Report: Human-Centered Digital Governance Trumps Corporate Competition
The EU Digital Markets Act should stress personal data protection over boosting competition among tech companies, a Global Initiative on Digital Empowerment report said. It proposed giving online users control over access to the personally identifiable information they create and letting them set the terms under which the data can be used legally. In return, users would have to ensure their data is accurate and verified by trusted third parties. The scheme could be based on the model of the domain name system (DNS) and could have implications for ICANN's Whois registration data debate, said co-author and former ICANN CEO Paul Twomey in an interview. Milton Mueller of Georgia Tech's Internet Governance Project, however, branded the idea naive.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The proposal recommends a three-tiered definition of personal data: (1) Official (O-data), the kind needed for entering into a contract or satisfying government identity requirements, would be controlled by the data subject but authenticated by a trusted third party. (2) Privy (P-data), which is about individuals but doesn't require authentication, would be divided into "first-party data" such as personal blogs or photos, and "second-party data" such as smartphone location data. People would be given "genuine control" over the former via negotiated terms by skilled representatives; second-party data would have to be used exclusively in data subjects' interests. (3) Collective (C-data), information data subjects agree to share within a well-defined group for well-defined collective purposes, could be shared through voluntary agreements or legally established democratic processes, subject to the same security requirements and restrictions on unpermitted onward transit since P-data currently is under data protection laws.
The DNS was used as a potential model, Twomey told us. It has centralized information about who holds the data (such as internet registries and registrars) and there are people who specialize in knowing who the customers are and in developing packages for them. The technical aspects of managing safe data transactions are already available, allowing data to be held by a smaller number of very secure companies.
Since the proposal centers on the issue of when someone can share data and how much more efficient it would be to let the consumer decide, it could have implications for access to Whois data, Twomey said. It would, for example, give a company access to personal data only when the data owner agreed on terms, and the data would come in encrypted, making it unattractive to cybercriminals. People might be more willing to share their Whois registration data if it's encrypted and scammers can't get to it, he said: law enforcement agencies, intellectual property rights owners and others seeking access could, however, sometimes be refused.
The proposal has met with positive responses from European business leaders and some politicians, Twomey said. The European Commission said it's doing "intensive work" to advance a "human-centered digital transition that leaves no one behind," including with international partners in the EU-U.S. Trade and Technology Council. EU digital targets for 2030 include a recently proposed declaration of digital rights and principles, and a data strategy focused on nonpersonal data, a spokesperson emailed.
The report is "naive political economy," emailed Mueller, a Georgia Institute of Technology professor and long-time participant in ICANN's noncommercial stakeholder community. He criticized the idea of a top-to-bottom reorganization of the "entire globalized industrial and legal structure of a techno-economic system that has been evolving for the last 50 years." Most of the world's population are avid users of internet platforms and derive enormous value from them, but the authors "characterize the current system as some kind of arbitrary imposition" on people that "can be dispensed with by waving a wand" that gives users control of "their" digital data despite that information being generated by and stored on third-party infrastructures.
The proposal assumes we can push the world back into traditional one-on-one market transactions in the digital economy, Mueller said. In a real market process that allows people to make exchanges, the distinction among O, P and C data "would break down completely."