The UK Information Commissioner says 80% of the population is now concerned about protecting their personal information online. Publishing new research to coincide with European Data Protection Day, Chris Graham and Justice Minister Lord McNally advised people to ensure information held them is accurate; to see and correct the information organisations hold; to use strict privacy settings on social networking sites; to stop unwanted marketing and “read the small print”; to password protect wifi and to “ensure your information moves with you”.
More strength to the Commissioner’s arm, in one sense. We at Mydex entirely support the sentiments. But in reality people don’t yet have the tools or capability to do this. Both Chris Graham and Lord McNally should be in no doubt about this.
To check information about you is accurate means a subject access request. These are a major pain; it took me weeks and a cheque to get 850 photocopied pages back from Orange. There is no way in heaven we could correct the inaccurate information hundreds of organisations hold about us even if we wanted to. And why should we want to? Organisations mostly hold this information in their own interests, not in ours.
Social networking sites do offer a level of privacy settings. But these are about as ineffective, inaccessible and incomprehensible as they can manage. Underneath these, the deeper privacy constitution of these sites is fundamentally flawed. They grab as much of our personal data as they can, and it’s only gradually dawning on users (“dumb f*ks”, as Facebook founder Mark Zuckerberg memorably calls us) that this is their core purpose. They offer a free service because it is we – our personal data – who are the commodity.
The Commimsoner and the Minister advise us in all seriousness to read the small print. Let us ask them: do they read the small print? Is there a single person in the UK who has reads the small print for any phone contract, utility contract, bank, insurance or public service they use? The small print is not designed to be read. And if they did, could they do anything about it? The small print is not designed to be acted on either.
People simply don’t yet have the tools they need to make this work. It’s time the Commissioner and the Minister moved beyond well-intentioned sentiments to consider how we deploy offer some workable suggestions.
We need information management tools that run on the side of the individual. Personal data has to be the user’s to manage, control and share. We need volunteered personal information agreements drafted with the user’s interests in mind. We need single-button subject access requests which let us “download our data now” to check and return if we wish. We need an emerging range of independent services drawing on our volunteered personal information to let us realise the value and power of our personal data.
In short, we need services like Mydex. Adding such individual-centric services will start to enable real privacy. It’s personally empowering for individuals and economically effective for organisations. As data volumes grow, it will be increasingly clear that it’s the only sustainable model.