Consumers and companies are at odds over the data economy. Companies — which saw General Electric make more than $1bn in 2014 from selling data generated by machines — want to join the wider information gold rush. Individuals, however, want more control over the data being collected about them.
For example, about 25,000 people, led by Austrian privacy campaigner Max Schrems, have filed a class-action lawsuit against Facebook for rights violations related to the collection of data.
Then there have been more than 250,000 requests made to Google to remove information from its search results, following a ruling by the European Court of Justice last year that gave individuals the “ right to be forgotten”.
The trouble with the lawsuits and right to be forgotten requests is that they are retrospective and it is hard to put limits on what will happen to an individual piece of data. Under EU law, data belong to whoever collects them in a database, not individuals, while people are producing ever more information about themselves.
“We’re at a tipping point. There’s more data flowing than ever before, and you can’t turn off the tap,” says Richard Law, chief executive of identity management company GBGroup. “We will find people concerning themselves with aspects of their identity that they never gave thought to before, such as health information via the Apple Watch.”
But could a system be created that gave back some control to individuals? An international group of researchers led by Salvatore Iaconesi, a lecturer at the La Sapienza university in Rome, and Oriana Persico, a communication scientist, is trying to create a legal and technical toolkit that would allow people to do just that.
The concept, called Ubiquitous Commons (UC), would insert a layer between individuals and Facebook that specifies how a users’ details can be used. For example, when a user types an “I love kittens” post on Facebook and presses “send” the message would be intercepted by the UC platform and encrypted before it reaches Facebook. They would be asked to specify how their data might be used — perhaps for scientific purposes, but not commercial ones, for example.
The back end of the system would log the user’s instructions to a “blockchain” or electronic public ledger. The data could only be decrypted and accessed by organisations that fit the set criteria.
People in a class action against Facebook for privacy violations
“UC would apply not just to social networks such as Facebook, but the whole internet of things — smart fridges and [activity monitoring devices].”
People would also be able to place controls over the personal physiological data that wearable devices might generate. You could allow your health data to be seen by a doctor, for example, but not by an employer or insurance company. If it were adopted, UC would change fundamentally the balance of power of data between consumers and companies.
Number of ‘right to be forgotten’ requests made to Google
Last month the Ubiquitous Commons group was showing the technology to Italian farmers, who have become concerned that collection of crop data is being monopolised by large food groups such as Monsanto.
Previous attempts to create social media platforms that put users in control of their data have not taken off. The Diaspora project, created in 2009 as a Facebook alternative that put individuals in control of their information, and Ello, a social network set up in 2014 with a promise never to sell users’ data to advertisers or other third parties, have not gained ground against Facebook.
Mr Iaconesi says UC is not positioning itself as an ideological choice or anti-business. Its supporters are trying to gain wider backing for their project and EU officials have already been shown the technology as part of an awareness-raising campaign.
Mr Iaconesi says that Facebook has seemed to be open-minded about UC so far. “On a very low and informal level, we know a lot of their developers are interested in the project,” he says.
Get alerts on Data protection when a new story is published