Sovereign Identity


Europe's General Data Protection Regulation goes live in May 25, 2018 and it reached across international boarders to apply, in some respect, to every individual who has a European individual or institution in his/her/their degrees-of-separation. Case law will ultimately determine what Personal Data is, but how has the GDPR effected the future of humanity from a digital and human rights standpoint?

The ‘always-on-consumer’ leaves more and more digital residue. They search and buy across all digital channels. Beyond this, there location data that ties this behaviour together to show detailed online/offline attribution on any advertising.
Let’s start discussing this consumer data? What does GDPR do for the rights of the consumer? How does it shift the existing business paradigm?
The GDPR essentially accomplished 3 things.
1) Establishes cyber compliance
2) Establishes a need to protect #PersonalData
3) Establishes a human “right to erasure” of that data.
In a pervasive way, the consumer is given agency over all info that disseminates from them.
I understand that consumers have the right to have their data expunged. But on the flip side, consumers now also have sovereign ownership of their identity and data and can positively manage these asset. On May 25th how does the world change for the consumer?
The world changes by whom is able to inquire about their digital footprint. The legal process that attorney’s call “discovery” is the opportunity that every person will now have at their disposal to review their value/influence and make decisions as a contributor & controller.
I think that the most interesting opportunity presented by one’s personhood’s ownership of one’s #PersonalData is that it differentiates the process of contribution from creation. Meaning, individuals who contribute can be accredited some stake in institutional (group) creations.
Presently a small amount of enriched data about your location, behaviour, outlook and lifestyle choices – via Google Home, the smart TV, or an app allows brands and services to hyper target you. With 300 likes on FB, the company know more about your behavior than your spouse
Practically, how does the consumer repatriate that ownership? How does he / she become contributor & controller? Do we put our sovereign identity into the blockchain and manage transactions via a smart contract?
Great link @LATimes.
Blockchains are definitely options, and so are many types of products that manage the transactions of our data wherever they exist. But first things first, individuals need the legal right to claim control over the evidence of their contributions (i.e. data).
Regarding the how in your 1st questions, I think it starts with a negotiation between the individual and the institution that is believed to have created some productivity based on a contribution of said individual. The negotiation may / may not need to use a tool like Blockchain
Yes, on a corporate level it is a negotiation between the individual and institution; you can explore fair compensation for knowledge-based assets outside of salary reimbursement. This maybe a small subscription dividend for individuals that contributes to any IP or a data asset.
However, outside of the corporation, when an individual is trading behavioural DNA and social touch points to a brand or advertiser, don’t you need to remove the middleman? If not, you’re back to trust and enforcement via intermediaries that have screwed the consumer in the past.
Having the consumer’s sovereign identity in an immutable ledger and using a distributed application to manage transactions against that identity makes the world trust-less and safe? Trust-less is good = no need for trust.
I’m reminded of sitting with a Bank CEO in Poland last year and he referred to his institution as an arbiter of trust, not a bank. Knowing the seemingly exponential growth of hacks, I of the group that think institutions to counter falsehoods will still be necessary.
The number of hacks and the complexity of hacks grows. Even with encryption, the onslaught of computing power and quantum computing will eventually render it useless. I think that the pervasiveness of data proliferation will look like a bell curve and people will be in play.
I’ll say this about blockchain. It is brilliant infrastructure, and we need to use it as much as possible, but it is no long term substitute for humans having to rely on each other.
I still feel that from a consumer perspective banks, media networks, governments may not be seen as the arbiter of trust in a post GDPR world. This is exacerbated by the fact that GDPR could translate into huge fines that could be levied for breaches.
Talk to me about how the consumer repatriates data ownership? If I want to monetize my data where do I start? Does the average consumer understand how to contractually value their data and media touch points. What utility solutions are their beyond the regulatory noise?
Via this regulation, code becomes law, data becomes law, the words, the 0′s, the 1′s becomes the language of the contracts that contributors (individuals) and creators (institutions) have with each other.
I like that you’ve used the word “repatriate”, because we are “sending back” the pieces of ourselves that were contributed to the various productive creations that we’ve participated in, via those 0′s and 1′s.
That stated, via the data lockers and data brokers and blockchain products that exist, people will need to use the evidence of their contributions to negotiate a piece of the productivity pie. I’m thinking about Americans and their pie in particular.
It’s important that a dividend or royalty or bonus structure or whatever we want to call it, is distributed to a contributor after productivity has been identified and banked. We’re solving a distribution problem of equity, after all.
Any tool that captures #PersonalData as input helps the legal argument. Ultimately our best tech is the law. #CodeIsLaw
Technology comes in 3 forms. Methods (processes), Hardware (thing we can touch), and Software (things we can’t touch). They all support proliferation of data.
It is interesting for me that GDPR discussion is mainly centered around how corporations and institutions can best navigate impending regulation as opposed to the applications that facilitate the end data-owner’s dividend or royalty management.
Let’s turn to the US. What are the cross Atlantic implications? Does data as a asset class, potentially revolutionize how we compensate consumers and knowledge workers moving forward?
It reminds me of Thomas Piketty’s book on capital in which he bemoans how the disparity of capital vs. income leads to an unequal distribution of wealth which in-turn causes social / economic instability. Could capital in the form of DATA OWNERSHIP shift this equation in the US?
I agree. Still the economics are ill defined for the price of transactions, either for the asset (data) or the transaction itself. “Royalty management”, as you put it is what smart firms are developing right now. The innovation potential is in educating people of their worth.
GDPR should be coined the “Global Data Protection Regulation” because it effects Europeans in the US and visa versa. I think that the most interesting thing about the new agency over data is how we compensate both knowledge workers, knowledge-of-workers, and knowledge-of-others.
In economics there is a concept of rival-data that helps assign legal ownership of an asset. Think about CD’s that can be assigned to a single controller. #PersonalData is a non-rival-data that can be in use by multiple controllers and subsequent processors, at once.
I think that a “controller” stake in data shifts the legal potential of capital ownership and income as a result. The commodification of data, per the human’s right to agency over themselves in the non-zero-sum game of capital growth is our opportunity for income equality.
Well I look forward to continuing this discussion as data / controller issues become clearer and internationalized.
I think there is no more appropriate way of ending this discussion then with a picture of the first filming of the MGM opening credits in 1928. No data protection here for this beast.
Regarding the international law around the asset class, there are plenty of cases right now that shine a light on who owns the data that is in the hands of a controller/processor. David Carroll (US), professor at Parsons School of Design in NYC is suing Cambridge Analytica (UK).
Whomever produced that lion shoot and participated in it deserves some equity on the imprint. The world can be a more ethical and equitable place while the transaction of work and knowledge become more autonomous and integrated.
Thanks Gary. Let’s so it again some time.
If you are a member of this panel, please sign in to contribute.