This is a fascinating idea, arguing that we should shift our thinking about privacy and data away from “ownership.” Since owning / renting data doesn’t afford the privacy and agency control people actually want, the author argues for a broader set of rights
Clear, broad principles are needed around the world, in ways that fit into the legal systems of individual countries. In the US, existing constitutional provisions—like equal protection under the law and prohibitions against “unreasonable searches and seizures”—are insufficient. It is, for instance, difficult to argue that continuous, persistent tracking of a person’s movements in public is a search. And yet such surveillance is comparable in its intrusive effects to an “unreasonable search.” It’s not enough to hope that courts will come up with favorable interpretations of 18th-century language applied to 21st-century technologies.
A Bill of Data Rights should include rights like these:
- The right of the people to be secure against unreasonable surveillance shall not be violated.
- No person shall have his or her behavior surreptitiously manipulated.
- No person shall be unfairly discriminated against on the basis of data.
These are by no means all the provisions a durable and effective bill would need. They are meant to be a beginning, and examples of the sort of clarity and generality such a document needs.
I’d be open to more arguments for how to bring about changes like this. Broad, sweeping new regulatory concepts tend to be short on realistic implementation details, so the jury’s still out. But it’s a subject important enough to keep iterating on and thinking about.
To make a difference for people like Rachel, a Bill of Data Rights will need a new set of institutions and legal instruments to safeguard the rights it lays out. The state must protect and delimit those rights, which is what the European General Data Protection Regulation (GDPR) of 2018 has started to do. The new data-rights infrastructure should go further and include boards, data cooperatives (which would enable collective action and advocate on behalf of users), ethical data-certification schemes, specialized data-rights litigators and auditors, and data representatives who act as fiduciaries for members of the general public, able to parse the complex impacts that data can have on life.