BYOI (Bring You Own Identity): Pr1vAcyr3aDab1lity

24 Flares Twitter 17 Facebook 1 LinkedIn 2 Buffer 4 Email -- Filament.io 24 Flares ×

“All human beings have three lives: public, private, and secret.”
Gabriel Garcí­a Márquez, Gabriel García Márquez: a Life

The moment you read the first line you’ll be:

A) nodding in agreement with what you just read

or

B) shakes your head in total disagreement with what you just read

yes of course, chances are that you’re simply neutral to what you just read but in that case probably you’re one of that kind of people who think “I’ve nothing to hide so I don’t have secret things to hide, consequently this sentence I’ve just read means nothing important to me”. No I’m not writing a big WRONG to comment your thought, well actually I did it but just to explain a simple concept:

Privacy is one of those few things that it’s YOURS only and NO it’s not about the way you or someone else protect your data

Am I going to write a post around #privacy? Not exactly…

In my last post I’ve described how the introduction of many devices and sensors in our life will produce an unpredictable escalation in the numbers of identities (digital identities) linked to our unique physical identity. The Tree of Identities show how much our data are running up and down from leaves to roots and back and often are being manipulated and exchanged with other trees or other “elements” of our ecosystem.  But all this “ running everywhere” make me doubt about what we’re all talking about these days that we call #privacy.

#privacy is not #dataprotection.

And I bet everyone is nodding with that face that say “obviously!” but let me give you a better definition of what I just wrote:

A definition of privacy may be found in two main roots: one that comes from Romans and the other one from an article written by  Warren and Brandeis in 1890 on Hardwar Law Review.

Let se the Latin definition of privacy first:

In Roman law, the Latin adjective privatus makes a legal distinction between that which is “private” and that which is publicus, “public” in the sense of pertaining to the Roman people (populus Romanus).

Used as a substantive, the term privatus refers to a citizen who is not a public official or a member of the military.

Wikipedia – privatus – http://en.wikipedia.org/wiki/Privatus

It’s quite obvious that we are talking about a simple distinction between what’s private and what’s public. Romans decided to got for an easy way: everything is not pertaining the Roman people was “yours only”, a typical example could be the land owned by a citizen  while eventually the fruits of the cultivated land may be subjected to taxes and so not entirely private.

It already makes a quite simple difference if related to information’s in the digital world. What’s mine and what’s instead may be “not entirely mine”. I’ll try to explain better what I mean:

It’s not that because  an information is private that it could not be disclosed at all but it’s that since it’s private I am the only one who may decide upon it.

But before jumping on more conclusions let me give a second definition of #privacy:

The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.Under our system of government, he can never be compelled to express them (except when upon the witness stand); and even if he has chosen to give them expression, he generally retains the power to fix the limits of the publicity which shall be given them. The existence of this right does not depend upon the particular method of expression adopted

Warren and Brandeis – December 15, 1890 – “The right to Privacy” – Hardwar Law Review –http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

Quite interesting isn’t it? If you look at it this “definition” express two main concepts:

  • #privacy is still a primary requirement for the identity, no matter what kind of identity we’re talking about
  • #privacy require due its legal and practical (in terms of how I use the data) implications a form of protection

 

 

I find it quite interesting  as a result especially if we compare it with what we normally discuss or read around privacy policies. Let’s take the usual standard policy we may found over the internet, in my case I use @medium as service from time to time to publish my post and this is an excerpt from their “privacy policy”:

Privacy is important. We respect yours.

This policy sets out our privacy practices, explains how we handle the information we collect when you visit and use the medium.com website or the other Medium domains, products, services, applications, and content. When you use Medium Services, you are consenting to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as set out in this Privacy Policy. Please read it carefully. For real.

Let’s also state what’s probably obvious, but just in case: We don’t control what Medium users do. Their privacy policies and practices are up to them. If you share private information with other users, we can’t control what they’ll do with it. So be careful.

Please note the important part :

We don’t control what Medium users do. Their privacy policies and practices are up to them.

yes so it is.. You are the only owner of your data. Everything else is about #dataprotection, is about what you may expect from the provider you’re using in terms of: not disclose what you don’t want to disclose. Let me clarify…Everything else is about what we:

  • don’t know ‘cause we didn’t read the privacy policy of the provider
  • cannot control ‘cause we did not set any privacy policy with the provider and the data is transitioning on and off the countries boundaries (so it’s subjected to different regulation law)
  • our company has an in-place privacy policy for your data but cannot apply the same with the provider (public and cloudy…) who actually store the data

I need to start to wrap up this post otherwise all of us will get lost another time and our #privacy debate will end up like the picture at the beginning of this post.

We’re going to live in a world full of devices and sensors that have an associated digital identity. This means that are uniquely identifiable and means also that could or could not be reconciled to us (i.e.: the sensor of a pacemaker). This means also that like in the Tree of identities post we’ll be subjected to a large amount of data exchanged by all of these identities. We also said that these identities may carry on data that may be, at least in some case, subjected to our #privacy but means to that even those devices, due the fact that they have a unique identity may have their “own” data.

Here’s the point:

Who owns really the data in a sensor “attached” to me?

It’s not a pure issue of #dataprotection if we read again the definition around #privacy we have to remind that the way we protect our data from being disclose is a different matter from what we may or may not consider as our only. But now we’re talking about a full set of devices who carry, produce, manipulate data and, if some of them are easily conducible to our physical identity and consequently may be “assigned” to our real of privacy, others are in a grey area.

Is my thermostat data analysis an information I desire to consider as mine and so I want to set up a privacy policy with my vendor or it is something owned, by definition, by the company who built the thermostat or by the vendor who actually sell the device or even more by the company who actually store the data analysis?

what if we’re talking about a bracelet I wear  that my company offered to me? so we have a combination of:

  • my data
  • sensor data
  • company data analysis
  • bracelet provider data analysis
  • (maybe) cloud provider who actually store the data

Who’s the real owner of what and how we may decide if someone #privacy has been violated?

Let me introduce a new question that require an adequate post in the near future:

In the Internet of Everything where seems that API and endpoints will reign, is the concept of #privacy extended or reduced?

 

 

“All human beings have three lives: public, private, and secret.”
Gabriel Garcí­a Márquez, Gabriel García Márquez: a Life

Topics

Archives