identity protection systems are not sufficiently sophisticated. |
8 | Processing by a processor: if processing is outsourced, it must be ensured that the processor observes the instructions of the controller. | Individuals should seek to know in what locations their data is being held, and what security procedures apply. |
9 | Transfer of personal data outside the EU: in principle, the transfer of personal data outside the EU is permitted only if that country offers adequate (similar to EU-level) protection. | Individuals should ensure that the data they divulge online is governed by equivalent standards of security and rights of access and correction. |
Moving the discussion forward from theory into practice, it is worth considering how IPS could actually work.
IPS Version 1.0
IPS would enable the enforcement of three principles already enshrined in the Data Protection Act and interpreted in our individual and corporate data charters. These application of these principles is currently clouded by individual corporate practice and lack of accountability of personal data management:
- Transparency: IPS users assert their right to ensure that they are informed of all those who hold data about them.
- Quality: IPS users are able to ensure the accuracy and consistency of data holders' information about them.
- Finality: IPS enables users to enforce their right to curb unauthorized data use.
Crucially, and differently from existing one-way MPS/TPS solutions, IPS would need to be a two-party, mediated system. Data holders would register their data holdings with the service, and individuals would register their detailed preferences.
IPS Specification: Version 1.0
Bringing the IPS principles to life:
- Transparency: Categorical reporting. A universal request for declarations of data holdings, organized by data field.
- Quality: The secure publication of a single set of personally approved data set, by category, which suppliers approved by the individual may access on a field-by-field approval basis.
- Finality: Data reboot. While it is unrealistic to claw back data from existing abusers, users would require that any new data users abide by their IPS-based data contract, rather than the data owners' pre-existing procedures. A standard clause would supersede existing corporate data clauses.
In due course, with IPS in general accepted use, one can easily envision the clustering of services and applications around it to make better use of the accurate and feely provided data that IPS holds, and a shift from a monolithic protection model to one that enables a genuine personal data marketplace.
Trivially, this would include agreement of bilateral data-sharing principles and disclosure of decision-making rules based on personal knowledge.
Whether these services are provided by IPS itself or by IPS-compliant vendors would emerge over time.
IPS Evolution
The services that grow around IPS would enable individuals to actively manage rather than merely restrict the richness of data holdings about them in relation to specific relationships.
The personal information management practices enshrine in IPS would include...
- Requests for access
- Specific denials of access to individual providers
- The negotiation/sharing of standardized data sharing SLAs
- Ratings of service and security procedures to build an "approved register" of trusted data managers
- Data breach notification and investigation tracking
Conclusion
If a system such as IPS were to take hold, its eBay-style market momentum would be unstoppable. Rather than acting as a mere palliative for corporate anxiety, it has the potential to reset the basis for existing customer interactions and kick-start a value revolution. An evolved IPS offers a full-fledged consensual architecture for relationship marketing of the future.
In conclusion, the message of IPS is in direct contradiction to Scott McNealy: "You have zero privacy today. Get onto it."
(NB: It is important to understand that "Identity"—in this IPS context—is used relativistically. I take identity to mean "all the bundles of information and derived knowledge about an individual which uniquely define that individual's relationship to another party." Even in the most extreme cases of "identity theft," it is an assumed persona in a specific relationship context which is overtaken—not the ego itself!)