I did an online studio visit with some students from Kean University as part of Mia Zamora’s Networked Narratives class. This post is to collect up a few links that I think might be useful follow ups for anyone who watched.
The remit of the studio session was to explore the idea of the internet as a dark place and offer personal perspectives on that for the students to engage with. I was invited to offer something of a European perspective, and I also took the opportunity to explore the broad range of ways the web facilitates the work I do across different roles because I think that offers a more nuanced picture. We also talked about the extent to which we perform different identities in different spaces online, but have no access to our “data identity” – ourselves as data constructs created by the various tracking mechanisms built into the spaces that we visit.
We talked a bit about the General Data Protection Regulation in Europe and the main changes that it introduced into data protection law. For the official line on what changed, this is a relatively lengthy but really clearly written guide from the UK Information Commissioner’s Office. You might want to skip to the section on the rights of individuals to get a sense of data protection as public good:
- Overview of the General Data Protection Regulation (GDPR) (UK Information Commissioner’s Office)
Also some background from a UK perspective that explains the context in which GDPR was born:
- Data protection rights: What the public want and what the public want from Data Protection Authorities (UK Information Commissioner’s Office, 2015 report)
I don’t think I talked enough about Article 22(1) though – which I think could be pretty important since we are starting to see trials of facial recognition software by UK police forces now:
“The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly affects him or her” Article 22(1) (What does the GDPR day about automated decision making and profiling – UK ICO)
We talked a little about what’s happened since GDPR was introduced – specifically that European agencies are starting to use the larger powers and fines that it provides:
“Dr Lukasz Olejnik, an independent privacy researcher and adviser, said the ruling was the world’s largest data protection fine. “This is a milestone in privacy enforcement, and the history of privacy. The whole European Union should welcome the fine. It loudly announced the advent of GDPR decade,” he said.” (Google fined record £44m by French data protection watchdog – The Guardian)
In general we potentially seeing the start of an attempt to regulate, with competition authorities also pushing back:
“With regard to Facebook’s future data-processing policy, we are carrying out what can be seen as an internal divestiture of Facebook’s data,” said Andreas Mundt, president of the FCO. “In future, Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts. The combination of data sources substantially contributed to the fact that Facebook was able to build a unique database for each individual user and thus to gain market power.
“In future, consumers can prevent Facebook from unrestrictedly collecting and using their data. The previous practice of combining all data in a Facebook user account, practically without any restriction, will now be subject to the voluntary consent given by the users.” (Facebook forbidden from merging data from multiple platforms in Germany – Engineering and Technology Magazine)
“EU competition enforcers had said Google’s illegal practices included forcing manufacturers to pre-install Google Search and its Chrome browser together with its Google Play app store on their Android devices” (Google challenges record $5 billion EU antitrust fine – Reuters)
We talked about whether the prevailing approach in the US might ever change, and I remembered afterwards about this article that I read recently:
“In 2012, Facebook signed a consent decree with the Federal Trade Commission promising that it would give users clear and prominent notice and obtain their express consent before their information was shared beyond the privacy settings they had established. It now transpires that the FTC is likely to find that the company has violated that decree, which carries a fine of $40,000 per user per day.” (Long untouchable web giants know now what it feels like to be hunted – The Guardian)
We also talked a bit about the potential inequalities that might come with choosing to pay cold hard cash for services. Since then I read the Gizmodo “Goodbye Big Five” series and would definitely suggest reading it for a sense of how much of a monopoly the big platform companies actually have and how practical / feasible disconnecting is:
“So when I try to create a fourth folder in ProtonMail to organize my email and it tells me that I need to upgrade from a free to a premium account to do so, I decide to fork over 48 euros (about $50) for the year. In return, I get a 5 GB email account that doesn’t have its contents scanned and monetized.
However, I’m well aware that not everyone has $50 dollars to spare for something that they can easily get for “free,” so if that’s the way things go, the rich will have privacy online and the poor (and most vulnerable) will have their data exploited.” (Goodbye Big Five – Gizmodo)
“…I have the capacity to make this choice. I know a lot of people would like to sign off but can’t for financial reasons or practical reasons,” he tells me. “I don’t want to come across as chastising people who don’t make this choice.”
And there are definitely costs to the choice. “How things are structured determines the decisions people can make socially,” he says. “Like you didn’t get invited to a party [via Facebook] because you chose not to be part of a surveillance economy.” (Goodbye Big Five – Gizmodo)
(Door to Netnarr - stolen from the Netnarr website.)