Privacy in a time of Big Data

Privacy in a Time of Big Data

Ann Racuya-Robbins

The emergence and existence of Big Data technologies and techniques have scoped the challenge of insuring privacy in contemporary life. It is fair to say that there is an inverse relationship, roughly speaking, between big data and privacy. That is as data scales up privacy challenges become more grave. The factors pressuring big data to scale, to get bigger, faster… are powerful including a hoped for competitive edge and speed and cost reduction of analytics to acquire these competitive edges under the name patterns. While the term patterns has gained currency in the field the term’s meaning is not so well understood. It is important to state clearly that the patterns that are sought are themselves data that contain or create an advantage. Understanding is itself an advantage.  By advantage is meant largely a competitive commercial monetary advantage by a third party other than the data subject.

Privacy is a subject of individual life and living.

Privacy is an expression of biologic specificity. Privacy properly ensured and governed preserves innovation, creativity and living development. In this way privacy is a key ingredient of survival and successful maturation.  The pervasion of data that has thrown open the loss of privacy carried in computer and ICT infrastructures is a relatively new phenomenon. The concern for privacy is a recognition of the broadening value of all individual life.  A recognition of the dignity and richness of every life. A recognition that individual life is not rightly an object or property of another.

Privacy cannot be reduced to personal information i.e. name, address and/or other factuals. PII is an obsolete moniker for our subject.

Let us stipulate that we will in this first instance be referring to living individual adults. Living has many stages and forms that must to be addressed later.

Privacy is—living individual’s control over and freedom and refuge from data collection, capture, extraction, surveillance, analytics, predictions, excessive persuasive practices and communication of the living individual’s life, including external or internal bodily functions, creations, conditions, behavior, social, political, familial and intimate interaction including mental, neural and microbial functioning—unless sanctioned by civil and criminal law and when sanctioned only under protocols where the ways and means of collection, capture, extraction, surveillance, analytics and communication including new methods to emerge are governed by appropriate social cooperation principles and safeguards embedded in ICT infrastructures and architectures overseen by democratic courts and civil and community organizations and individuals peers charged with insuring proper conduct.

Living individuals own the data generated by or from their lives. Should revenues be generated from the collection, capture, extraction, surveillance, analytics and communication of the living individual’s data the majority of revenue generated from the living individual’s life belong to the living individual. Data ownership, provenance, curation, governance as well as the consequences of violations of privacy practices must be encapsulated in or within the data, be auditable and travel in encrypted form with the data. Where possible block chain techniques shall be employed as well as counterfactual strategies (processes) in engineering privacy.

Provenance is an accounting of the history of data in an ICT setting.


Next Steps

Define further Data Governance, Data Provenance, Data Curation, Data Valuation. Integrate the principles and practices outlined above into an archetypal Privacy Use Case(s) and articulate the Privacy Use Case as it proceeds through the reference architecture.





Individual Human Well Being in an Era of Intangible Dominance and Platform Economics

I am now beginning to wonder if we are chasing a false choice or dichotomy. Is the choice really between privacy based on individual rights vs individuals’ belief that they have been harmed? Is broader better or worse? If we are making a choice based on a fear that commercial interests won’t participate in the IDESG IDEF, what is that fear based on? Outside the digital divide if we go the highly automated (high velocity) route to identity management the issues and choices will likely become invisible to the individual. Risk management may help. As I understand this privacy approach it is based on both rights and harms. From the perspective of the individual human being do not harms require a higher burden of proof (in time and money) than rights? Without portability there are no remedies currently today so is not portability an essential piece of this our requirements. Human Rights

The sense that is emerging is that we need a conjunction of the rights and harms language along with a portability requirement.

Best Practices for Human Attributes

How to Move towards Trustworthy ground with Human Attributes

Human Attributes—all the aspects of a life—in online transaction environments—should progress towards the creation of Standards for the attributes-lifecycle. Such Standards should include how to respect, care and creatively treat those attributes. I think this is the right direction.
I think there should be a base Standard of assurance that will allow for the greatest range of transactions by the greatest number of participants. More on this later. Such a base standard of assurance should be agreeable by all stakeholders including individuals. This will require individuals to better understand monetization of human attributes and the crucial complex of the meaning of human attributes.
To move towards and achieve Standards for the attribute lifecycle a central challenge and dilemma must be undertaken to transparently articulate the relationship between Personally Identifiable Information (PII), attributes over a lifecycle and attributes that create PII through aggregation, provenance or other time related processes. We must acknowledge that PII and attributes are, more or less, on a continuum. The truth needs to be told that privacy requirements are not meaningful without taking on this challenge. I have some suggestions for standards in this area that I would like to forward at the proper time.
Here lie many perils and much promise.