Irene C L Ng

I am Dasein: Be-findlichkeit, Verstehen, Rede

Consent is a loss

consent.jpegThere are some things in the world we would not consent to.

Not because we don’t want to. But because we lose too much from it.

Would you consent for someone to dress you? No, because s/he would see you naked. Would you consent for someone to feed you a meal? No, because you you can probably do it yourself.

In the real world, consent to do something to or for someone (a service) is only invoked when that someone can’t do it himself/herself. When we get old and lose our ability to help ourselves, only then would we allow for someone else to do it for us and we consent for them to do that.

Consent is also sought when that someone or something can do something better than we can. We then allow the service, and consent to certain actions being taken on us or on our belongings.

On the Internet, consent is everywhere, especially in asking to use your data. In fact, the meaningful consent project is exactly trying to give guidelines to companies to ensure that consent is meaningful and you are aware what you are giving away to get the service.

The problem of course, is that even if you are aware what you are giving away, we often have not much choice — the ability to choose between services that take more or less from you. In the world of money, we choose things based on ‘value for money’. On the Internet, because data isn’t easily decomposable to currency terms, we often cannot assess what more or less data would mean for ourselves and as such, services can’t really consider data acquisition as a differentiator. So very often, we either have to give up our data or not, to get the service. On the Internet, whatever privacy we get, is just scraps off the table.

Moreover, we also cannot do many of the services ourselves. We do not have software, bots or technology owned by us. So we consent to everything because we are helpless otherwise. The best analogy in real life is like paying a company for a service to use their calculator because we don’t have one of our own, or paying a company to use their computer, like the Internet cafes of the old.

We know how that went. That evolved into us having our own calculators and our own PCs.

It’s finally time to have our own cloud-based micro server. The HAT!

When we started building the HAT, we knew it was not meant to be just a data store. We wanted to build something that gave us as individuals superior technological abilities on the Internet to claim, store and share our data. Yet, when we started to build it, everyone said it would be an awesome new ‘service’, a personal information management service (PIMS). Wait. So the HAT joined every ‘service’ on the Internet out there to make the individual even more dependent on Internet services? Huh? So to use the HAT, individuals had to ‘consent’ to their data being acquired and used by the said ‘service’? Er… no.

Very carefully, we started to build the HATDeX platform around HAT ownership. We used container microservices but with one database per person within the container so that data at rest is always in your HAT database and never mixed with others. Data in transit is always encrypted, built on the Internet. No sysadmin access — no peeking. When it came to Data use, we made sure that it wasn’t about consent anymore. It was about the HAT owner giving rights to the acquirer of the data through a data debit. The situation is now reversed. Data acquirers come to HAT owners for the data and HAT owners give access to it under rules that both can jointly agreed on (moderated by the platform) and if data users violate those conditions, a HAT owner can terminate those rights.

When it came to moving the data around, we didn’t just build one big service for the person. We built 7 ‘butler’ services for facilitating the data processing and control in the HAT so that these services do the HAT owner’s bidding as opposed to doing it for the HAT owner (a subtle distinction, but if you are a parent, you will understand). In other words, we built the HATDeX platform to be truly co-created with the HAT Owner, with services like storing, analyzing, organising and sharing personal data on the Internet under the control of the HAT Owner, and the platform facilitating the movement of data. The co-created design and implementation embeds a deep respect for the person because we believe these services touch the most intimate aspects of our digital selves — our personal data — and there are parts of it that really shouldn’t be given to other services because they make a person vulnerable, and much like the real world, we loseprivacy and dignity if we consent to have it done by someone else.

That said, there will be many other apps we would gladly share our data with that would give us awesome services. For these apps, we reward them with our attention, our personal data and even our money. The fact that we control this asset of person-controlled personal data, we become more valuable, ‘wealthy’ even, and the personal data economy should evolve into one where we really have the economic power to reward and punish.

Finally, we tackled the law. Two law firms (with some wonderful lawyers) and our own in-house lawyer, 4 months later, we carved out a set of the simplest legal agreement around HAT ownership on the ecosystem and a new privacy policy. Based on the way we created the technology, the HATDeX platform only supported, facilitated and enabled data exchange. If you took the words of the current legislation for data protection where data controllers cannot be individuals, then there is no data controller on the HATDeX platform. If you take the words of what data controller really means, then the data subject, the person, the HAT owner, is the data controller.

The micro services on the HAT are therefore ours to instruct. It is our own private space, our own micro server, acting on our own instructions. It is beyond privacy by design. It is all about the HAT owner having technology on the Internet, being a superior Internet citizen and empowered to engage with apps the way it should be — giving rights to our data. You never need to give consent for your data to be controlled and processed by the HAT. The HAT is yours.

Originally published on Medium

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Information

This entry was posted on November 20, 2017 by .
%d bloggers like this: