Big Data leads to new international data processing policies
Big Data leads to new international data processing policies
by Mikhail M. Komarov, National Research University Higher School of Economics, Moscow
I would like to agree wholeheartedly with Peter Schaar’s paper “The Internet and Big Data – Incompatible with Data Protection?” and particularly with his proposal of developing new data processing policies. We live in a world where technology develops fast. Unfortunately, we usually face big delays between the introduction of new technologies to the mass market and people around the world and the evaluation of the influence of those technologies, either on ecology or on the lives of human beings, including in terms of privacy or personal data protection. As a representative of the academic community, I find myself in a similar situation when a new technology is developed but is then followed by a considerable delay in developing a new educational course which teaches others how to use that technology properly.
Over the last twenty years, technological development has overtaken the policy-making process, and usually we face a problem first and then try to solve it. I think we encountered a problem when Web 2.0 was developed and implemented quickly in our lives. We realized it only after the Snowden leaks and now we are trying to propose mechanisms to solve it. We understood the information we were sharing with our friends and relatives via many Internet services was available not only to its target audience. We should also understand and accept the fact that information is now one of the most critical resources and it is on the same level as oil and gas. It is also necessary to remind ourselves of the differences between the terms “information” and “data”. Data is the source of information, and what kind of information and how much information we can get from the same amount of data depends on algorithms, i.e. the mathematical methods we use, as well as on the skills of the people processing that data. That is why when we are talking about privacy, we usually mean information about us. But in terms of the policy-making process, we are focused on processing data which consists of some of our personal information. I think it is quite important for our understanding that Mr. Shaar mentioned “most of the current data protection rules and regulations focus on the individual procedure used for data processing” and that “data protection regulations consider data processing from a micro perspective: single pieces of data, an individual algorithm, a specific purpose. Today, companies and public bodies see data processing more and more from a macro perspective”. This is where the line is drawn – on one side, we should process the data in order to make efficient prognoses, improve processes and improve our quality of life; on the other side, while processing the data, we should be responsible for an individual’s personal information contained in that data (or someone’s personal data). That is why data processing and the data analysis process on the macro level should be standardized and regulated much more strongly than on the micro level (on the level of individuals). Governments already collect lots of data about individuals for different purposes and this is where we have to start improving personal data processing regulations. We do not have the individual at the heart of the system of data processing, but business or governmental issues, and most of the regulations are comfortable enough for them; however, the situation should be changed and I agree wholeheartedly with Mr. Shaar – parliaments should be introducing those changes.
I would also like to go further with technological development – from Web 2.0 to Web 3.0. Today, there are plenty of ways to prevent the use of particular websites: by including them in databases, by requesting a password and by only allowing access to certain websites (such as using parental controls). But there are ten times more ways to bypass all these safeguards. The important thing about Web 3.0 is that the resulting information may be counterfeit or misleading, depending on its popularity in society, which is sometimes not correct. It was once mentioned that, from a data protection perspective, one of the main aims of the Semantic Web and Web 3.0 was to make data easier to process and re-use. However, this leads to the question of what becomes of the protection of personal data in such an open, universally accessible web of interlinked data? This is particularly important because applications according to Web 3.0 are likely to be far more effective than even traditional search engines at piecing together personal data, thus increasing the risk of identity theft. This leads to special requirements for safeguards to protect user data, as well as policies to ensure people understand how their information will be used. It is necessary to say that we almost non-protected at the Internet from the non-appropriate information, unfortunately there might be a one-look rule – when you will see something once and obtain that information just to build policy for the future, not to show that information, because we don’t have special governmental or international policies against placing that information on the Internet. In terms of Web 3.0, when our things will use information from the Internet, or generate the information and send it to the Internet, we should specify the policy and special agreement of connecting things to the Internet; there should be a clear identification field which would point to the particular person to whom the thing belongs, otherwise we will have lots of uncontrolled information generators – bots – which will influence the dissemination of information.
We should think about “privacy by design” issues and probably special certification for systems dealing with personal data. I, too, would like to support the initiative of “open interfaces to enable communications between members and non-members” and I think there is a good example explaining how it works with regard to terms and conditions and our privacy: the movie “Terms and Conditions May Apply” by Cullen Hoback.
We should not fear Big Data concept development and the implementation of new technologies in our lives, but we should allow individuals to be excluded from all the analytical and statistical processes at any time. Due to fast growth in the technological field and in the amount and type of data on the Internet, reaction from the legal side has been slow, resulting in a lack of laws and policies to protect our privacy. It is the goal of the international community to jointly update current laws regulating data and information dissemination policy (including on the Internet). How long would it take to arrange joint international action?
|
MIND-Multistakeholder Internet Dialog |
