In the digital age, our lives are intricately intertwined with the vast amount of data we generate, akin to footprints on snow. Every online interaction, every purchase, and every social media post leaves a trackable trail, which taken together represents our digital identity. This digital self, however, is increasingly under threat – from data breaches, surveillance, and the garden-variety usage to which we’re all accustomed: personalized advertising.
Against the backdrop of this landscape, the need for privacy has never been greater. A fundamental human right, privacy is essential for maintaining autonomy, dignity, and freedom in the digital realm. The ability to manage our personal information online, though, is not exactly god-given. Making informed decisions about how one’s information is used and shared seems to be reserved for the highly technologically literate, the absolutists who make privacy their passion project. Average internet users are basically prey for data vultures.
While some argue that privacy is a trade-off for convenience (Netflix recommendations, Instagram ads, etc.), the reality is that unrestricted data exploitation erodes our individuality and compromises our security. So, what is the solution?
The Illusion of Privacy in the Age of Big Tech
While companies like Google and Meta (formerly Facebook) may claim to prioritize data privacy, their practices regularly fall short of meaningful protection.
Although they admittedly offer auto-deletion of data after a certain period, this is a clever ruse: By the time data can be scrubbed, it’s already been mined and utilized to serve up targeted ads. Indeed, Meta was recently fined 1.2 billion euro for transferring EU user data to the U.S. for processing without ensuring adequate protections for people’s information.
There are other examples of subterfuge at play. Meta, for instance, allows users to export data out of the platform. Pursue this path, however, and you’ll quickly learn that porting data to another service is nigh impossible. Instead, you’re left with a series of complex files and computer-readable code of your FB history with no obvious way of importing it into another platform.
The same is true of other services. The idea of extracting your viewing data from Netflix and importing it into Prime to benefit from Amazon’s algorithms is still pie in the sky due to incompatible data formats and a lack of standardization.
Superficial concessions like allowing users to export their data speak to an obvious truth: Big tech firms recognize the appeal of user privacy/control and wish to make it seem as though they’re on your side. If you think big tech firms are more interested in protecting you than monetizing your data, I’m keen to sell you a unicorn.
Legislation like the General Data Protection Regulation (GDPR) was effectively introduced to address privacy concerns, but it’s safe to say it has failed to live up to its promise. A debate can be had about how well-intentioned GDPR was from the get-go, but it’s clear that it’s primarily become a compliance exercise for businesses rather than an impactful pro-privacy tool.
Despite elevating awareness about data privacy, the impact of GDPR on big tech’s practices and the overall protection of individual privacy is limited. There are several reasons for this. One is that users tend to simply click “Allow all” to the common cookie consent banner rather than laboriously go through the list of ad tracking networks and deselect those they don’t like. Others, who take a more bellicose approach, simply suppress the cookies using browser plugins. This, of course, is not the same as giving consent.
The sad truth is that people want more privacy the same way they claim to want to exercise more. The benefits of more exercise are beyond dispute, but motivating oneself to put in the work is another matter. It’s all aspirational.
Free Movement of Data
Data portability has emerged as a promising solution to data insecurity. The concept refers to the ability of individuals to move their personal data seamlessly between different online services, retaining ownership and control over it. By enabling data portability (“free movement of data”), individuals can favor the online platforms that align with their values and preferences while reducing their reliance on a single provider.
Data portability is possible through the use of Self-Sovereign Identity (SSI) and decentralized identity systems. SSI grants individuals full autonomy over their digital ID and personal data, enabling them to control their information, decide who can access it, and determine how it is used.
In combination with decentralized identity, SSI ensures that the individual holds personal data securely and privately. Additionally, a non-tamper proof is kept on a decentralized ledger, minimizing the risks of unauthorized access or abuse.
It is important to note that SSI is not a panacea for all digital identity challenges. Rather, it offers a foundation upon which data portability and privacy can thrive. By retaining a tamper-proof copy of your digital footprint (social media and browsing history as well as things like university degrees), users could themselves import their ID into platforms of their choice. Embracing such models could reduce the dominance of the big tech cartel that currently wields a disproportionate amount of power over our personal information.
The promise of data portability is acknowledged even by Google, who recently vowed to make it easier for users to export their personal data across different platforms. The concession came amid an abuse of dominance probe in Italy. But can we really trust Google? History suggests that we cannot.
Is Privacy Really Valued?
Sadly, when you drill right down, it becomes apparent that privacy isn’t valued to any great extent. Even the success of privacy-preserving tech like VPNs is more attributable to our desire to access geo-blocked content than stay off the radar.
For this reason, privacy can’t be the only selling point of SSI and decentralized ID. As mentioned, data portability is another notable benefit. The ability to carry your own data like a passport and move seamlessly between competing social networks and e-commerce platforms is an advantage most people would actually care about.
The counterargument, of course, is that data sharing won’t stop – and so the attack vectors won’t disappear either. Data autonomy will still require users to share their data with multiple services just to go about their day-to-day digital lives, and the risk of breaches will remain a clear and present danger.
In fact, if you make it easier for people to carry a portable copy of their data, they might actually share it with more companies than they do already. Thus, an argument could be made that removing the friction in portability might have unintended consequences.
Implementation complexity notwithstanding, the data portability and privacy offered by decentralized identity systems and SSI represents a serious step-change on the web2 model favored by today’s tech giants – one that could empower users and promote values of openness, transparency, and consumer choice. The key will be to educate users about the value of the technology and ensure it’s implemented in a user-friendly way.