A new initiative by the World Summit Award (WSA) initiative seeks to use its global multistakeholder network to push forward personal data ownership and big data issues at UN discussions. At an open discussion, the WSA invited participants to share views on issues with the current system of data use, the need for permission-based access, and steps for further action.
The workshop on “Data citizen rights, my data belongs to me” was organised by the WSA on 9 June, parallel to the United Nations World Summit of the Information Society (WSIS) +10 conference, which took place from 10-11 June.
More information about the WSA, which is an initiative under the WSIS on selecting the world’s best digital content and applications, is available here.
Peter Bruck, chairman of the Board of WSA, said, “We are contributing continuously to what I call our data skin.” People live and work online; they’re connected with mobile devices, computers, and sensors. The world is now moving into an age of the “Internet of Things” where data is automatically generated, collected and analysed by machines.
This “data skin” allows people to get credit at the bank, book holidays, cross borders, and use data to find friends and mates online, do business, interact with authorities and entertain themselves. “Yet this skin does not belong to us, nor is it defined by us,” he said.
Rather it has been, without permission, subject to “astounding depth and shocking breadth of data collection by a national security agency” and commercial use, referring to the US$19 billion price tag put on Whatsapp when acquired by Facebook.
Data protection has not been successful in guaranteeing against misuse, claims Bruck. He proposes instead a human rights approach to data, where the “issue is not protection, but rights, not safeguarding, but property ownership.”
Nigel Hickson, vice president of ICANN Europe based in Geneva, said this discussion was pertinent and timely following the Edward Snowden revelation and the recent European court ruling upholding the “right to be forgotten”.
Ayman El-Sherbiny, chief of ICT Policies at UN ESCWA (Economic and Social Commission for Western Asia), highlighted the issues of geography and jurisdiction, and the fact that within the internet space, “businesses companies having highest level of control over data.”
The role of states as protector of the rights of people “has very much diminished,” he said. The global cloud is controlled by businesses, and there are no legal obligations on these companies from any legal jurisdictions to protect the rights of people.
In response, Bruck declared that an international instrument should be based on the universal convention on human rights regarding privacy, which all member states have signed up to. This will on the one hand provide justification to protect the right of citizens over their own data against the Silicon Valley principle of “everything belongs to me if I can catch it.” It will also provide support to initiatives that attempt to protect privacy, where in the past they have failed after being perceived as interfering with the human right for freedom of expression.
Unfair Bargaining Power and Permission
A convention on citizens’ data will “turn the table around” on data use, said Bruck. Instead of defensively having to protect ourselves as producers of data, users must get permission.
“If you wish to use my data, get my permission. And then make transparent what uses you are taking,” he said.
Richard Hill, an independent consultant in Geneva, pointed to the fact that although Gmail users may have agreed to Google accessing emails for targeted advertises, non-Gmail users who send emails to Gmail users have not agreed to those terms, yet are still having their emails read.
Others are also using an email server, which unknowingly has Gmail behind it so senders have no knowledge that their emails are being read.
“It’s clear there is no informed consent,” he stated. “What we are missing is government action to cure some of these abuses.”
Participants referred to other imbalances in current online permission systems. Irene Kaggwa-Sewankambo, from the Uganda Communications Commission, pointed out that many people do not read the terms and conditions before accepting them when using apps or other online services.
Thomas Malama, director for legal and regulatory affairs at the Zambia Information and Communications Technology Authority, added there are also imbalances within legal principle of freedom of contract. Often users have no option to opt out of terms and conditions, no power to change them, and no other alternatives. They cannot proceed without accepting them as they are, he said.
“Millions of people feel they are helpless vis-a-vis the systematic aspect of what the internet and IT is creating for us as a virtual environment,” Bruck emphasised.
When asked to accept cookies when accessing a website for example, the host will not indicate what they will do with the cookies. “Permission means not just a summary permission,” said Bruck. In law, contracts have to spell out all the different ramifications of entering into contracts, and this should be the same online, he said.
The government’s role is to create the right frameworks around ICT innovation, said Bruck. He referred as an example to Germany’s consumer advisory guide issued after Facebook acquired Whatsapp, which made a “slight recommendation” that consumers might chose another instant messenger that doesn’t require them to give up data.
Plan of Action
Nibal Idlebi, chief of the Innovation Section of UN-ESCWA, pointed to the issue that there is almost no personal data protection law in the Arab region. Action needs to start with the private sector, she said, with those providing the services. It is the responsibility of civil society to raise voices with these stakeholders and “tell them there is something to be changed,” she said.
WSA plans over the next six months to introduce and partner with governments, organisations such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society, and other stakeholders, to convince them to join the initiative, said Bruck. They would like to see it brought into discussions of WSIS, to clarify and sharpen the issues and seek maximum possible consensus.
The second step, said Bruck, is to use these consultations “to compile and draft the core elements for a Charter of Data Citizen Rights and moderate a lively discussion on this urgent subject.”
They would also like to develop manual or handbook integrating best practices, such as Estonia’s interconnected government services, which ensures accessibility of all data by the citizen.
Susan Teltscher, head of the ICT Data and Statistics Division at the UN International Telecommunication Union (ITU), presented ongoing related work at ITU.
On the subject of big data, they are looking at standardisation, interoperability, integration, technological roadmaps for data analytics, security frameworks, techniques for anonymisation in data aggregation, exploitation of big data and related challenges. On the regulatory side, they are looking in how data can be regulated, the interaction with copyright and IP laws, digital transparency issues, as well as the prevention of market dominance.
Idlebi emphasised the importance of addressing the potential socio-economic aspects of “my data belongs to me.” On the economic side this includes how this will affect business, how business are making money of “our” data. On the social side this may include how data can be useful for society in terms of statistics.
Data offers a lot of opportunity for measurement, said Bruck. It provides real time information for policy purposes and development. There is a need to look at how data is collected, anonymised and treated confidentially on a national level, which could benefit from discussions with statistical agencies, he said.
Bruck emphasised there is “no contradiction” between an open internet and data rights. It is an “issue of permission and negotiation.” He sees the benefits in aggregating large data, but it is a question of who has access to this data, creating a level playing field and developing “best practices”.
Adapted from ip-watch.org