Allow online privacy by design and default

Update: 2018-04-07 09:00 IST

When Aristotle seminally made a distinction between the polis (a city state in ancient Greece, especially as considered in its ideal form for philosophical purposes) and the oikos (the basic unit of society in most Greek city-states), laying the early foundations of the confidential zone, he did so around clear societal demarcations and a very different understanding of what was private, and what privacy needed protection from.

In an era of automated public and private spheres mediated by all-powerful, all-pervasive online intermediaries, these boundaries have dangerously blurred, and the fallout of this is visible for all to see.

A number of the technologies that we spent the best part of the last decade celebrating have fallen from grace, and more watershed moments than one would have liked have heralded renewed demands for privacy in a new avatar – that what is proverbially whispered into the palm of your hand isn't proclaimed from the vast house-tops of cyberspace, to your detriment and in ways you cannot even foresee.

In this environment, privacy takes on a whole new meaning and context, and is not just about preserving a sacred mental and physical space, but also informational control. As Danah Boyd recently proffered, beyond simply restricting access, privacy today is about strategically controlling the availability of one's information in different social contexts, as well as its interpretation and reach.

But how do we balance this with, going back to Aristotle, our inherent disposition to be social animals? Can we continue doing so online and expect a fair privacy bargain in the process?

The privacy paradox – our claim to hold privacy as a high virtue, yet part with our information for a voucher code, Farm Coins, or free Wi-Fi – is very real. The blame for this, however, does not, try as the tech giants might, lie squarely on users, who have every right to be spooked by Cambridge Analytica, Strava or Netflix's "creepy" tweets – and others that did and didn't make it to the headlines.

The internet was born as a free and open space for people, who have instead been thrust into walled gardens, unwittingly and systematically misled, monetised, and offered unfair, sometimes dire, choices online. A recalibration then, was long overdue.

For big tech, balancing meaningful privacy and control with business models inherently at cross purposes with the Net's ethos, is going to be an uphill task. Built around the data-for-ads value exchange, cutting off, controlling or reshaping the supply of that data has direct consequences for businesses, as Facebook, Acxiom and other stock prices reliant on maintaining that status quo have recently shown.

Also challenging is the manner in which the current ecosystem has technologically been constructed. The Move-Fast-and-Break-Things dicta translate into systems designed to incentivise (over) sharing and then vacuum up, analyse and disseminate data, primarily so that it can be monetised with tremendous speed and accuracy.

Imbuing these systems with respect for user-agency, contextual integrity and accounting for meaningful privacy in networked environments –where you may choose to be a social media hermit but turn up regularly on your friend's (public) Instagram – is going to require going back to the drawing board on several fronts. 

As rights go, the solution to addressing this doesn't lie in simply providing greater individual ownership and control over and consent for using data, although these are key constituents of the privacy toolkit. 

Preserving privacy includes balancing the data-for-services barter so it is no longer askew. Knowing what you're signing up for doesn't make up for being given a raw deal you have no choice but to agree to.

An important premise of right to privacy being inviolable is that choices inconsistent with these rights cannot be presented to begin with, and they cannot simply be circumvented by burying things in fine print and engineering consent. 

With comprehensive new data protection regulation flowing from such rights in place and on the anvil in many parts of the world (including in India), carefully accounting for a majority of these issues, the hope this time is that the law will not have to continue to keep playing catch-up, reactively bandaging our privacy wounds one at a time.

Rather, the idea is to send users out into the web forearmed with comprehensive rights, meaningfully in control of their data, and shielded by privacy – by design and default. The shift in the privacy burden, and it is a heavy burden to bear, onto those we entrust with our data to do right with it, is what is hoped will be key to ensuring much of this.

Beyond this, it is also time we as users meaningfully utilised the increased agency we're being offered. Perfunctorily taking steps like deleting Facebook or slapping a webcam cover on your laptop are, while not entirely meaningless, largely placebos and can leave our understanding of, and response to, privacy stunted, keeping us vulnerable to being gamed in newer ways yet again.

Our informational privacy demands and deserves more of our time and attention, and proactively developing an objective, more nuanced understanding of our personal data, its use and our rights over it is an important obligation we must all fulfil. Our collective action in doing so, backed by powerful rights balancing the scales online, may just let us, at least in part, have our privacy and eat it too. 

By: Arnav Joshi 
(Arnav Joshi is a technology lawyer, data ethics researcher and Data and Society master's candidate at the London School of Economics)

Tags:    

Similar News