Privacy and online data sharing is a journey into the unknown: report from QCon London

I’m at QCon London, an annual developer conference which is among my favourites thanks to its vendor-neutral content.

One session which stood out for me was from Robin Wilton, Director for Identity and Privacy at the Internet Society, who spoke on “Understanding and managing your Digital Footprint”. I should report dissatisfaction, in that we only skated the surface of “understanding” and got nowhere close to “managing”. I will give him a pass though, for his eloquent refutation of the common assumption that privacy is unimportant if you are doing nothing wrong. If you have nothing to hide you are not a social being, countered Wilton, explaining that humans interact by choosing what to reveal about themselves. Loss of privacy leads to loss of other rights.

image

In what struck me as a bleak talk, Wilton described the bargain we make in using online services (our data in exchange for utility) and explained our difficulty in assessing the risks of what we share online and even offline (such as via cameras, loyalty cards and so on). Since the risks are remote in time and place, we cannot evaluate them. We have no control over what we share beyond “first disclosure”. The recipients of our data do not necessarily serve our interests, but rather their own. Paying for a service is no guarantee of data protection. We lack the means to separate work and personal data; you set up a LinkedIn account for business, but then your personal friends find it and ask to be contacts.

Lest we underestimate the amount of data held on us by entities such as Facebook and Google, Wilton reminded us of Max Schrems, who made a Subject Access Request to Facebook and received 1200 pages of data.

When it came to managing our digital footprint though, Wilton had little to offer beyond vague encouragement to increase awareness and take care out there.

Speaking to Wilton after the talk, I suggested an analogy with climate change or pollution, on the basis that we know we are not doing it right, but are incapable of correcting it and can only work towards mitigation of whatever known and unknown problems we are creating for ourselves.

Another issue is that our data is held by large commercial entities with strong lobbying teams and there is little chance of effective legislation to control them; instead we get futility like the EU cookie legislation.

There is another side to this, which Wilton did not bring out, concerning the benefit to us of sharing our data both on a micro level (we get Google Now) or aggregated (we may cure diseases). This is arguably the next revolution in personal computing; or put another way, maybe the bargain is to our advantage after all.

That said, I do not believe we have enough evidence to make this judgment and much depends on how trustworthy those big commercial entities prove to be in the long term.

Good to see this discussed at Qcon, despite a relatively small attendance at Wilton’s talk.